New to Steem Series #1: My Number 1 Rule - Secure Your Owner Key. Failure to Adhere to This Rule Results in Massive Loss.steemCreated with Sketch.

in steemit •  7 years ago 

Hello Everyone

Welcome to Steem. When I first started with steem, I found myself very confused. Why do I have so many keys and what should I do with it.

Screenshot 2017-07-10 20.15.49.png

I bet as with everyone I started to use the password given to me by Steemit to login and out of Steem. It was only weeks later when I start to learn more about steem that I realized I am doing a fatal mistake.

Thus, I plan to let as many new steemian know about this as early as possible.

Super Powerful Private Owner Key / Master Password

Screenshot 2017-07-10 20.38.33.png
Image Credit

After much research, I learned that the private owner key or also known as the master password has a very powerful role.

It can essentially change your other keys. More about the keys later. This means that any person who gets hold of your master password can lock you out of your own account by changing the master password.

Once that happen, don't expect steemit to help you recover your account. The private owner key in crytocurrency lingua is like your Bitcoin's private key. Once somebody gets hold of it, he controls the fund in the account.

The beauty of blockchain is that there is no Central authority, so in essence, there is no one central figure that can ban you from your account. But because there is no Central authority, there is also no Central authority to recover your account if it gets stolen.

Thus, keeping safe the private owner key or master password is solely your responsibility.

How to Keep Your Private Owner Key or Master Password Secure

Screenshot 2017-07-10 20.32.10.png
Image credit

First rule is to not have a digital copy of it anywhere. So, the best is to print multiple hard copies of the master password or owner key and keep them safe.

One hard copy can be placed in your portable safe at home. Another hard copy can be placed at the bank vault.

Also, do not put your steem username on the hard copy. This way even if the thief got your hard copy, they find don't know your username. Make sure do not put the word steem on it so they won't even know what it is for.

You can also insert an extra letter at the end or at a predefined position by you. This will throw off the person who got your hard copy owner key. When you have to use it, just cancel out that extra letter when keying in.

After keeping it safe, you won't be using the owner key or master password anymore anytime soon.

So, Without the Owner Key, How do I Login?

In Steemit, if you are just posting blogs, voting and commenting, you can use the private posting key in logging in. Using this key, you don't have permission to your wallet. Thus, for me, it is the safest key to login. You can get your private posting key and private active key by going to your Wallet > Permissions > Show Private Key.

Screenshot 2017-07-10 20.15.49.png

From time to time, you would need the private active key to transfer steem to steem power, or to withdraw steem. During these times, you can login using the private active key. After your session, remember to logout.

For extra security, you can power up all your steem to steem power or to savings. When it is in steem power, you won't be able to withdraw it without a 3 month notice. With savings, you need a 3 days notice. Thus, even if the thief got your active key, you would know something is amiss when you see your steem power is being withdrawn. You can then use the owner key to change all the keys.

Conclusion

To keep your steem account safe, make a hard copy of your private owner key / master password and shred all digital copy of it. Only use the private posting key and sometimes the private active key in logging in.

-----------------------------
The New to Steem Series is a series of helpful guides to help those who are new to steem. With the large ecosystem of steem, it is becoming hard to comb through the documents in steemit to know which are important and which are outdated.

When writing this series, I put myself as much as possible in the position of a person new to steem and new to cryptocurrency in general. If you have any questions, feel free to ask me anything.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Ensure to set and follow best security practices to protect your digital assets...

How about storing your Master Key on Google Drive with 2FA enabled?

Not a good idea. Best place is off line. Of course if you are only keeping nominal amounts on Steemit then you can choose to risk it, but Google Drive isn't safe enough for money you don't want to loose.

What I find the key benefit of cloud storage is that it makes your life easier and you have access to your important stuff anytime, anywhere without hassle. Isn't that Google offers the most advanced online security? Thought they are the top notch on the field.

