The Ultimate Safe Password Formula!

cryptogee (75) in steemit • 6 years ago

I messed up!

I did it again!

But out of that comes a really good formula for keeping safe . . .

I've been thinking of this one for a while, it hit me on a bike ride the other day.

Not a car or anything!

Rather a way of keeping the things I treasure most safe and sound away from horrible people who want to make me cry by stealing my sh*t.

First let me tell you about something that you should know about, which you probably don't if you are a new member of Steemit, and maybe if you're not so new!

Beware Of Memo Fraud

Unfortunately there are people out there whom instead of working and busting their ass to make it out of whatever crappy situation they're in, prefer to use their energies to find out ways to steal from others.

These people have varying degrees of success using these tactics, sometimes they get caught, sometimes they don't. I'd love to believe in Karma (in fact I used to), however good things do happen to bad people, and bad things happen to good ones. I've seen it too often, and it makes me sad and angry.

I've seen it here on Steemit, and how these bad people steal people's accounts has been in a number of ways. One of the most sneaky ways your account can be compromised is through memo fraud.

Memo fraud is whereby somebody running a script that they have either coded themselves or bought from an equally nasty person; usually referred to as a hacker, uses that code to scan for things that have been copy and pasted into the memo section on your wallet.

Of course we all make mistakes, and some clever little oik, worked out that often the mistake we make is pasting our master password or active key into the memo space.

They can then scan and copy that password and voilà! They steal your password, your account, and ultimately all your funds :-(.

Cry Me A River

Make no mistake, once this has been done there is no way to get your account back, because of course the person doing so will change your password immediately, and your account will become their account.

There will be nothing left to do but to cry, and to ask others to cry with you . . . I've seen it happen and it is not great.

The Ultimate Protection

The best way to protect against this of course is to not paste your active, owner, or master password into this space. However mistakes are made, as I myself did this morning.

As you know if you have ever transferred money out of Steemit, your account requires you to use your active/owner key to complete the transaction, so it is only natural that as you do this you will copy the key from wherever you keep it.

Thus it is easy to make a mistake and paste into memo if you're not paying attention to what you're doing.

Nowadays as you paste your password in the Steem engine does warn you not to do this; however my (scant) understanding of this, is that once you have done it, the thieves can detect it pretty much immediately.

So the ONLY PROTECTION is to change your password IMMEDIATELY. Not tomorrow, not later, not in five minutes after you make that cup of tea NOW!!

Damn it, that needs one more exclamation mark . . .

NOW!!!

Got it?

Good.

The Status Quo

OK, onto my really great formula for keeping your Steemit account secure.

Do it anyway!

Yup, it's as simple as that, change your frigging password once every four weeks or so. Man if you're super paranoid change it everyday.

If you're a coder, code a piece of software to change it every hour!

Haha, maybe that's going a bit too far, but the point is that if you get into the habit of changing your password once a month, the chances that someone will get hold of it diminishes. (###### note: this is probably a great idea for a piece of software, however I don't think I would trust something like that unless I coded it!)

Beware Of The Phishers

Of course changing your password regularly will not help you if you blithely paste it in anytime any Tom, Dick, or Harry asks you to.

I trust Steemit with my password, and Steemconnect (just), and Steemconnect only ever with my posting key, which if somebody steals, they'll be able to post for me, until I notice and change it.

So with all that being said . . .

Stay safe people!

DO YOU HAVE GOOD PASSWORD HABITS? OR MAYBE YOU HAVE AN AMAZING ONLINE SECURITY SAFE PRACTICES FORMULA THAT YOU'D LIKE TO SHARE WITH THE REST OF US?

DID I USE ENOUGH EXCLAMATION MARKS (!!!) IN THIS POST? AS EVER, LET ME KNOW BELOW!

Title image: Mike Kononov on Unsplash

Cryptogee

steemit steemsecurity steemit-issues steempasswordsafety

6 years ago by cryptogee (75)

$40.11

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!

Sort Order:

Trending

[-]

rodneysreviews (52) · 6 years ago

Wow, I know you're serious when you say to change your password even before a cup of tea. Interrupting a morning cuppa is serious business indeed!

Thanks for the warning about the potential for a memo faux pas.

On another note, I'm pretty sure I read an article about Jayna recovering her account even after her passwords got nicked. I'm not suggesting it was easy, just that I think she managed it. :)

$0.26

1 vote

[-]

cryptogee (75) · 6 years ago

Yes, I have heard of such wizadry, however like you suggest it is not easy and it could take days, enough time to steal liquid rewards. Plus of course I know many more people who've been locked out forever.

