Secure your Steemit Password with LastPass.

in #security8 years ago

lastpass-steemit-password-protection.jpg

A Tragedy has Occurred in the Steemit Community and It Brings Up an Important Subject.

You must secure your Steemit password in a safe place. Recently @holgermarkgraf a long time Steemian had a tragic accident. His house burned down and he lost his computer along with his Steemit password. Now he can't access Steemit and his Steem.


Link to the Story

This is Holgers Wallet.

RAW Consciousness-@holgermarkgraf-Steemit.png

100% of the Steem Dollars earned for this post will go to Holger to help him in this difficult time.

If you want to donate feel free to send me the Steem Dollars and add in the memo that it is for the Holger relief fund.

Why Use LastPass to Secure Your Steemit Password.

I have been using LastPass for years to hold all of my passwords. It is a Google Chrome extension that also works on other browsers. When I log into Google Chrome from any computer in the world my passwords are there. If Holger used it he would still be able to access his Steemit account.

Some Crypto Currency enthusiasts might disagree with me about using a cloud based service to store my passwords. I do it because it simplifies my life. It also keeps hackers from logging passwords using keyloggers. I only input a password into Lastpass one time. I believe the more security we have the better off we are. This is just one more layer.

So set up your Lastpass today and you won't have to worry about a fire, theft of your computer or any other reason you could lose your password.

Sort:  

Hey guys, this is Holger. You guys are amazing, I am so thankful for your solicitiousness, participation, comments and resteems. Me and my family are good, except we've lost nearly everything, except our lives, which is the most precious and only important thing. I can build up a new steemit account and start again, only that all my pictures, poems, notes and writings are gone. But still have my pocket cam for future work, isn't that great?!
Please resteem this post and subscribe to my new account. I have only bad internet access but I will do my best to write a new introduction post in a short while.

This was my last post as holgermarkgraf:

https://steemit.com/introduceyourself/@holgermarkgraf/my-1003rd-post-and-999th-follower-my-journey-with-steemit-and-the-inspiration-you-gave-me-i-want-to-say-thank-you

So stay steemed!

