Now Is The Time To Secure Your STEEMIT Account - Post #31
This yummy egg must have been one of the most ancient meal known to man; I wonder if it tastes as delicious as this then……...
A LITTLE INTRODUCTION WILL HELP
It may be beneficial if you read my previous post about adding new users using the Linux CLI, link below.
In my previous post I have pumped up the linux volume a little but by laying down the steps to add a new STEEMIT user thru the use of the very versatile Linux CLI. It may be worth adding here that a question was raised if the entire blockchain is needed before one can add a new user, and my answer here will be NOT NEEDED. The Liux CLI just plain and simply add a new user using the python protocols of the STEEM blockchain, makes everything much simpler and doable really.
In this post I just find it important to continue on with another topic that is related to a new STEEMIT account, and that is security. This is a must for every account really, especially if it carries a crypto equivalent of what we call “money”. I have already told you here guys, many people equate everything with money hehe, so these unscrupulous hackers will surely find a way at any measn possible “to steal your hard-earned crypto-currency”.
Related articles have already been published by others here on STEEMIT explaining about security, and like my previous post on adding new STEEMIT users, this will be my attempt to explain on the security aspects of your STEEMIT account in the most elementary approach possible.
I will try my best to make this easily understandable.
SECURITY MINDSET AS APPLIED TO A STEEMIT ACCOUNT
I will again utilize the numbered items approach to make this a much understandable tutorial. If we try to examine a STEEMIT account, we need to do these things to be able to function effectively:
- to read posts of others
- to reply to posts of others
- to upvote posts of others and your own
- to receive SBD, STEEM or SP
- to send SBD, STEEM or SP
- to be able to login and logoff of your own account
- to change credentials/passwords of your own account
Since the items above are numbered, then I can just easily point out the important things to do for user security in this manner:
-Secure the POSTING KEY for #1, #2 and #3
-For #4, this can be described as not applicable as we are just awaiting an incoming transfer
-Secure the ACTIVE KEY for #5 and #6
-Secure the OWNER KEY for #7; this key can also be described as the MASTER KEY
I suggest you focus on the mentioned keys here as this is the most important in the next paragraphs.
AN EASY TO REMEMBER MINDSET FOR A SECURE STEEMIAN
Now that we have identified the important keys pertaining to each activity of a user, I will now describe the important guidelines for an easy to remember secure user experience as a STEEMIAN:
Make this your very first security mindset as you do things on STEEMIT: “Do not use passwords as the method to login”. When you create a new user, you are asked to issue a password. This password will become your method to login on the STEEMIT platform everytime you want to do things as laid out above from #1 to #7. This arrangement in logging-in is dangerously inviting disaster. This very important post is crafted with the intention to get rid of such an idiotic way to login. You have been warned.
Use KEYS in any activity as described above from #1 to #7 activities here on STEEMIT. I know not all here are that tech-minded, I will just describe this as a must for every user in this manner to be easily remembered by everybody: “COPY/PASTE is the way to go, not typing by your own hands”.
Do not use your OWNER or MASTER key; only use it when you change the same OWNER/MASTER key. For an additional info, everytime you change your MASTER key, all other keys will also change, this will give you the idea that this is the most important key for every STEEMIAN if user security is concerned.
Use your POSTING key to post and curate other posts.
Use your ACTIVE key for anything SBD, STEEM and/or STEEM POWER.
If you are on a Windows PC, make sure you have no virus and security-related infestation.
Best and most secure is to use Linux as the Operating System everytime you do STEEMIT.
I actually decided to do this list in this manner as I really think this will be easier to remember, and hence a much safer way to teach these things.
LET US BE MORE SPECIFIC
I will give as an example the very things that I did when I made my wife’s @hippiemom account using my own @lightingmacsteem account.
When I created @hippiemom, I need to supply a password as the “initial way” to create such. This can only mean that when it is finally created, the only way for me to test its validity is to login at https://steemit.com/@hippiemom using the said password. This situation alone is clearly a violation as per item #1 on the MINDSET list above. Moreover, if I just give the said account right away to my wife, she will surely use the same password, again, a no-no.
What I did is to do these, and in order:
-1. I logged in to https://steemit.com/@hippiemom and initially used the password as per the account creation. I would like to describe that in a way, that exact password is like the MASTER key at this point of my login because it can change everything as per the @hippiemom account, even locking the owner herself if “guessed” correctly thru forced and hacked means.
-2. I need to change the login protocol on my very first login as per step #1. I clicked: WALLET ---> PASSWORD. At the PASSWORD tab (this is now directed to you the reader from this point forward), you need to do these to change the password-style login to become a key-style login (just like what I did):
2a. Input/Type the present password at the “CURRENT PASSWORD” field
2b. Click on “CLICK TO GENERATE PASSWORD”; a very long alphanumeric key will appear in red color, this is the MASTER key.
2c. Copy/Paste the said generated MASTER key firstly in your WORD document (or WRITER) in 2x copies to be very sure, after which you copy/paste it to the “RE-ENTER GENERATED PASSWORD” field.
2d. Check the “I understand that Steemit cannot recover lost passwords” and the “I have securely saved my generated password” tick-boxes.
2e. Review everything including the most important copy/paste in your WORD (or WRITER) document, and when all is OK click “UPDATE PASSWORD”. At the successful execution of this step, you now have transformed your account into a keys-only log-in mechanism. This is now the secure way of continuing as a user on STEEMIT. You have to login again as this step will log you off at your present login state, and the way to login back is to copy/paste the master key at step #2c. Be aware that yo can not login from now on with a typed password, so you are secured wink-wink.
2f. After step #2e, click WALLET ---> PERMISSIONS. Add the following keys to your WORD (or WRITER) document thru copy-paste:
*POSTING key; click also “SHOW PRIVATE KEY” to its right to reveal the PRIVATE key
-expect 2x keys for the POSTING key, the PUBLIC and the PRIVATE
*ACTIVE key; click also “SHOW PRIVATE KEY” to its right to reveal the PRIVATE key
-expect 2x keys for the ACTIVE key, the PUBLIC and the PRIVATE
*OWNER key; this is the public key of the MASTER key that you copy/pasted as per step #2c
*MEMO key; click also “SHOW PRIVATE KEY” to its right to reveal the PRIVATE key
-expect 2x keys for the MEMO key, the PUBLIC and the PRIVATE
All the keys as per the above list have to be in pairs. The key that starts with STMxxxx are the public keys, and the keys that are very random are the private keys. The one you need is the private key when you login to your account.
2g. Once your WORD (or WRITER) document have all the keys that you need, be sure to EXPORT it as PDF; this ensures that such resulting PDF doc can not be altered “accidentally” by the time you copy/paste hereinafter. So you keep 2x file formats, the doc format and the pdf format. Be sure also to put passwords on both files.
So there you go, your secure STEEMIT account as delivered. I am sure many of us STEEMIANS have not even done this yet, and if you are a whale with huge SBD or STEEM or SP you better do this now for your own sake haha.
My apologies as I can not go much more elementary; this is really a tech-side activity made to look easy. So, off to my greetings…………………
Secure STEEMing everyone, may you stay safe always here!!!
Previous Post URL:
https://steemit.com/knowledge/@lightingmacsteem/2sesfi-i-t-spices-the-linux-way