Vlog #20: Secure your Steemit account by logging in with your posting &#x27;password&#x27;.

bart2305 (60) · 8 years ago

Thanks for the tip. Never realized that.
On the other hand, if you want to redeem rewards, or upgrade your Steem to Steempower, you need the other key anyway.

$1.78

exyle (79) · 8 years ago

Thank you! I forgot to mention the redeem rewards part. Thanks for pointing that out.

$0.00

s3rg3 (67) · 8 years ago

Thanks for explaining. Do you think some Steem is already locked in accounts, of where users had lost there passwords already and therefore that Steem will never be available anymore for anyone?

$1.52

3 votes

exyle (79) · 8 years ago

Yes, I think this is possible. If you can't login to your account then the funds are there forever.

$0.03

gigafart (57) · 8 years ago

Crypto and security go hand-in-hand. I'm definitely going to teach the Steemit key hierarchy to the users I invite. Thanks for the tips!

$1.48

4 votes

lucashunter (58) · 8 years ago

I'm definitely going to teach the Steemit key hierarchy to the users I invite.

That is a good thing to do, I can't imagine how it would feel to loose one's steemit account after all the hard work. Terrific!

$0.00

exyle (79) · 8 years ago (edited)

It's good information to know! and Thanks!

$0.00

chessmonster (68) · 8 years ago

I definitely trust you @exyle that you know what you're talking about. But I wonder how many Steemit accounts are presently being hacked, if any. I know when I first signed on last July, many accounts (including mine) were hacked, but Steemit fixed the problem, returned my Steem, and my account was restored. Since then, I haven't heard of any problems.

I would take the steps you suggest but I'd be afraid to make a mistake, or not fully understand what I can and can't do if I make the change. For instance, can I still claim rewards? Or would I have to switch back and forth between passwords in order to claim them?

$1.48

exyle (79) · 8 years ago (edited)

Just an example I come up with.

Someone installs a keylogger on your PC. You log in with the password that gives you the highest permissions. Now the 'hacker' has this password and can change the password of your account. You are locked out forever.

It's just bad practice to log in this way because it's not necessary at all.

Because you are more familiar with the platform I guess it's alright for you to log in with your 'active key'. This will give you all the permissions that you will ever need. And if this one gets stolen then you can always fix things with your owner key or the password they gave you when you created your account.

I hope this was clear. If not. please just ask.

EDIT

Just a sidenote. if you use the active key and it's stolen then any Liquid Steem / Steem dollars can be transferred.

$0.37

chessmonster (68) · 8 years ago

OK...you convinced me...I'll try it. What have I got to lose, right? 🤔

$0.00

juansero (43) · 8 years ago

Wow! I always logged in with the key I wasn't supposed to... Thanks for the info bro! Up!

$1.17

3 votes

exyle (79) · 8 years ago

Thank you!

$0.00

stolk (46) · 8 years ago

Thanks for the tip! Did it right away!

$0.90

exyle (79) · 8 years ago

Thank you!

$0.00

hms818 (61) · 8 years ago

Thanks for sharing important security tips.. will definitely follow them.

$0.88

exyle (79) · 8 years ago

Thank you, man!

$0.00

lucashunter (58) · 8 years ago

Securing the main password is a steemian sole responsibility. What I do is to back up all my passwords in My cloud drives and also a flash drive that is secured.

Thanks for this tutorial

exyle (79) · 8 years ago

A double (secured) backup is always smart! Good tip.

$0.00

rymlen (68) · 8 years ago

Dankjewel! So where did we recieve the "master password". Is that one sent to you in an e-mail? Signed on a few month's ago and don't really know where i left it.

exyle (79) · 8 years ago

You signed up in September 2016. I'm not sure if they sent a mail back then. When I signed up that wasn't the case yet (July 2016). So if you don't have an email it's the one you got when you created your account.

$0.00

callmefib3r (55) · 8 years ago

Thanks for this helpful post. Security is key. Resteemed.

exyle (79) · 8 years ago

It is sure a good thing to think about! It's really important. Thank you!

$0.00

josteem (58) · 8 years ago

Gr8 as usua @exyle
:)

exyle (79) · 8 years ago

Thank you so much!

$0.00

starkerz (65) · 8 years ago

Great post @Exyle!! Much appreciate the info, upvoted 100% and resteemed!!

exyle (79) · 8 years ago

Thank you! That's very nice of you to say!

$0.71

jacobt (58) · 8 years ago (edited)

It's worth mentioning and pointing out that this only provides security against someone who has access to your browser/system, or somehow an XSS attack occurs (probably more likely). Another possibility is that you install a rogue browser plugin, but I believe that there will be some scoping layers of security there, regardless.

It does not provide any security against your master private key being exposed elsewhere, as someone can still access your account/wallet on the blockchain from another location .

$0.28

nomi2233 (49) · 8 years ago

i like it and your work is very nice

$0.00

parkermorris (49) · 8 years ago

Love this! Thank you so much! This helped a ton! :) account security is key!

$0.00

steveitt (53) · 8 years ago

When I go to Steemit I'm automatically logged in (I assume with the "dangerous" password. So I must "sign out" and then on again with the "posting" PW (which is safer).

Right? Thanks for the info and I am following you.

$0.00

steveitt (53) · 8 years ago

I do have my orig. PW written down & locked away... :)

$0.00