The whole point of crypto is that you hold your private keys. Putting them on google may be 6.5/10 safe but not as safe as you can get. Maybe its different with Steem, i'm new to the platform, but with my other crypto private keys i would never store them on the cloud. Usually on a hardware wallet like the Trezor. Another thing I thought of are the recent articles of people being frozen out of their google docs because of some sort of the content of their documents. I just think better safe than sorry.

THX for the informative post! 7-3's!

Thanks so much @gaman. I am learning new things everyday entering my 3rd weeks here. Will learn more from you. Have upvoted and followed you. Good Day Sir!

What a valuable post! Thank you for teaching me this! @gaman

Welcome to Steemit ! have fun with it. Followed. Follow me back 😘

Welcome to Steemit ! have fun with it. Followed. Follow me back 😘

nice post ...very useful

Thanks for this! You deserve an upvote! :)

Just up voted !!! This was actually really useful thanks so much !! 🙌🙌

hi @gaman. I really want to secure my account after the first three days of using it wrong.
But the master key that shows in my wallet is already different from the one I got the first day.
Does this mean my account is already compromised?

now I understand that what you see on the page is some sort of cover for the key.

Is the master key unchangeable? just the one you get for life, or is it to be changed.
It must be able to be changed, otherwise the thief couldn't lock one out. But I don't seem to have any option to change it.
I am still pretty confused, although I am certainly going to log out and then log back in with the posting key.
thanks for that much of a kick in the pants.

I finally got it together, have a new owner password, and am logged in with only posting key. Thanks for stirring me into action on this one.
It may be worth doing a more detailed post, although I am sure on exists somewhere.

You can create a post and share it with us!

lol, so much time has gone past that I have probably forgotten how to do it.

Goodness! And I thought the initial password generated by steemit was already a handful to copy down. Thanks for this post! It is really good information.

I need a real guide for steem power, ´cos Im very lost

Thank you for share,
The first step you give me I have done, for the next please guidance
@gaman

Heeyyy super helpful posts! It has been a little bit difficult for me to understand how steemit works, so I'll keep following your posts!

While I'm still a minnow, I hadn't quite taken seriously the consideration that someone might come after my account, but now that I think about it, if I ever become a dolphin or whale, it might make me more of a target, so better start playing it safe from now. Good tips, friend.

Didn't even know I could login with the posting or active keys...makes sense now actually.

Finished doing away with all digital copies of the master key, now just gonna use the other two.

Kudos to you for making this post and making this information known to us. Cheers m8, have an upvote =)

Gracias @gaman por tus sabios concejos, voy a estar pendiente de tus post para seguir aprendiendo, un abrazo amigo.

Awesome. So is the master password the one I am using now? Because I have not yet seen the private posting and private active? Really useful man.

You are such a nice person @gaman you are helping new person here your hospitality exceed any other. Thanks for this article of yours.

Nice

Excellent essential article, thanks for writing it!

Thanks for the great and important security tips. Its super important to apply them

Speaking of security, there is a mobile application called steepshot. When I enter my password, it says invalid, and I do not understand because it is the same, the same code that was sent from the first time to my email. Who could help me with that?

I do not know if this helps, but the original password does not allow access to other apps. Try using your posting code to enter as password. I hope this helps

()

Thanks for this info sir @gaman, with this my account would be safe ^_^.

I wish I know this before my account was hacked. But know I regained it, I will try to be more careful now.

Thank you man, am a rookie and I have learnt a lesson from your tutorial. What an awesome write-up.

As a new steemian, I didn't know all these. I thought I can always use my owner master key to login anytime.
Thanks buddy for this useful information. Tips like this is very necessary for beginners.

Apakah bagus untuk newbi melakukan steem down?

thanks for this article

thanks for this helpful post

Thanks for the info

Nice post

Thank you sir! It is really helpful! :)

I was so busy getting my operation off the ground when you were making your first posts that I never got to upvote or esteem these articles and I wish I could go back and #resteeem old posts that are deserving such as this one @gaman!

Welcome and Thank You for being with us!! Following your Blog now

I like this post, keep up the good work! You are following me so check out my update post to vote for topics you want covered!

I have a back up of my master key on an encrypted hard drive btw, do you think that is save enough?

