Renzo's guide to password security - A MUST-READ!

I've been around for some time and just because of that, it is no surprise that I come across several STUPID questions being asked.

If you ever heard the phrase: "A stupid question is the one that is never asked".
Let me tell you something, internet is a TOOL. As such it has other purposes better than searching for porn!
95% of the stupid questions, can get a very complete answer by typing "whateveryouwanttoknow steemit" at google.

Yes, there's plenty of stupid questions, yet, there's other questions that require a deeper tutorial. I haven't seen any "pasword security" tutorials around, other that ones involve using "lastpass" (a third party program, made by somebody you do not know, with a code you cannot read: Would you give the keys of your house, address included to a locksmith you do not know?). This, is very insecure! You never know when a third party you rely on for your security can have an underpaid employee or a "hack" (*wink* *wink*) that compromises all its users.

1st rule, trust no one.

It is a sad part of human nature: People will take advantage whenever it is possible to get away with it with no consequences, what a bunch of sons-o-bitches.
Even when third party tools are meant to make your life easier, the risk factor of trusting in them is too high for my liking, all it takes is a minor glitch and several thousand's of people lose their login credentials.

Not trusting in anyone includes family, friends and acquaintances. Given the right conditions, excuses, and potential reward... PEOPLE WILL SCREW YOU OVER.
This means: Do NOT save your password in the computer! Do NOT save it at your google account (this would break TWO of the points here!) giving access to your account to anyone that gains control of your nice cloud-based android mobile. Do NOT trust anyone!.

Then, what should you do?

Use your frikkin' brain

By this, I do not mean that you should memorize your hell-o-long WIF key (yet, we know that this is a great idea and perfectly doable thanks to mnemotechnic).
But, if you do not have the skill to do it, it is not hard to safeguard your password in a frikking piece of paper, in your wallet, in your pocket!
While ALSO saving a few copies of it at several locations.

Encryption and obfuscation, the last line of defense.

Yes, someone may "find" one of those "backup pieces of paper". That someone "may" know about steemit, and know that "that" is the KEY to open the vault where you're saving money to be able to finally fulfill your project (whether it is buying a Japanese sex-doll or finally upgrade your hardware to be able to work online as 3D animator; it does not matter). If that happens, THAT PERSON WILL SCREW YOU!

Here's where you "really" have to use that chunk of electrically charged meat that you haven't roasted because you're using it.

Encrypt it!
You can do so with several methods, a "simple" one, is saving a RAR/ZIP file on the cloud, password locking the file as you create it, that, you should ZIP/RAR again, under ANOTHER password... (do it as many times as you wish). There's also several tools that you may use available online, yet... trust (?).
So, what if RAR/ZIP encryption is ever compromised?
USE YOUR BRAIN
Who told you that you have to save the raw password?

A simple example:

Lets work over a sample password:

P5Example1paSsWorD9tHat6we1wilL2uSe5fOr5thiS7aRticLe
(Don't ask me how I did I made it match the correct length, I've a skill for those sort of things).

Of course, not a single smart being would ever dare to save the password raw! First, we should clear the recursive data: all of this keys start with "P5", take them out.

Example1paSsWorD9tHat6we1wilL2uSe5fOr5thiS7aRticLe

Second, there's no need to keep a standard order of reading, lets reverse it!

eLcitRa7Siht5rOf5eSu2Lliw1ew6taHt9DroWsSap1elpmaxE

Third, we are still under a basic obfuscation here, what about Caesar ciphering it? Use as "shift" any number you're fond with (68, in this case: You blow me, and I owe you one).

Vordgcv1grJjNfiU9kYrk6nv1nzcC2lJv5wFi5kyzJ7rIkztCv
(Note how the numbers remain in place)

Again, mess it up a bit: Add 1 to each one of the numbers, if it becomes "10", make it a "0".

Vordgcv2grJjNfiU0kYrk7nv2nzcC3lJv6wFi6kyzJ8rIkztCv

I'm not happy... lets reverse it again!

vCtzkIr8Jzyk6iFw6vJl3Cczn2vn7krYk0UifNjJrg2vcgdroV

Now, we can take that string of "text", and save it in a txt file, better yet: Embed it inside an image as part of the EXIF data.
Now, the password became THIS:

You can see the EXIF directly HERE

---

You can do whatever you like with this image, rar it under password, or publish it: Hiding in plain sight. You can split it in two parts, for an extra security layer (be sure to add some junk text in the part you do know is not relevant to hinder any potential thief's "job"

---

With this, what do I want to say?

If someone gets your WIF key and "hacks" your account, the entire responsibility lays on you. You have the tools to make it harder to crack than my grandma's ass... You just don't use them. Don't be a lazy fooker, play safe!.