Bluffer's Guide to Steem - Knowing Your Keys & Account Security

in OCD5 years ago (edited)

Bluffers Guide to STEEM  Keys and Account Security.jpg

STEEM Simplified

It's a steep learning curve joining this platform where everything has different names compared to conventional social media and there's seemingly a stronger emphasis on account security compared to anywhere else!

Passwords aren't called "passwords" in these parts but rather, they are called "keys" and you have multiple keys for doing different things and you shouldn't use this password compared to another password... a bit of a headache already isn't it?!

Well, this is where the Bluffer's Guide to STEEM comes in to help simplify all these concepts that you will come across when you start out here and guess what? It's all done using PLAIN ENGLISH. Wait, what? Yes! Words that can be understood by a a normal person, like me (although technically, I'm more of an eccentric mad scientist) and of course... MEMES 😁!

Nonetheless, by the end of this blog (and the series so far), you'll hopefully be in good stead to make the most out of this platform, have a better idea to make sure you're in control of your account and most importantly, have fun! Speaking of fun, it's time for the disclaimer...


Before I begin, I want to emphasise that this is a highly simplified version of what I have learnt from my own research and I'm sharing my learning with you. If you do know this topic inside out, be nice to those who are still learning about this (myself included) and we can grow together.

Furthermore, this is not financial advice and I am not a financial advisor. I am a crypto/STEEM enthusiast and wanted to create a guide to help total beginners understand what this is all about. Please seek financial advice from a qualified professional if you have any doubt about how to spend your money.

So with that said, brace yourselves, you might learn something! Shall we begin?


Keys, Glorious Keys

You'll see this word a lot in the crypto world, including the phrase "not your keys, not your crypto" (if you haven't already). What this boils down to is basic account management and online security, which I do cover in Chapter 3.1 of the Bluffer's Guide (see contents at the bottom of the blog), but if there's one message to take from all of this is that DON'T LOSE YOUR KEYS!

image.png
Alicia Keys "joke"...

What Are "Keys"?

Similar to how you'd get in to your bank account or your social media profile etc, you have PIN numbers, passwords, memorable names, places, dates etc. You need these to log in, otherwise, you're locked out. In crypto world and Steem, these things are called "keys" and you won't be able to access your account if you don't have them.

What's more, cryptocurrencies are all about giving ownership back to the people (and cutting out a 3rd party) so you really are in full charge of your account. However, this also generally means that if you lose your keys, it's impossible to get your account back so it's worth repeating - DON'T LOSE YOUR KEYS!

image.png
Never Again...

Thankfully though, Steem has something called "Account Recovery" which we'll cover later on but you may have noticed when you signed up that there's "public and private keys".

Public vs Private Steem Keys?

"Public keys" you don't really need to concern yourself with as these are more for the database (aka blockchain) to know which account did what transaction and when.

The important passwords you need to get access to your account are called "private keys" and these are the ones you want to keep in a safe place. They are easy to differentiate between the public keys as they start with the number 5 and there are 5 different keys that you will need to know about, each of them with different levels of access to your account.

image.png

Private STEEM Keys

Posting ✉️

The "Private Posting Key" is what you will be using the majority of the time on Steem. It's the lowest level access to your account and allows you to write a post, comment, resteem, vote on content... basically, anything social.

Active 💰

The "Private Active Key" is the next highest level access to your account and is what you use when you want to do anything related to your wallet such as sending STEEM/SBD, buy or sell STEEM/SBD on Steem's internal market, power up/down or for other activities on the network such as vote for witnesses, make profile changes or create a new user token.

Owner 🗝

The "Private Owner Key" is what you need if you wanted to change your posting, active and owner key itself. In other words, it's one of the highest level access keys to your account and is really important if your account fell in to the wrong hands through some phishing scam or other unfriendly method as you'd need this for account recovery purposes. You should store this key offline as much as possible.

Master 🔐

The "Master Key" is your last resort for your account. Once you have been given it on account creation, NEVER USE IT AGAIN! Keep this in the absolute safest place imaginable as if you lose this, you really can't be saved. You will need to log in first and foremost to see what your other private keys are but once you have all of the ones above, keep this offline - handwrite it as paper can't be hacked online!