Keamanan adalah prioritas utama, maka harus di jaga sebaik mungkin. Terima kasih telah berbagi

Thanks ! Very helpful.

Very helpful, thanks

Hi @gaman thanks for this post though I still have a few questions and would really appreciate some help with this.

  1. The password that was given to me when I first registered - is that THE master password?

  2. If the above is true then what is the difference between THE master password which was given to me in the beginning and the owner key listed in permissions? Also could they then be used interchangeably to do wallet transactions?

  3. Also I tried logging in with my private key for posting & voting and I can still access my wallet and permissions?? Is there something that I am missing here? Because when I try to log in with the public keys it says that I need a private key to login. Can I just see my wallet but can't really do anything with it?

Thanks in advance for all the help

thank you, for warning key safe steem

Great post!!!

OMG! Thanks for that post.
I did the same mistake and logged in with my master key.
Thank you, thank you very much.

Thank you for this share. I will read this lots of time.

This was helpful!

Danke, wichtige Hinweise.

This is really sound like a good initiative to helping new members am glad I found a platform like this, am a new member so I have resteem this post and as well followed you
Hope I will qualify.

Am really confused now. How will i see my master key so as to copy it out into a hard copy. Pls guide me.

Hi Gaman.. am a newbie in cryptocurrency specifically steem. I just like to as.... which is better... converting sb to steem or just leave sb to grow without converting it to steem? What is steem? What does steem or steem power do to your upvotes or your reputation? I hope you enlighten me about these matters. Thank you.

Another questions for you gaman ... what does resteeming do for your acocunt and the other account? What will happen if you resteem article or your article is resteemed? Thank you.

Thanks for the update. I would say, having a backup, in the cloud like Google Drive. Is also very safe.

Wery good post 🔝

This was super helpful. Thank you such much. I was wondering what all the different passwords were for.

Thank You for this very helpful post. What you are doing is really a service for newbies/'minnows'. Even though I had read more than once about this multiple key issue, it just felt like too much overhead for me to take the steps. Your post makes those steps like paint-by-number you can do it!. So Thank You!

@griffindeva @monicamcguire Listen up about these #KEYS to protect your proverbial 'Door of Possibilities'!

Pic: San Francisco 'Door of Possibilities'

Door of Possibilities.jpg

thank you for sharing this info! I understand this process clearly now.
Glad to have found you here on Steem :-)
Blessings to you and please come by and follow my journey sometime.

Thanks for the article. I was still using my master password and thought the other keys were just for using third party services. Will do hard backup now and use keys for login in.

Thank you for this informative post. I just got active on Steemit and it seems quite overwhelming to me. So I appreciate you taking time for us newbies! Cheers

Hi,
How do I get my active key for transferring steem for upvoting?

Good post. Some topics I'm interested in learning are:

How to use the different kinds of bots and bid bots. I notice a lot of people use them. The basic ones I understand, but the bid bots I don't understand how the bidding works and when you know it's a good time to use them.

I don't really understand how leasing and lending things works, like leasing SP or putting SP up for lease, and how that translates in money and power and influence.

I'm interested in understanding how some of these bloggers will be blogging making $3 every day and suddenly jump into the $400 range. It's very strange. It seems like one day they're all posting at nothing and before you know it, their payouts change drastically.

I'm interested in understanding how to contribute articles.

Did you start a discord channel?

I would love to say i understand all this but in all honesty, this is totally confusing. I'm going back to read up on steemit rules and security all over again..

I follow

I follow you

I just found your old post.
Would you mind if i resteem it? I found this info very useful as I myself didnt pay much attention to safety of my own account on steemit (I wish they would add 2fa authentication).

Yours,
Piotr

Gaman? I always ask people about permission to resteem. hope to heaar from you

Nice post

Nice post

Nice post

Question. You've resteemed two of my recent articles and both times there is a bot that shows up, telling me that you are a bad spammer! Is this for real or what? I read a couple of your articles and I don't see any issues. Is the bot a troll against you or what? Just trying to sort this out. If you are on the level I will follow you.

this is very useful article thanks!