Welcome to Part 2 of the Beginner's Guide to Steemit! This lesson focuses on your Steemit account, specifically how to register and what to do once you've registered. We'll also talk about your account keys, which are important for performing actions within your account, and how to keep your account safe. If you missed Part 1, you can read it here.
Image created by @ethandsmith. Released under a CC0 License. Image resources from Tumisu and 3Dimage_eu. Used under a CC0 1.0 Universal License.
What You'll Learn
- How to register on Steemit
- How to login for the first time
- How to access the Permissions page
- Understanding the functions of the Posting, Active, Owner, and Memo keys
- Why it's important to keep your keys offline and safe
- How to avoid fraudulent activity
Some of these concepts have been previously discussed in the Steemit Quick-Start Guide. This is intended to be a supplement to the Quick-Start guide as you begin your Steemit journey. The main focus of this lesson is account security. Just as you know to keep passwords for any online account safe, you'll need to do the same for Steemit.
We'll start this lesson with a brief look back at the Steemit sign-up process.
Registering for a Steemit Account
First, the Steemit.com sign up process is fairly simple. Browse to https://signup.steemit.com/ and you'll see this:
The first thing to select is your username. This will be the name others know you as across Steemit, so choose wisely! For example, my username is @ethandsmith. If you're reading this on Steemit, you'll see that it shows up as a tag in this post that people may click on to go to my profile. It also shows up in the URL of every post you share on Steemit. It's up to you and limited only by what has already been taken, so choose wisely and proceed.
Next, you'll need a valid email address. Input it and solve the captcha, and you'll be asked for your phone number. Steemit, Inc. provides each new account with a small amount of STEEM to get started, therefore validating your phone number helps prevent the creation of multiple accounts just to claim the sign-up bonus.
Finally, you'll have to wait for a while. A confirmation email will be sent to your address that you provided, so be sure to check your email and confirm your registration as soon as possible! After confirming, you'll have to wait for a bit. Presently, each new account created via this sign-up process must be approved by the Steemit team manually before it becomes active. This may take 24-72 hours or more, but you will receive an email when it's time to continue.
An Account that Isn't Just an Account
Similar to how we keep our cash and credit/debit cards in physical wallets, digital currencies must be kept in digital wallets. Therefore, when you register for and have your Steemit account approved, the account serves as more than just a login to a social media site, it also serves as a wallet for any STEEM you earn through your interactions on the platform. This means that keeping your account passwords safe is of utmost importance, perhaps even the most important thing you need to know when signing up for Steemit.
Clicking the link in your confirmation email will take you to a page where your account's master password will be generated. The master password is extremely important, so be sure to heed the warnings about never losing it. Copy it and save it to a local text file or physically write it down immediately.
Complete the process by using your username and master password to log in to Steemit for the first time, but DO NOT SAVE YOUR MASTER PASSWORD IN A PASSWORD MANAGER. Why is this so important?
The Master Password
Steemit generates your master password for you after you complete the registration process. It is imperative that you keep this password offline in a safe place. Write it down and never lose it. If you lose it, it cannot be recovered. The private owner key, or master password, gives you access to all functions of your account, so you never want to share it with anyone. I repeat, do not share this password. Write it down and keep it in a safe place. Don't store it online or in a password manager. Keep it offline if at all possible. The only time you should ever consider using it in a browser is for your very first login to Steemit or to reveal your active key on the Permissions page.
In summary: Your master password can authorize all actions associated with your account, but you should use it as little as possible and never share it. Use your private active and posting keys instead.
Think of it like owning a home
CC0 Creative Commons - PlumePluome on Pixabay
In the Quick-Start Guide, I presented an analogy about the master password to your account: Think of your Steemit account as a home you have just purchased. You own the home free and clear. No mortgage. The master key to your Steemit account is like the deed to your home. You should keep it in a safe place and no one else has any reason to ever see it. The private and active keys are like the locks on the front door of your home. You control who comes and goes from your home by issuing keys to your front door lock. The same is true of your account keys on Steemit. You control access via the private active and posting keys. If you gave out a key and you don't want someone to have access any more, you would simply change your locks on your home. You can also do this on Steemit by changing your private and active keys.