Love, Unity & Abundance







@ratidor, @anomaly, @steemettes, @alterego, @matrixdweller, @jamielefay, @tyrionlannister, @always1success, @instructor2121, @sergey44, @doubledex, @beanz, @bleujay, @bjornbm, @allgoodthings, @stephen-somers, @allesgruen, @pilgrimtraveler, @steemitrecipes, @anwenbaumeister, @nebcat, @liberosist, @mynomadicyear, @dailynews1. @pickoum, @valtr, @future24, @taxidermy183, @nogano, @runrudy, @jonjon1, @nin0000 and @xcepta @lovejoy, @mallorca, @haster, @pilgrimtraveler, @goose, @darkminded153, @klanet, @sarita, @hilarski, @seljalex77, @lajulius, @marinabogumil, @orcdu, @felixxx, @whiskylover, @food-creator, @unipsycho, @pfunk, @bujar, @lunnettik, @inphiknit, @mcsvi, @condra, @meli, @dreamstream, @z3r0d4yz, @jasminchen, @brookeloving, @kathasisdrill, @heroic15397, @realmeandi, @achim86, @meesterboom, @walden, @juanmiguelsalas, @leumasvi6, @exploretraveler, @shieha @mcsvi, @kennyskitchen, @mindhunter, @siavach, @thecryptofiend, @pfunk, @mallorca, @uwe69, @valtr, @lunnettik, @matrixdweller, @anwenbaumeister, @dreamstream, @dek, @dimplesdiary, @norbu, @virtualgrowth, @mrs.steemit, @lukewearechange, @daveks, @gringalicious, @witchcraftblog, @sulev, @leumasvi6, @ipumba, @aksinya, @better, @heiditravels, @blinova, @pollux.one, @shieha, @andrew0, @mathitravels, @luvvn, @knozaki2015, @charlieshrem, @piedpiper, @papa-pepper, @smooth, @fabio, @ned, @dan, @ben, @berniesanders, @val-a, @dantheman, @tombstone, @enki, @unhorsepower777, @jamtaylor, @winstonwolfe, @samstonehill, @emperatrix, @fyrstikken, @alienbutt, @elyaque, @rigaronib, @sirwinchester, @good-karma, @krnel, @kyle.anderson, @rivalhw, @chrissysworld, @uwelang, @varda, @kobold-djawa, @untone19, @beginningtoend, @lastminuteman, @lordemau, @zuch.media, @surfermarly, @evehuman, @michael-a, @silviabeneforti, @kuvo, @krystle, @summon, @pharesim, @jaki01, @budgetbucketlist, @eric-boucher, @teukumukhlis, @the-future, @homeartpictures, @smooth, @sandstorm, @kevinwong, @detlev, @luzcypher, @tfeldman, @lk666, @tita09, @brian-rhodes, @rizkiavonna, @woman-onthe-wing, @shady, @tarazkp, @vannour, @pepe.maya, @shortcut, @playfulfoodie, @ericvancewalton @pollux.one, @abdullar, @andrew0, @papa-pepper, @vip, @gammagooblin, @alexoz, @shaka, @celsius100, @future24, @chamviet, @mysacredflame, @xochicotta, @rappiro, @steveo, @sonyanka, @ervin-lemark, @norbu, @steemswede, @montreal32, @wilmaballsdrop, @uwe69, @razvan1997, @khaledriad, @manosteel211, @knight-angel, @acehtour, @roswellrockman, @joanaltres, @irldreamer, @edtorrez, @carlobelgado, @jimmco, @arnoldwish, @makki420, @theodosis63, @grildrig, @firepower, @trevonjb, @horgan @dimimp, @evehuman, @unhorsepower777, @allmonitors, @krasotka, @floridagypsy, @ebargains, @mycrostock, @powercouple, @sulev, @supercoin, @aiqabrago, @anahilarski, @rivalhw, @homeartpictures, @crissysworld, @sunscape, @siavach, @jaki01, @asmolokalo, @sift666, @lastminuteman, @lordemau, @snowflake, @shaka, @alienbutt, @azfix @evimeria, @uwelang, @surfermarley, @silviabeneforti, @kuvo, @achim86, @martinmooney, @schamangerbert, @teukumukhlis, @felixxx, @hellena, @elements, @danieleder, @immarojas, @thevillain, @radiv, @lakshmi, @followseveryone, @soundlegion, @eddy001, @franserra1, @eralepepon, @frans10, @norellyg, @anceane, @nicetea, @sandstorm, @jamesbennet, @evalight, @detlev, @lynx, @azzurra92, @lichtblick, @thejohalfiles, @liberosist, @old-guy-photos, @acidyo, @luzcypher, @tfeldman, @roy2016, @lrock, @aksinya, @gardnercalibuso, @snowflake, @kondrat, @skrt, @sarantopoulou, @sochul, @anton-kostroma, @jacobts, @torkot, @stephenkendal, @bunnychum, @valtr, @rasvictory, @shortcut, @arjane, @tecav, @pitterpatter, @azonnevald, @fulltimegeek, @hammadakhtar @steemsports, @knozaki2015, @gavvet, @krnel, @ozchartart, @curie, @ericvancewalton, @stellabelle, @doitvoluntarily, @sirwinchester, @papa-pepper, @kevinwong, @thecryptofiend, @craig-grant, @steemtrail, @jrcornel, @opheliafu, @sweetsssj, @dantheman, @macksby, @sauravrungta

Holger

How is your account powering down ? It only happened within the last 10 minutes. Same time you were here posting this.

Edit: My bad, I saw an old powerdown completing, not a new powerdown starting. Sorry for your loss, and I'm following your new acct now :)

I don't have access to my former account @holgermarkgraf I started powering down some weeks before our house and my PC burned down.

Apologies, I just figured out that the operation that happened a few minutes ago was the deposit from the earlier powerdown and not a new powerdown being triggered. Sorry, will edit my post

Hey, this is really unfortunate what happened. Glad you are thinking positively about it.

If you want to start a re-post series of the posts you already had on that account, I'm sure the users on my trail would understand why I would be supporting them with a % of my votes. I hope other curators want to help out as well!

Ok, I have 104 SBD to send to your new account. I did not see your new one before putting it into savings. As soon as I get another payout I will sent it to you within 24 hours.

Saving your password to anything electronic be it in the cloud, on some paid subscription site etc. is a no-no! especially when it can be hacked. Note not "if" but "when". The whole internet is compromised with the recent release of various hacking tools from the various agencies.

You must save it offline and preferably in hard format and kept in a safe place. Maybe a safe place would be in your physical wallet where you keep your credit card and fiat currencies, it is one of the things that you always keep safe and not far from your person.

Of course you can be pickpocketed, so have a copy somewhere else at home. However to be extra safe, of course never keep you login name on the safe piece of paper.