Memo 📝

I have never used this but if you wanted to send someone an encrypted memo through wallet transfer then I believe you type "#" followed by the message in the memo. Then you'd use the private memo key to encrypt and the receiver would use their private memo key to read your message (but may need correcting on this).

paragraph devider.png

Account Recovery

In traditional, centralised social media, if you forgot your password, you would usually click on a "forgotten password" button, then you'd get an email with a link to click to reset your password and you can rest your weary heart. Phew! 😅

However, with Steem, we don't have that so much. If you set your account up with steemit then they would be the ones to speak to to recover your own account but what if you wanted to have a different account that you trust to help you out in time of need? This is where you would nominate a recovery account to call upon should your account get hijacked.

image.png

Setting A "Recovery Account"

You can do this on @steempeak by clicking "Actions" --> "Keys & Recovery" --> "Change Recovery Account" (as shown in the screenshot below). I've changed my recovery account to one I trust and as you can see, the process takes 30 days to complete for security reasons - I guess in case you didn't make the changes yourself and it gives you enough time to see what's going on.

image.png

When you click on "Change Recovery Account", this will then create another pop up box asking you to enter the account you want to help with your account recovery and your "Private Owner Key".

So, I guess the question is, who do you trust that will be there to help you recover your account? You may want to speak to them and ask them if they'd be OK with it before activating the change.

What If My Account Has Been Compromised?

Firstly, keep as calm as possible and get in contact right away with the person in private to see if they are available to help you.

Secondly, follow these instructions from fellow steem user @abitcoinskeptic, which detail out in a clear, step-by-step guide on how to do it (not bad for a non-Bluffer if I do say so myself 😃)

paragraph devider.png

Staying Safe - Keychain

Your account safety is THE most important thing but thankfully, some clever wizards have developed a browser extension called "Keychain" which is available on the Chrome store here - thanks to @yabapmatt for this one!

What Keychain does is keep your posting, active and memo key safely stored in your browser behind a password protected plug-in which appears in the top right of your browser:

image.png

All you need to do is create a password yourself so you can log in to the extension, then go to settings (the four squares circled below) and it's as easy as 1, 2, 3!


2 - Manage Accounts - to drop those private keys in (except your owner and master keys)
3 - If you needed to change your Keychain password, you can do that here.1 - Add Account - this will be your "@username"

image.png

image.png

The reason Keychain is more preferable is that you don't need to keep putting in your private keys every time you want to log in to say @steempeak to view content on the Steem network. It's effectively an encrypted password storage plugin and allows you to just carry on doing what you wanted to do in the first place - enjoy being on Steem... but safely of course!

Cat Image Source

Concluding Thoughts

So there you have it, a few key pieces of information here to make sure that you keep safe when using Steem. It may sound daunting at first but you will get acclimatised the more you use it and remember - keep your owner and master as safe as can be - i.e. NOT online!

Hopefully you have found today's blog useful and understand the importance of how the different keys and levels involved with managing your steem account work.

If there's anything you'd like me to cover next time, let me know!

As an aside, I don't work for Steem, I'm just a guy who makes Drum & Bass music, writes travel blogs and these Bluffer's Guides from time to time, trying to make STEEM as prosperous as it can be for every one so we can all win.

Now, back to the music studio 😉

Nicky

Source

All memes made by me at https://imgflip.com/memegenerator, gifs and images credited where appropriate

For those what wanted to see the body of work behind the Bluffer's Guide, these are most of the posts I did (some of the platforms I reviewed in Chapter 7 have since collapsed, under delivered or lost their way). Enjoy 😃

Contents

  1. Welcome

  2. The history and technology of Bitcoin
    2.1 How and why did Bitcoin come in to existence?
    2.2 How does Bitcoin & blockchain actually work (Part 1)?
    2.3 How does Bitcoin & Blockchain actually work (Part 2)?

  3. Buying Bitcoin
    3.1 Being secure with cryptocurrency & wallets
    3.2 How to Buy Bitcoin & How Exchanges Work

  4. Definitions of common phrases

  5. Portfolio Management

  6. Cryptocurrency News Outlets & Fluctuations in Price

  7. Blockchain Platforms for Musicians & Music Fans

  8. STEEM
    8.1 The Rewards Pool, Upvotes & Downvotes
    8.2 STEEM, SBD, STU, VP, SBD...WTF?
    8.3 Getting Started, Networking and Growing Your Account
    8.4 Keys & Account Security (you are here)

  9. Concluding Thoughts (never getting here)

Sort:  

This is the sort of guide we need. Even I struggle with some of these concepts after years on Steem. Steempeak should have a help page that links to this.

Haha you and me both but writing them out helped a lot for my own understanding!

@SteemPeak are free to use these descriptions or page if they want to in their help page. I'm building up the Steem related section bit by bit so if there's any other suggestions to include then I'll try to write another guide.