However, if someone took the deed to your house, they could move in and claim the house was theirs. Assume transfer of the deed means a transfer of ownership. This means you no longer have a claim to your house. The person with the deed could sell it or live in it, and you could do nothing about it. The same happens if someone else gets access to your master Steemit key. They can come in and drain your account or pretend to be you, and there isn't anything you can do about it.
This is why it is so important to keep your master key offline and safe. You should be the only person who controls your account.
So if you can't use your master password, what should you use instead?
The Keys to Your Account
Image created by JeongGuHyeok. Used under a CC0 1.0 Universal License.
Once you've logged in for the first time with your master password, navigate to the permissions page of your account by going to
steemit.com/@yourusername/permissions
or by clicking your avatar in the top right, then select "Wallet" from the drop-down menu:
then select the "Permissions" link:
You'll immediately see several long strings of characters that will serve as your passwords.
"Passwords" is plural in this case because registering for Steemit will generate eight account keys that will be associated with your username. Don't worry, though. They all have specific purposes, which will be explained shortly.
First, you'll need to know that there are four different types of keys, and each of them has both a public key and a private key. Private keys are the "passwords" that you use to authorize actions within your account. Each time you log in to Steemit, you will do so with a private key. Public keys are used to verify that you were the one who performed the action.
Public keys are indeed public, so it's not as important to keep them in a safe place. However, it is extremely important to keep your private keys in a safe place.
All of these keys (public and private) are derived from your master password. I'll explain why by going through the different types of keys and what they do (in order of how they are listed on the Permissions page):
Posting Keys
The posting keys allow you to perform actions that you would normally associate with other social media sites. You will be able to share blog posts, comment on other users' blogs, and give out votes (we'll explore voting later). Therefore, when you log into Steemit, you will generally want to use your private posting key. When you go to the Permissions page for the first time, you'll see a link beside your public posting key that says "show private key."
When you click it, you'll see the private posting key, which begins with the number 5. Copy this key and save it offline somewhere. Alternatively, you may save this one in a password manager if you so wish. Log out of Steemit and use your private posting key to log back in. You'll see that you have access to the same functions as before when you were logged in with the master password.
Your private posting key may on rare occasions be shared with third parties in order to facilitate other services available to you on the STEEM blockchain. I will address some of these services in a later post, so for now, keep your private keys private!
In summary: When logging into Steemit, use your username and your private posting key as the password. Keep your private key private (stored offline or securely in a password manager).
Active Keys
As I've hinted at, there are certain operations that may be performed with your Steemit account that are different from other social media accounts you may have. These mostly include wallet transactions. Once you begin to earn rewards from your blogs and comments, you will start to see STEEM, STEEM-backed dollars, and STEEM Power accumulate in your wallet. I'll address each of these currencies in the next lesson, but what you need to know now is that you are able to move these currencies around and perform various operations like sending them to other users, transferring them to an exchange, and exchanging between the currencies on internal and external markets (Again, we'll cover all of these subjects later). All of these operations require your private active key. Similar to your posting key, you'll need to click on "Login to show" to see the private active key (see image above for position of button). This one requires that you use your master password to login. You'll need to do this at least once so that you can copy your private active key and save it offline for future use. Again, don't save your master password in your browser's default password manager.
Your active key may also be shared with third party services to facilitate certain account actions. We will cover this in detail in a later lesson.
In summary: Your private active key is used to authorize important account actions and functions. Keep it offline and safe.
Owner Keys
Image created by me using images by 3Dimage_eu and sbigelow on Pixabay. Used under a CC0 1.0 Universal License.
The owner keys serve many of the same purposes that the master password does. The private owner key would allow all of the account access that the master password does, therefore it is not displayed on the Permissions page. As long as you have your master password saved offline, you won't have to worry about using the Owner keys.
Memo Keys
Presently, these keys allow the encryption/decryption of memos sent on the platform. This will allow only the receiver of the memo to read it. It is believed that this key may serve other purposes such as messaging in the future on Steemit, but for now, be sure to save the private memo key offline with your other keys.
