Steem Key Management
To keep your Steem account secure you must save your master password and keep it somewhere safe. The master password is used to derive all keys for your account, including the owner key. If logging in with your post key, make sure you don't overwrite or misplace your original master password.
The Steemit FAQ explains why the password is long and random for maximum account security. There is no way to recover your account if you lose your password or owner key! Because your account has real value, it is very important that you save your master password somewhere safe where you will not lose it.
It is also a strongly recommended that you store an offline copy of your password somewhere safe in case of a hard drive failure or other calamity. Consider digital offline storage, such as an external disk or flash drive, as well as printed paper. Use a safe deposit box for best redundancy. @xeroc's post on a Steem Paperwallet Generator is an excellent resource.
In June 7th 2017 @noisy found a flaw in design that made his cousin accidentally pasted his own password into wrong field (a memo field), when he made a transfer. He wrote a script and warned all steemians caught in the same mistake.
If you don't manage your keys correctly, you are putting your account at risk.
If you get hacked you are giving them access to every key you own on steemit. Loss of your keys will result in loss of access to your account. Keys should be stored privately and safely.
Types of Keys
- Posting Key
- Active Key
- Memo Key
- Master Key
The posting key is used exclusively for submitting posts, applying upvotes and downvotes, selecting and deselecting followers and muting accounts.
The posting key is the safest way to log into an account. It limits the privilege of the person using it to functions that do not have access to the wallet, thereby maintaining the safety and security of the tokens.
The posting key offers the safest way to access your account on a regular basis and it is recommended that you develop the habit of using it as your primary way of logging into your account.
The active key should ONLY only need to be used to confirm transaction or trades or change user settings.
Do not use your active key to log in for posting and upvoting on a daily basis. Use your posting key instead.
The Memo Key is used for handling private messages.
The memo key is the only key that can encrypt and decrypt private messages sent and received via your account.
The master key is the key with the highest privilege level. It is the key required to change all the other keys. This is the key that should be most carefully safeguarded against loss or theft. With this key your account can be completely taken over by a malicious party. Loss of this key severely limits the operation of the account.
Don't use the master key for posting, or funds transfers. Use the lower privilege keys to maintain the security of your account.
Please expand upon this subsection.
Locating Steem Keys
Your steem keys are found in your wallet under the permissions tab. At https://steemit.com/@yourusername/permissions. Substitute your actual username for yourusername in the example shown.
The page will look something like the image on the right.
Securing Your Account
- Secure your main password you made when first signing up somewhere no one will find it.
- Show Your post private key by clicking the button and copy to a place no one else can find it.
- Show Your active private key by clicking the button then copy to a safe place.
- You can copy the memo private if you need to but you likely won't need it.
- Now copy your private posting key and use that as your password to login.
Once logging in and going back to the permission page it should look like this.
- Steem.io : https://steem.io
- Steem Dynamic Accounts Permissions : https://steem.io/documentation/dynamic-account-permissions/
- Steemit FAQ : https://steemit.com/faq.html#How_can_I_keep_my_Steem_account_secure
- @pfunk : A User's Guide to the Different Steem Keys or Passwords, June 2016
- @xeroc : (Paperwallet) Easily secure your account with Steem Paperwallet Generator, August 2016
- @steemitguide : Everything you need to know about Steemit's Permission Keys; Posting, Owner, Active, Memo! Digital Passwords with Unique Functionality, that allows you to Securely connect your Steemit Account with Third-party Services January 2017
- @ramblin-bob : How I nearly lost my Steemit account (and all my STEEM) - A WARNING, February 2017
- @smi : IMPORTANT !!! Vulnerability in password protection for accounts, February 2017
- @sassal : How To: Keeping Your Cryptocurrency Safe, April 2017
- @good-karma : Steem private keys analogy, May, 25th, 2017
- @noisy : We just hacked 11 accounts on Steemit! ~$21 749 in STEEM and SBD is under our control. But we are good guys So... June, 7th, 2017
- @anarchyhasnogods : Keeping Your Steemit Account Password Secure June, 13th, 2017
- @noisy : Public and Private Keys. How they are used by Steem. June, 15th, 2017
- BTC News : Steemit Investigates Security Breach and Theft of $85000 in Steem Written by Gautham N, published in 7/15/2016
- Softpedia : Steemit Social Network Hacked, User Funds Stolen, DDoS Attack Ensued Written by Catalin Cimpanu, published in 7/18/2016
| Help keep this wiki page updated. Register, click in edit, add or modify the text and save. |
If you're already a steemian you can be rewarded with steem, see how in @steemcenterwiki.