Best to assume that you will never be able to get it back, that way you'll act in a super paranoid and conscientious manner :-)

$0.26

1 vote

[-]

emmakkayluv (58) · 6 years ago

Hmm, I am a victim of your post with my first steemit account @emmakwisequote. That account was hacked and stolen from me for up to five days before I was able to access it. It's a pity I later lost that account in February as a result of my damaged phone.

Changing your password often is good, but ensure you keep saving it where it is secured. I changed mine after I recovered it from the hackers, but I forgot to save the new password in a save place, so when the phone got damaged, I lost my password with it.

Now, I don't just change my password, I also save it in a secured place each time I change it.

$0.25

1 vote

[-]

cryptogee (75) · 6 years ago

Yes, storage is a whole other issue, always got to keep those babies safe, I actually (for the first time) printed mine out, as I noticed a new print icon on the password page :-)

$0.00

[-]

cryptogee (75) · 6 years ago

Oh and sorry to hear about your account :-(

$0.00

[-]

emmakkayluv (58) · 6 years ago

Hahahhaha... The babies needed to be kept save indeed.... Mine is also saved on all my emails address

$0.00

[-]

wentong-syhhae (50) · 6 years ago

There are various ways to regularly generate secure passwords. One I can think of is to use an out of print book that has NOT been scanned by Google (Good luck!)

Throw a pair of dice 12 times to choose 12 different pages in said book. Then choose random sentences on each page to generate a base key for that month:

"Some people Embrace a Religious life Out of A desire To live" -->
SpEaRlOoAdTl

Analysis:
SUBJECT = Some people
PREDICATE = Embrace a Religious life
PREPOSITIONAL PHRASE = Out of A desire To live"

Add three 3-digit random numbers, one before each phrase = 778 644 914

778-Sp,644-EaRl,914-OoAdTl

Don't lose the book and don't let your significant other throw it away!

$0.23

1 vote

[-]

cryptogee (75) · 6 years ago

Ooo yes, I like that one! I mean even if you use popular books, you could still come up with an unbreakable code. For instance you could have 4 popular books which you randomly assign numbers or letters to.

So as simple as books 1, 2, 3, and 4, or more obscure like B23, X4, i17, and H22.

You then can use those as the values to your keys, so H22 -357-2-2 could be the second word of the second paragraph of whatever book you assigned H22.

As long as you remember the book values, you will be able to work out the keys pretty quickly.

To make it even more secure, there is a hidden value within the value, so book H22 meant that you take the 3rd letter of whatever word the key is and so on.

I like it, I think I will try this one :-)

$0.00

1 vote

[-]

natureofbeing (69) · 6 years ago

never enough exclamation points for this :-))
thank you!!!!!!!!!!!!!!!!!!!!!!!

$0.21

1 vote

[-]

empress-eremmy (65) · 6 years ago

Am always afraid of changing mine for fear of losing it. I guess I have to do it now

$0.00

[-]

emmakkayluv (58) · 6 years ago

Ensure, you save it in a saver place outside steemit each time you change it, their is nothing to fear about changing your password, in fact it is good in securing your account.

$0.00

[-]

bozz (70) · 6 years ago

The good thing about Steemit is the keypairs it generates are random so changing it so frequently isn't a huge deal. Some groups actually now discourage against frequent password changes in other applications. The reasoning is that the more often you have to change it the more annoying it is for you and the more lax you get in creating said password. Thus you tend to use something that is easy to remember and change, but also easy to guess or crack. I agree with you though, we all make mistakes, but we should all also be changing our keys more frequently. Especially when there are actual funds tied to it.

$0.00

[-]

cryptogee (75) · 6 years ago

I know I'm paranoid, but am I paranoid enough? :-)

$0.00

[-]

bozz (70) · 6 years ago

Good point! You might want to start changing your keys every minute just to be safe :)

$0.00

[-]

cryptogee (75) · 6 years ago

Now that's the kind of level of paranoia I can live with! :-D

$0.00

[-]

old-guy-photos (73) · 6 years ago

Well one tip is to keep most/all funds in SP. Even if they get your active key, they can take the steem and SBD, but they have to power down the SP. You should be able to recovery control using your owner key before they can get the SP out. NEVER USE YOUR OWNER KEY. Also 99.9 % of the time you should be using only your posting key.

$0.00