Storing Your Passwords Safely
CC0 Creative Commons - JanBaby on Pixabay
I suggest saving all of your account keys in a file on a USB drive, DVD, CD, or SD card. If you choose to leave your keys in a file that stays on your computer, be sure to encrypt it so that malware cannot gain access. If you have Microsoft Word, use it to encrypt the document with a password. You could also use 7zip to encrypt it within an archive. If not, look into other encryption options, and never store your Steemit keys on a machine that isn't your own. If you have your Steemit keys stored on your local PC and you don't have a password set on your Windows, Mac, or Linux login, get one now. Your Steemit keys are precious, so treat them that way.
Keep this in mind when you use your keys to login. If you are using a clipboard manager of any kind, be sure to clear its memory after copying your Steemit keys, or consider not using a clipboard manager at all. Also, it is important to make sure your antivirus software is up to date. You don't want to risk malware being able to read your keys from the clipboard. If you use a password manager such as LastPass, storing your private active and posting keys within it may not be a bad option, as long as you aren't using a shared computer.
So if you haven't figured it out already, keeping your Steemit account login information safe is very important. Not only do you not want anyone to be able to use your account fraudulently, but you also want to protect your account's wallet.
Other Security Considerations
CC0 Creative Commons - typographyimages on Pixabay
As with most other websites, there are people who are out to steal your account information and exploit it. One of the most common methods used to steal information is called "phishing." This is where a user clicks on a link that leads to an external website that will attempt to ask for a password. If a user enters the password, a criminal will now have access to your account.
Steemit has not been immune to phishing attempts. It's important to pay attention each time you enter your keys to log in. Make sure you are on steemit.com or another trusted website in the STEEM ecosystem. Criminals can be clever by changing or adding letters to URLs, which can make it more difficult to realize that fraudulent activity is occurring. Again, any time you log in or authorize an action with your private active or posting key, be sure you are on a trusted website.
One recent feature Steemit has implemented helps users spot links to external websites. Take a look at this excerpt from the Quick-Start Guide:
Notice there are two links included in this excerpt. The first link goes to another post on Steemit. The second links to an external website. There is a small icon beside the external link that will appear beside every link that takes you away from Steemit.com. Use this to increase your awareness of security! External links are not a bad thing, but external links that immediately ask you for your password are almost always attempts at fraud.
Here are some examples of phishing that have already occurred on Steemit:
- Don't get hooked by a Phishing scam. Actual steps you can take to protect yourself.
- Watch out for a Decoy Steemit Website
Steemit, Inc. does take steps to take down these fraudulent websites, but new ones pop up each day.
These links may appear in comments, posts, or even wallet transfer memos (we'll talk about these in the next lesson). Don't be afraid to follow links in posts. I've included many helpful ones in this very post, but always be skeptical if a website immediately asks you for your username and password, especially if you know you have been logged in already that day.
You should now be familiar with the basics of your account keys! In the next lesson, we'll discuss your account's other primary function as a digital currency wallet and discuss the digital currencies themselves!
What You Should Know
After reading this post, you should be familiar with the following:
- Steemit Registration
- Logging in for the first time
- Accessing the Permissions page
- Understanding the functions of the Posting, Active, Owner, and Memo keys
- Keeping your keys offline and safe
- How to spot and avoid fraudulent activity
If you aren't familiar with all of these points, go back and read over the sections again. All of these concepts are extremely important for the entire time you are on Steemit. I believe grasping the basics of keys is one of the most important things to know. Next, we'll take a look at the currencies that make Steemit work. You'll learn all about the differences between STEEM, STEEM Power, and STEEM-backed dollars, as well as how each of them serve unique functions across Steemit!
Feedback
If you have feedback on the presentation of this post or if I should have included a discussion of a certain topic, please let me know! All of these lessons will be placed in a final guide and published in a shareable format, so I would love your feedback. Leave it in the comments here!
All images are screenshots taken by me or are CC0 obtained on Pixabay.com.