What is the difference between a password and a private key(s) on Steemit and how to make your account more secure, by using them correctly.

As we just recently learned, keeping your password private is extremely important. This same goes in regards of all private keys. But many people wonder: what is an actual difference between a password and a private key?

This post is written mostly for an average Joe, who do not know anything about cryptography or even computer science.

The password is a Master Key to your account

... which you should never use!


Master-Key-Lock-Experts-In-Houston.jpg
image source

With a password to your account, you can do everything. You can upvote, post, comment, make transfers, change a description of your profile or change a password for a new one. EVERYTHING. So... it is very handy as long as you do not make your password public by accident.

But you are a PRO, so this will never happen to you, right? Take a look at this conversation of Mike and Amanda:

<Mike> That was really great video, really! You have to watch it!
<Amanda> could send me a link to it? I cannot find it
<Mike> no problem, here you have:
<Mike> p@ssw0rd!19870202
<Mike> fuck!
<Amanda> did you just accidentally paste here your password? :D

Looks familiar? And what would happen to Mike's account if he would paste it on public chat? We are only humans, we all make mistakes!

But I need my password to use Steemit, right?

Actually, you don't.

Steem blockchain has a built-in permission system, which gives you a possibility to use a proper private key as a password, which will give you limited access to certain areas of your account. So, for example, you can log in with private posting key, you still will be able to vote, post and comment but you (or anyone who own your private posting key) will not be able to transfer any funds from your account or change your password.

How to login with Private Posting Key only, without a password:

  1. Obtain a private key from your wallet, from permission section
  2. Log out
  3. Log in with obtained private key as it would be a password

YouTube version of this gif:

2017-06-11-17-59-28.gif

The rule is: you can log in on Steemit with any of your private keys, but then you will be able to do only things which can be authorized with this type of key.

But what If I will need to make a transfer?

You have 3 possibilities:

  1. Use your obtained private active key only to authorize a transaction when you will be prompted to do so.

  2. Do not use Steemit at all to make transfers. Use Steem Wallet called Vessel, created by @jesta. You can download it and install it on your computer. At the time of writing this post, it is still experimental version, so it is recommended only for beta-testers, but I have to admit it looks very promising.

  3. Use your Master Password, but be very, very careful.

So why I need a Master Password at all?

Technically speaking, you don't need it. If you have your all private keys (posting, active, owner, memo) then you can do everything without a password, even create a new password and a new set of all keys.

Why is that? Because in the whole Steem ecosystem, a password is used only to generate public and private keys from it. But exactly this is done under the hood, I will explain in my next article.


This article belongs to series of articles which describes security on Steemit:

  1. What is the difference between a password and a private key(s) on Steemit? How to make your account more secure, by using them correctly. (this article)
  2. Public and Private Keys - how they are used by Steem, making all of these possible?
  3. Public and Private Keys - how they are working under the hood
  4. How passwords are stored by Steemit in your browser, and why it is secure.
  5. How to set own password, which is not generated by Steemit
  6. How to setup multisig/multiple authorities for your account
  7. ...
    Make sure to follow my account, if you don't want to miss any of these :)
H2
H3
H4
3 columns
2 columns
1 column
89 Comments