The afflux of new users, combined with the recent phishing attempts and DDoS attacks can mean only one thing: Steemit is going mainstream.
But with this exposure, a lot of potential problems are now a reality. One of this problems is security. Although the phishing scams were stopped really fast, a few users got caught and they lost their accounts.
Because of that, and because this kind of howto was missing from my introductory articles, I decided to do a very quick and easy writeup, targeted specifically at newcomers. But I hope to be useful to any Steemit user who takes security seriously.
Without further ado, let's start.
Question: Where is my account stored?
Answer: Your steemit.com account is stored in the blockchain. So your account it's actually a transaction stored in the blockchain, along with posts, comments, votes or tokens transfers. It's not stored in a separate database, that Steemit INC or any other entity can access.
Question: If it's public, it means everybody can access it?
Answer: Everybody can see it exists, can see what it does, like all its posts, comments and transactions, but it cannot be used by somebody else, only by the person who has the keys to it. These keys are your account.
Question: I'm confused, what keys are you talking about?
Answer: In the Steem blockchain, every account has a few capabilities, and each capability is unlocked by a certain key. For instance, your posting capability is unlocked by your posting key. The capability to make token transactions (and transfer tokens to exchanges, for instance) is unlocked by the active key. And the owner key unlocks everything, it's like the "mother of all keys".
Question: What is a public key?
Answer: It's the key that starts with "STM". This is, as the name says, public, and it's used by the blockchain to identify your actions publicly. You have a posting public key that is stored along with all your posts and you have an active key that is stored along with all your transactions.
Question: What is a private key?
Answer: It's the "unlocking" pair of a public key and it starts with "5K" (or "5J"). For instance, when you post something, your content is "tagged" with your public key, but in order to make sure it's actually you who posts that content, you need to "sign" the posting with your private key. This "pairing" makes you the owner of the content, that's why you can modify it. THIS IS THE KEY YOU SHOULD NEVER GIVE AWAY. NEVER. EVER.
Question: What is the Steemit password, then?
Answer: That password - also called "master password" - is an encrypted string derived from your keys and it gives you access to the Steemit.com frontend. If you lose that, you can still access your data via direct interaction with the blockchain, by using your keys. The master password starts with "P5".
Question: What happens if I give my owner key to a bad guy?
Answer: You're screwed. That person will have instant access to your account directly from the blockchain, will be able to post on your behalf and take away your funds.
Question: What happens if I give my master password to a bad guy?
Answer: You're screwed. Read above. The bad guy can access Steemit.com, and, from the Settings section, to see your private keys.
Question: I remember I gave Steemit an email address when I registered? Can't this be used somehow?
Answer: If you remember that email address, or, even better, if you still have access to that email address, then you can initiate a recover process, with Steemit INC. So all is not lost.
Question: So there is a way to get back my account?
Answer: You're not following me. Your account is just a transaction in the blockchain, that can be unlocked by your owner / active / posting key. If you lose those keys, your only chance to recover your account is to remember the email address with which you signed up and then initiate a recovery process with Steemit INC. But while you're doing all this, your account may be dried, so don't rely on this "feature", be proactive and protect your keys.
I guess this is it. If you really understand what's going on and take good care of your keys, you should be ok. Other than that, use sunscreen, don't drive and text, don't drink and drive, you know the drill.
I'm a serial entrepreneur, blogger and ultrarunner. You can find me mainly on my blog at Dragos Roua where I write about productivity, business, relationships and running. Here on Steemit you may stay updated by following me @dragosroua.
https://steemit.com/~witnesses
If you're new to Steemit, you may find these articles relevant (that's also part of my witness activity to support new members of the platform):