LastPass is pretty good. I haven't been a big fan of cloud services though. I personally use Keepass which works on Android, Mac, Windows and Linux. I enter all passwords into Keepass on my Android device first, then copy the 'keepass.kdb' to my other devices. Since I usually have my phone where ever I go, I just open up keepass droid and enter in my password manually if needed on a device that I don't own. A little extra step, but a hell of a lot more secure.

Keepass looks good, but can it help you in a case of fire or if you get mobile stolen? They dont brute force passwords out of it, sure, but if you had passwords saved only on those two spots, you still lost everything.

So what is the trick?

Should I put one in a safe vault?

The 'keepass.kdb' file needs a password to open it. So, if you're worried about your house burning down and you trust google, you could keep a copy of it in Google Drive. If someone hacked your email account, then they'd have to brute force it.
You could also keep a copy on a USB stick and leave it in the care of someone you trust (mom, dad, sister, brother, friend etc). Even if they tried to read your passwords they couldn't open it unless they brute forced it. I guess how far you wish to take security and safety precautions is entirely up to you.

Thank you alexwyn!

I'm not sure I would use a cloud base service for my passwords, what I do is that I keep my passwords on a separate hard drive or usb, although a fire could burn it all down 😵

well that is part of the issue at stake and why he is suggesting a cloud based service

🍒 I will consider it seriously :) but for now, I will use a USB backup.

Good Idea

Very sorry to hear about this tragic story, always keep your secret key at different places. Centralization is always vulnerable to this kind of instances.

For the security-paranoid like myself you can also secure your LastPass with a Yubikey. You can even use multiple Yubikeys so if you lose one or your house burns down, you have another elsewhere. The key alone does not grant you access to the passwords, you have to use it in combination with a password.

You need a premium subscription but it's ridiculously cheap.

My friend just ordered a bunch and is giving me one. I look forward to trying it out.

But how about in email? isn't that safer than last pass for instance?

No way, that's EXTREMELY unsafe. Emails are like postcards. Every postman who carries it can read it.

Nope, don't ever do that.

Fantastic. I use over 85 different passwords and so far I have been using a very complex password manager. This is better. Switching now... Thank you very much.

Shared and followed.

Please consider supporting me..

https://steemit.com/gaming/@dracosalieri/creative-assembly-why-dost-thou-bestray-me

Aw that's awful, hope he is okay.

I've been using the "Vault" feature offered on Norton Security firewall products. It does store them in the cloud with just your one Vault password to access, but also automatically fills in all of your logins for you if you want it to.

This would have been helpful when I lost my password. Poor guy.

Wow... that super sucks for Holger; hate to see something like that happen. I've always felt hesitant about cloud-base password keepers... a bit of the old "every time we make something idiot-proof they build a better idiot" paranoia... these things are allegedly hacker proof, until a better hacker comes along. But the alternative isn't so great either.

It this point, my backup password files are on thumb drives in three different physical locations. But it still makes me nervous...

Resteemed! Great initiative this is really amazing that you are doing this.

Thank you for the Resteem. This is why I love our community. We can come together during time of need.

wow. Im so sorry that happened. Thats freaking sad. I feel so bad. I wish he couldve had a backup option before that happened. Ill pray for his health, wealth, and being. I hope everything works out for him. Good luck and Ill be praying.

Sad news for sure. Thank you for your concern@hilarski. Revealing a solution and the on going discussion brings some needed awareness to the posabilties of prevention. Boost: upvote and resteem

IMO Steemit.com should do an integration with LastPass. Get every user using LastPass by default. The even more security paranoid could still use other options if they want to.

Thanks for the recommendation. I have been using a password manager for over 10 years now and was thinking it was time to upgrade to a more compatible one. I also just read this article that recommended your pick as well. Here is the link for anyone considering a PM: http://thewirecutter.com/reviews/best-password-managers/

I didn't know this existed! Great to know! I too often get messages from people regarding losing their Steemit password. I'll have to get on this! :)
Very sorry to hear about Holger.

Yup, get on it and never worry again.

muy buena publicacion

That's a bummer. Can the account be recovered? I know it's not so easy on Steemit.

We need unique passwords for each site and Lastpass helps me to do that. You can use 2 factor to make it more secure.

There is no recovery without password.

Best chance is that the hard drive is still in good enough shape that it can be scraped for data.

Not sure if it can be recovered. Yes 2fa is one more layer of security.

Thanks

Thanks for the advice, Randy! I've been looking for a place to store my passwords and will find it in LastPass.