Witnesses will be my next topic I think

Your bluffing just gets better and better! And I mean that in the best way possible, haha! Not much to say yet again, but thanks for sharing another really thorough post with some tips that we can all appreciate. Glad to see it getting some good support so that many people are able to see it! Speaking of, need to resteem this myself...

Hahaha thanks P2P, bluffing my way through these guides is something I take great joy in doing and glad others find them useful and entertaining too! Thanks for resteeming as well 😊

Clear and well-writen guide for me to refer back to in my time of need. Thank you!

Thanks for checking it out and glad you found it helpful! If you have something else you want explaining, let me know. I think the next topic will be "witnesses" as I think it's mostly been overlooked outside of recent times!

Thanks for putting together all this info to simplify things for beginners on Steem - Buffer's Guide to Steem!

You're welcome @porters and thanks for the comment - really glad you find it useful and hopefully when we start getting more people on the network, they won't be nearly half as lost as I was when I first started 2 years ago!

Good guide thank you for information
$trdo


0.12985313 TRDO0.08656875 TRDO curation in 3 Days from Post Created Date!Congratulations @avare, you successfuly trended the post shared by @nickyhavey! @nickyhavey will receive & @avare will get

"Call TRDO, Your Comment Worth Something!"

To view or trade TRDO go to steem-engine.com
Join TRDO Discord Channel or Join TRDO Web Site

Thanks a lot for checking it out and really happy you found it helpful 😊

Good guide. Thanks for mentioning my post.

I'm now recommending that one changes their PW after changing recovery account or whener owner key is used (normally to change pw so no need there).

I also wonder if master key is neccessary for anything but generating new keys. I guess in the odd even you misplace the paper your owner key is on but not the master(keep these on the same paper).
The only case I can realistically see it being handy is if you write out your owner key and screw it up, you can try the master instead of the owner (saved my butt once, so I print now),

Yea always worth changing everything when you use the owner key or master. They are sacred basically!

If you have forgotten your keys or if you wrote down everything incorrectly,except your master pw, then you will need it to log in to see your keys on steemitwallet (happened to me recently as I also wrote down my owner key wrong so had to change). Then you will need to change your keys straight away.

Thanks for checking it out.

I think from a technical view, when Steem ends up being compatible with a hardware wallet, the master key may also be necessary to continually generate the other keys. However, I'm unsure if I would want to use that for more than storing my owner key because using it is a bit of a pain.

I think if that would happen with integration with hardware wallet then you probably would want to have the master password as your private seed wouldn't you? It would be the ultimate last line of defence. The owner key may then have to just be changing posting, active, memo and owner keys whilst leaving the master as just that.

That way the owner becomes the one that continually changes? Not sure the technical side of it but that makes more sense to me and keeps in line with other hardware wallet usability?

I believe you are correct and there is indeed a way to change the owner key without changing the master KEY. For example the hardware wallets usually use BIP-39 (i think), it's combination of 24 words from a list of 2048. However, the master PW on steem can actually be anything (use the random generator). So yeah, it could generate an infinite series of keys. But this is why it is difficult to program. It better indeed meet cryptographic standards when generating new owner keys.

Sheesh! I wish that I'd have had access to a post like this when I signed up for Steem nearly 3 years ago. Having had to go through a process to get new keys...and not knowing understanding what I was doing, was nerve-wracking to say the least.

Great addition to the Bluffer, @nickyhavey.

You and me both Fiona! Hopefully newcomers will find this beneficial and won't have to figure things out for themselves in a long drawn out way like we did haha!

Any ideas for next topic? Witnesses? #justsuggesting

This came right in time little bro! Probably you were influenced by my stupid messages about how to change my recovery account or passwords lol.

But a few minutes ago I just managed to change both the passwords and recovery account and I'm so happy now! Thank you so much for all your help, you are a genius!! :D

Haha well you gave me the final kick up the ass to get this blog done and think it's important now more than ever given the current situation to assess account security.

No such thing as a stupid question here, it's a steep learning curve and even people who have been around for a couple of years like me, find it a challenge sometimes but once you get passed that initial curve, then you can focus on creating the content or playing the games etc.

Awesome work on the account recovery and keeping your keys safe! I'd recommend using keychain as well if you aren't already little sister!

Steem on (or whatever we'll be called next haha)

Bookmarked this bro.
Thanks and happy travels!
Blessings!

