Steemit Wallet Tips

in hive-123507 •  4 years ago 

The Steem wallet is different from other wallets that have a secret phrase of 12 letters and a 23 place password. Steem has those two firms of security, but Steem has some special features that limit the number of times you use your master password phrase to zero and instead gives you other passwords yo use for activities you do a lot; like a posting password for posting. You will use this a lot, but it can’t be used to move your Steem so it’s great that you use it. Then there’s a special password for moving Steem around, the active password. You rarely use it, so it is safe due to infrequent use. Additionally if you want to send memos you don’t use any of your important passwords, you use a completely different password which is just good for signing memos! So as you can see Steem and Steemit have a unique for of security called multiple function passwords.

Based on this concept I have the following tiles for you to follow to safeguard your passwords and your account.
)

Security Rules for your Steemit Account
1 Save your master password and keep it somewhere safe.
2 Log in with the lowest level password your posting key.
3 Use your active Key only for money transfers or voting.
4 Use your master or owner password only for changing your passwords or recovering a stolen account.
5 Never paste your passwords into Memo boxes and always doublecheck what you have copied and pasted before checking the OK box.
6 Log into your account using the key with the appropriate permissions for what you are doing:

0511393F-CEA6-41A1-BA24-0C9F3AA0C4CE.jpeg

Review Steemit multiple passwords or keys.

Types of Keys

· Posting Key
· Active Key
· Memo Key
· Owner Key
· Master password

Posting Key
The posting key is used exclusively for submitting posts, applying upvotes and downvotes, selecting and deselecting followers, muting accounts and claiming reward balances. The posting key is the safest way to log into an account. It limits the privilege of the person using it to functions that do not have access to the wallet, thereby maintaining the safety and security of the tokens. The posting key offers the safest way to access your account on a regular basis and it is recommended that you develop the habit of using it as your primary way of logging into your account.

Active Key
The active key should ONLY need to be used to confirm transaction or trades or change user settings. Do not use your active key to log in for posting and upvoting on a daily basis. Use your posting key instead.

Memo Key
The Memo Key is used for handling private messages and encrypted transaction memos.
The memo key is the only key that can encrypt and decrypt private messages sent and received via your account.

Owner Key
The owner key is the key with the highest privilege level. It is the key required to change all the other keys. This is the key that should be most carefully safeguarded against loss or theft. With this key your account can be completely taken over by a malicious party. Loss of this key severely limits the operation of the account. The owner key is not directly visible on the steemit.com website but can be derived from the master password using the CLI Wallet or an API Library like steem-python.

Master Password
The master password is used to derive all keys above.
A hashing function calculates the corresponding private and public keys from the master password, the account name and the key type ("posting", "active", "owner" or "memo"). Having the master password enables to retrieve all private keys of an account.
See CLI Wallet's get_private_key_from_password or steem-python's steembase.account. PasswordKey() on how to derive the keys.

Don't use the master password to log into steemit.com or any other steem application. Never copy the master password into posts or transaction memos. Use the lower privilege keys to maintain the security of your account.

Conclusion:
Steemit is a unique cryptocurrency because of its multiple passwords provide protection for your cryptocurrency Steem and Steem Dollars that other crypto currencies don’t provide. First, let me put these password protections into perspective by explaining that most crypto currencies have one password. This is usually called your “Private Key”. So if someone gets your “private key” they can transfer your cryptocurrency out of your account into their account and steal it. Once your cryptocurrency leaves your wallet no one can make them give it back. However in the case of Steemit our cryptocurrency is protected by four passwords. Normally a cryptocurrency wallet has one password used just for transferring money out. Steemit has four passwords and two of them are for transferring money out and one can be used to reset all four passwords. So you can keep your most important password safe, the master password and use the other passwords to perform other functions.

✍️ by Shortsegments

References

  1. Steemit White Paper
  2. Steemit Blue Paper
  3. Steemit FAQ
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Greetings appreciated Sir @shortsegments.

What do you think about the use of Steem Keychain? I have been using it for some time.

This tool is an extension that is added to your browser and allows you to use your passwords in a practical and efficient way.
The weakness lies in the dilemma of supplying or not, your master key to an application made by third parties.

I think it is suppose to be an improvement over steem connect, but I need to learn more about it's vulnerabilities before I start using it. I agree with your concern about supplying my keys. I like the security theme of Steem and Steemit to use my posting Key the most and my other keys very rarely.

In fact, steem slightly increased its security level a couple of HFs ago, preventing us from logging in with the master or active key, if not required.
I mean, if you try to log into your blog and put the active key in, you won't be able to log in.

That is important. Although in a way it reveals that Steem knows all our keys. What do you think?

I agree with you completely. The last HardFork increased security. It was easy to overuse the Master Password as your only password for multiple types of signings. But at significant risk of account loss before that HardFork.

There was a lot of speculation about this (account loss) when the snapshot for Hive occurred.
Many recommended changing the keys, I did not.
I don't know how real this supposed risk could have been.

I was not aware of any risk associated with the snap shot preceding the HardFork. I will look into it.

In my opinion, this was only part of the media discredit war that occurred back then. Both sides tried to discredit themselves. Within everything that happened, this rumor emerged.
I did not change my passwords.