Upvote in support of Holger, sorry to hear that.

Not so sure about using Lastpass, but each to their own. Cheers, you're doing a kind thing to help him out.

Oh man, shitty

Excellent post as it is about Account security.

Thanks for sharing this security tip with us. We should really have our Steem password saved at more than 1 location. After all it has real value associated with it.

I've been using Safe in Cloud , you can choose where you can keep your encrypted database (Google drive, one drive, dropbox, etc). it can sync multiple devices and the best part is that you just need to pay once and it's not that expensive. I prefer this one / keepass compared to cloud password manager.

Oh no Holger!.....Can Steemit help in anyway to salvage his passkeys?
This is an extreme situation and i sure know there can be some form of exemption.

I am not sure they can. It is a tragedy.

Oh my Goodness......Please extend my sympathy to Holger.

Haven't tried Lastpass yet but I encrypt my PWs & send them to Dropbox. Course, if I lose my Dropbox PW I'd be in trouble! Time to bury a flash drive in the backyard with my AU (heh-heh...) Safe for anything 'cept a EMP I suppose.

That works too!

Wow! That is incredibly sad! At least he is alive! What a great idea for the Holger Relief Fund!

Saving it in a password protected file as a merged jpeg+txt file stored in several websites, is also a good option, and one does not risk sending that only time your raw password to a company who's owner you can't sue.

A very worthy cause to spend your upvotes on folks. Helping directly and informing others of the risk at the same time.

Thank you for letting me know about Lastpass Randy! All of these crypto passwords can drive you nuts. I'll definitely check it out.

Thank you share this post. You give a chance for me to do good thing. I have upvoted this post with 100 weight power. I also sad about Holgers house. I hope he can face this incident.

Thanks for your valuable advice, looking for a place to store my passwords.

Very sorry to hear about his home. Please send him my best.
Do you use the free or premium last pass?

I just use the free @Digicrypt

Thanks

So sorry to hear about his loss. That certainly would be tragic in many ways. Personally I wouldn't trust any company storing all my passwords. If you use them I certainly would still have them copied locally and not just on their server. What if their site went down or went out of business? But this does bring up the point to have your password list stored off site.

I lost my password on the 23 rd of December 2016. They broke in and stole my PC. I cried for days. I cried more about my password than about my laptop or tablet and phone that was stolen. I had to do a remote clean from a different computer and eventually after 5 days I was able to retrieve my password from a google backup I made previously. Just don't ask me what I did because I do not use the save password on my google account. I was just glad to be back!

I wonder if he could file under renters/homeowners insurance for that loss?

I keep a hard copy in my firebox.

Hello my friend

Thanks for this post and the wonderful post
I really liked what I wrote in this post
The selection of the post is so lovely
Happy day to you and always

Are you saying that if someone hacks your email, he cant conveniently log in with your lastpass? I need to understand why you think this is a secure way of keeping your password.

If hackers know that you keep important passwords in one place as you have said in this open network, it might be enough incentive to try to hack your email password or your lastpass password.

What is the opinion of gurus and ethical hackers in the house?

Can anyone explain the reason as to why you can only receive one password?
D,

I use my Trezor to protect my passwords no one can access this and it works for both password protection and bitcoin as well. I have been using this for at least 6 months and its working great. I got this because an article that was written by Andy Hoffman from Miles Franklin.

Dashlane FTW!

Does Steemit have a 2 step verification? I like using that on my sites so that I have to get a code via text to confirm identity whenever I log in.

Nope, not yet.

I've also used the authenticator app on my phone, for coinbase and other sites, but I don't know if that would work here.

Heartbreaking to hear about @holgermarkgraf loss. Wonderful of you to help him through this difficult time. Thank you for this great post. I am definitely going to check out lastpass.

If I may ask, as I am fairly new and don't know where else to ask.

I keep reading about how important the password is, but I see a number of passwords in the wallet. Are we talking about the auto-generated password given to us when we first register? I'm not clear as to what the other passwords are for.

Just to be certain, I printed them from a screen capture and have also enclosed them within an encrypted file and given it to my brother and my best friend. Luckily, not only do I trust them, but I also want them to take it over should/when I die. Still, if the encryption is strong, leave a file with whoever is going to inherit your steemit account and enter the encryption password in your will. That way, nobody reads it until after you have konked out (even your attorney and witnesses do not read what you write, they only sign that they saw you sign).

I hope this added to the ways everyone has for protecting themselves.