SteemIt Security Keys and Scam Alert - How to be Safe from Scammers.

I learned something Important about security and keys in this post:

Scam Alert #1! - I was Scammed 663.843 SBD - Be Prepared! - Enjoy with Troy!
@enjoywithtroy (59) in steemitabuse

@enjoywithtroy/scam-alert-1-i-was-scammed-663-843-sbd-be-prepared-enjoy-with-troy

However, I am not entirely clear about the use cases for each key.

In the Wallet section, the Permissions tab, you will see:

POSTING

STMxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnx SHOW PRIVATE KEY

The posting key is used for posting and voting. It should be different from the active and owner keys.

ACTIVE

STMxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnx LOGIN TO SHOW

The active key is used to make transfers and place orders in the internal market.

OWNER

STMxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnx

The owner key is the master key for the account and is required to change the other keys.

The private key or password for the owner key should be kept offline as much as possible.

MEMO

STMxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnx SHOW PRIVATE KEY

The memo key is used to create and read memos.

... where "SHOW PRIVATE KEY" or "LOGIN TO SHOW" are buttons to show the respective private keys.

Note: "STMxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnxxxnxnXnxXnnXXnXnx" are made-up keys - your account will show your keys after you logged in. Private keys are not shown - you will have to find out hat yours are like.

I then proceeded to seek out more details about these keys and about the master password.

From the FAQ:

What are my different keys for?
Posting key - The posting key allows accounts to post, comment, edit, vote, resteem, and follow or mute other accounts. Most users should be logging into Steemit every day with the posting key. You are more likely to have your password or key compromised the more you use it so a limited posting key exists to restrict the damage that a compromised account key would cause.

Active key - The active key is meant for more sensitive tasks such as transferring funds, power up/down transactions, converting Steem Dollars, voting for witnesses, updating profile details and avatar, and placing a market order.

Memo key - Currently the memo key is not used.

Owner key - The owner key is only meant for use when necessary. It is the most powerful key because it can change any key of an account, including the owner key. Ideally it is meant to be stored offline, and only used to recover a compromised account.

^

What do I do if I lost my password/keys?
There is no way to recover your account if you lose your password or owner key! Because your account has real value, it is very important that you save your master password somewhere safe where you will not lose it.

Then - looking further - just prior to the FAQ on the keys:

Why should I be careful with my master password?
The master password is used to derive all keys for your account, including the owner key. If someone has access to your master password, they can steal your account and all of the tokens in it.

Master Password

When you first created the account, you were to set a password and login with it. That is the master password. You will not be able to login with anything else - not with the posting key. Try it to find out.

I have yet to find out the differences to the keys and the associated private keys. I am guessing that the private keys are to be made secure and are used to change the corresponding keys - posing, active, and memo (there is not one for the owner key).

So, as a part of my seeking how to use the keys, I will log out and try to post this with my posting key without logging in with my master password.

I used my posting key when posting without logging-in and this is what I get:

Returning Users: Login to Post
@freedomshift
•••••••••••••••••••••••••••••••••••••••••••••••••••••
You need a private password or key (not a public key)
This operation requires your Posting key or Master password.

Aha! Let me get my Posting - Private Key to post without logging into my account.

Success! I have logged into my account with my Private Posting Key to Just Post and Comment!

Note: My Private Posting Key and my Private Active Key do not start with STM.......

My conclusion - the Public Posting and Public Active keys are for tracking and recording purposes and the Private keys are for log-in and access and control.

As always, I am here to encourage, inspire, help, and collaborate. Please let me know IF I can help curate your posts.

I am not a bot, but, I can do more and with discernment and Intelligence!

Please contribute, add or correct this very important issue!

@freedomshift/steemit-security-keys-and-scam-alert-how-to-be-safe-from-scammers-condensed-summary-version

H2
H3
H4
3 columns
2 columns
1 column
2 Comments