Goodness, it's the legend Mr Papillon Charity! Hope all is well your end and glad you found this helpful! Take it easy and hope you're coping in the heat!

Now Doctor Nicky, here we go again hahaha
All is as well as it could be at this end, if you consider three, 2 and a half powercuts a day, a corrupted government, and services to the public all falling apart. The heat is now slowly abating, as thankfully Autumn is approaching. The leaves are starting to fall, just like my hair fell out some years ago. And our short Winter is on Autumn's heels. These are the times that I love...and Spring.
I am too old to get excited anymore in hot Summers, and hiding in my house like a tortoise.
All of the best to you my friend.
Blessings

Considering all of that, you're a remarkably upbeat person and like the poetic description of the balding process! I think Autumn is slowly arriving on hairline Havey as well!

Keep up the postive vibes man, we need more of that around the world hey!

Guess what, it's better with less hair, as Marian puts the hair cutting machine on No. 2 and cuts my locks twice a month.
No need for a comb or brush in the mornings and sheer bliss.
Positivity is a good virus doctor Nicky!!!
Blessings!

You might be right there, grade 2 on the clippers is a simple enough one although I think I'd have to do a grade 8 for mine. Haven't got the face for a skin head... maybe I'll just wear a hat all the time!

I like your positive virus, let's hope that becomes contagious too 😃

Ha! I wear a hat (cap) every day since childhood my friend.
A habit that was formed on the farm where I grew up to protect us from the African sun. That's why my brain is still fairly new and unused Lol.
Take care!

If only somebody wrote such a guide when I first found this platform. now everything is so easy with keychain and steempeak. Keeping this bookmarked. If any beginner asks me anything over at discord Ill have this to give them to.

I know how you feel mate! It's been a learning curve all the time here at Steem but with all that's going on, it seems even more relevant to create these guides!

Thanks a lot for stopping by and commenting, appreciate it 😁
Yes keychain and SteemPeak, you really have a winning combination there and with more front ends and games popping up, some of these keys are pretty much hidden from sight and aren't needed. Think the easier each front end's userface can be made, the better all round.

TBH I've read countless other guides. Halfway through I either lost interest or forgot whatever the author wrote in just the previous paragraph as they try to jam in everything at once. Yours is so simple to read yet so informative. It was a pleasure. Kudos to you..🙂

Thank you so much for the epic feedback! That's exactly what I go for with these guides, educational and a bit of entertainment so it doesn't feel like a chore reading it! Makes the effort worthwhile 😊


Your post was mentioned in the Steem Hit Parade in the following category:Congratulations @nickyhavey!

  • Pending payout - Ranked 10 with $ 38,84

Wow, nice one! Thanks @arcange!

So for those that can't remember where they put their master key info, then what?

I've been using keychain since it came out. Useful thing that is, although I wish I could go to the market through that but hey, this works anyways.

If you lose your master key then if anything happens to your account and you need the master key, you're out of luck. Hopefully it can be found!

As long as you still have your posting and active keys, you can do all you need to do to use steem... Just don't click on any suspicious links in memos or comments.

I never have and never will. I know in put it in a book so I don't lose it but it's been so long... Can't remember what book and what I did with it 🤣 I always manage to find a safe way and to also forget that safe way. Sigh

Haha well just don't throw away any books ever and you will be guaranteed to still have your master password somewhere 😁 super safe haha

Great guide. Very helpful
Thnx for sharing this
Kudos 😀😉

You're most welcome and thanks for checking it out! Glad you found it useful!

You're most welcome and
Thanks for checking it out! Glad
You found it useful!

                 - nickyhavey


I'm a bot. I detect haiku.

!ENGAGE 25

Thanks man! 😃



25 ENGAGE
View and trade the tokens on Steem Engine. @nickyhavey you have received from @rentmoney!

<hr /><center><sup>This tip bot is powered by witness <a href="https://untersatz.steem.design" target="_blank" rel="noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">untersatz!<p>

0.12985313 TRDO from below listed TRENDO callers:
Congratulations @nickyhavey, your post successfully recieved

0.08656875 TRDO curation@avare earned :


To view or trade TRDO go to steem-engine.com
Join TRDO Discord Channel or Join TRDO Web Site

Nie mogę wprowadzic kolejnego posta na mojego bloga. Nie wiem dlaczego. Wczesniej myslalam, ze chodzi o to, ze zbyt wiele osob polubilam, zostawialam komentarze, wiec czekalam az bede miala 100% niestety nic to nie dalo

 5 years ago  Reveal Comment
 5 years ago  Reveal Comment