Steemit Passwords / The Ultimate Guide To Key Safety
With the influx of new users who aren't necessarily crypto savvy we have noticed many members are not being safe with their keys so we created this handy little guide to keep your account super safe. The Steemit password system is tiered so you should be using certain keys for certain things for maximum safety. Your passwords can be found by clicking on Wallet > Permissions
The Different keys and what they do
The Master/Owner Key
Upon account creation you will be given a master password. This is the one that starts with a P. This is essetially the key that controls and allows you to change the other ones. It is the one key to rule them all. You need to keep this one safe.
When you create your account you should immediately save the master key on a document and store it on a usb key. Also write it down by hand and store it in a safe place. This is the only key you have at the moment and Steemit will ask you to use it to login so you can access your other keys. Be 100% sure you have done this step correctly before moving on.
After completing the next step you should keep this key offline. You can not have enough back ups of this one and you should never, ever use it to login! This key is only needed to regenerate all new keys and if your account gets hacked you will need this password to attempt account recovery.
Next login using the master password and click on wallet > permissions. Here you will see all your keys. Copy each private key (by clicking the show private key button) onto your document, double check each one and make sure you have no copy pasting errors.
To reiterate, you should now have your master key copied down by hand and stashed away and you should have a copy of all your keys on a usb key. Keep a document on your desktop for the posting key only and include the account details you used to sign up (phone number and e-mail address).
The Private Posting Key
This is the best key to use for day to day Steemit activities. It allows you to post blogs, comment, vote and follow. If someone gets a hold of this key the worst they can do are the above actions. If you need to use a third party service it is best to only give this key.
The Private Active Key
This key is a step up from the posting key as it allows you to do all the things the posting key does but you can also transfer funds, use the internal market, delegate and vote for witnesses. This key should be kept very safe as well and only used for these actions.
The Private Memo key
This key allows you to decrypt encrypted messages sent to you via the wallet
Tips for keeping your account safe
- I said it above and I'll say it again, keep your master password safe and offline
- Only use the lowest security key for what you need to do, ideally this should be the posting key for daily activities and the active for money transfers
- Upon account creation make sure to save all the keys in a safe document and make multiple backups (keep at least one version offline incase your computer explodes)
- If you regenerate a new master password it will also regenerate all new keys, make sure to copy these into a document as well.
- Be aware of phishing attempts, there have been numerous cases of spammers leaving links in comments to fake steemit sites that ask you to login. At the least only give your private posting, but please try to verify if the site is safe before giving any keys.
- If you feel your account is compromised it is probably best to regenerate new keys, make sure to follow all the steps above for safe keeping.
I can't login! What should I do?
Take a deep breath and don't panic. The most likely cause of this is a copy paste error. Sometimes you may be picking up a space before or after the password and Steemit will not accept that.
Occasionally Steemit decides to be a jerk (we are in beta after all) and gives this error for no apparent reason. Try again and be sure you are copying the full password correctly.
If you have been saving your password in the browser you can follow these steps to find it on google chrome. If you are using another browser just google the directions.
If all of these fail and you have exhausted all the options you may need to use account recovery. You will need to enter your previous master password so this only works if you have changed the keys and if you made your account through steemit: https://steemit.com/recover_account_step_1
If you created an account using anonsteem or another service you will need to look up the directions for recovery using that specific service.
We want everyone to be as safe as possible when using Steemit so please take your online safety to heart. If you have helped new friends sign up make sure they are informed! Stay safe and happy Steeming!
Is it safe to keep logged in account with master key
You should not be logging in with your master key at all, please read the post it clearly states this!
If you're brand new and all you have is the master password (which I assume is the same as the master key?) but you're not supposed to use your master key to log in, then how do you log in? If the master key is not the same as the password I was given when signed up, then what is it and how do I create it? Thanks.
Thanks for the helpful information cheers mike
Thank you for this article, which very well sums up what I did not know when I was new (which is less than 2 months ago....).
Although it might be a little bit off topic, but one should maybe also mention that it is another great safety measure to power up and store Steam Power. As this is not transferrable, it also cannot be stolen. Somebody who stole your active key would first have to power down to get the money - and this could be easily detected by you.
Super important to check all links thoroughly before clicking them! Verify that it's actually a legit website!!! Don't get owned.
Thanks for the tips, new users need to know how to not get their accounts compromised, with a $ value attached to every account it's much more enticing to others to try to compromise your accounts here than on most other social media! (Unless you're a high powered celeb or politician)
Yes this is very important I agree there are way too many scammers and phishing sites out there.
Nice post...
Thank fot sharing...
Please upvote my post...
Thank you! This has been very helpful and imfortamative. :) Resteemed!
Very beautiful post and we always wait for your post because your post can make us motivated and support us who are still beginners in order to make a post like you
Thanks for this guide.
One thing that has always confused me is a SteemConnect authorization page for some apps that says you are authorizing a "posting role", then asks for your active key.
Can you shed any light on that in terms of permissions?
Confusing for me also
it's about time a major steemit entity reposted about this, i made a small post about it a few days ago / something that should def be front and center / peace
I have been seeing a number of users with little understanding of this over in PAL it was definitely time to out out a guide :)
One of the most useful posts on the platform .
Really !
Thanks @minnowsupport