CommunitiesEcosystem
Search
Login
Signup
Write a post
Switch dark

HAVE I BEEN HACKED OR BLOCKED?

65
7 years ago
in#steemit

Yesterday I was logged out of my Steemit account. My first thought was "Oh Crap, I've been hacked"

A quick look around Steemit revealed no end of hacked accounts.

muppet2.jpg

To try to find out more @kiwideb did a post saying my account had been hacked.
@kiwideb/no-not-me-phew-but-sift666-has-been-hacked

DQmPehp21JLdwuqdha8bkhvuJjS2P4BfcoHGySRSFdDPS8c.png

A whole bunch of awesome people commented with ideas and suggestions. But I hadn't actually done any of the things they suggested that would lead to being hacked.

The typical hacking stories were like these: that-glitch-scam-post-do-not-click-or-enter-your-details and birjudanak-is-pulling-a-phishing-scam

But it turned out I hadn't really been hacked - I'd been blocked

Since first joining Steemit in August 2016 we have always done the same thing - we just open up our browsers and are automatically logged in. The idea of having to log in or out of Steemit manually doesn't even enter our minds.

Logins are just another one of the complexities of modern life - something to be set up, done, and ignored as fast as possible.

Like many people I have a list of all my website log ins. There are 145 different sites on my list, all with different logins and passwords. I realise Steemit is like other cryto currrencies and needs a higher level of security, but the truth is I tend to just think of it as another website, like Pinterest or the online shop where I buy printer cartridges and A4 paper

We have five different computers permanently connected to the internet, as well as two Android tablets that connect through WIFI.

comps.jpg

All of them have multiple browsers installed, and we generally use three - Chrome, Firefox, and Opera. Different browsers work better with different sites, but that will have to be another post!

Steemit works fine on all three so we literally have more than a dozen browsers all permanently logged into our Steemit accounts. They do this automatically without any thought or input from us.

Using different browsers for Steemit means that we can just decide which Steemit account we will be logged into by choosing which browser to open. No logging in or out required.

But the problem in this case was not that I was hacked - it was that I was locked out of my account "to save me from myself"

2017-09-26_214737.jpg

What actually happened was that I was randomly logged out in one of my browsers (no idea why) and I tried to log in with the key stored in that browser (Opera) - but that had been there since last year, it was my Master Key, and it's not safe to use that one, (it worked OK the first time, so I never thought about it again) and my account - @sift666 - was then locked up to save it from being hacked.

2017-09-26_164802l.jpg

I never knew about needing different log in keys because it's been over a year since I last logged in, and I didn't have copies of the other log ins - only the original one.

While looking into this I read a post by @gtg - Memos, keys and passwords, Balrogs and Fields of Despair. Be safe

What I didn't realise when I first read that post is that my account wasn't hacked because I didn't do that security stuff properly - it's true, I didn't, but my account had actually been blocked by a bot created by @gtg in order to prevent my account being hacked in the future

On the one hand it's great that security experts like GTG are looking out for us, and I certainly needed a wake up call.

But on the other hand, if I had been told what had been done and given some more information, it would have been a lot less stressful.

download.gif
Image

This is all very new - in fact, only last week @kiwideb decided to try out a new browser - Brave (it's pretty good, well worth a try) so she logged into her Steemit account on it. As usual she copied and pasted her original password. All worked fine, no problem - and this was only LAST WEEK.

https://www.brave.com
2017-09-27_071747b.jpg

So when I did the same thing this week, it never occurred to me that things were different now. I guess that's what comes of doing something without thinking for 13 months.

A car analogy

Many people drive a car every day, even though they barely understand any of the mechanics of cars. Until one day they can't even open the door to get in it. "Oh Crap" they say, "my car is buggered"

car666.jpg

In actual fact it's just a flat battery, but they had no idea that batteries need to be replaced about every five years. Maybe they are not actually very interested in cars, they just drive one, or maybe this is the first car they have ever had for more than five years, so they have never replaced a battery before

Logins now need to be held to a higher level of security, with bots to "save us from ourselves", but I suspect that 90% of Steemians are just as in the dark about all this as I was.

So I think it needs to be explained in much more simple terms. With pictures, and using more words like "Oh Crap" "Buggered" and "WTF" so that people like me don't just go "WTF is this boring crap? - buggered if I can be arsed reading all this"

So basically this is what you need to do:

Keep several very safe copies of your Master Password offline (When you setup your Steemit account, you get a Master Password)

But don't use this to log in after the first time (that is what I did by default because I've never logged in or out of Steemit for 13 months).

Instead go to your wallet and click on PERMISSIONS to see your public keys

2017-09-27_11360992.jpg

Then click on "show your private keys" and save copies of them in a safe offline place.

2017-09-27_1136022n.jpg

From now on log in to Steemit using your PRIVATE POSTING KEY and not your MASTER KEY key.

2017-09-27_114621VVm.jpg

This is what the keys look like (note - these are not actual keys):

Public Key of any type (Owner, Active, Posting, etc) - starts with STM and looks like this:
STM6n8WV3imRd454CMY8akRFY4CLbyJVvWS3UdVDWw1dayf4xU47Z

Private Key of any type (Owner, Active, Posting, etc) - starts with 5 looks like this:
5JNyFp1pWNYaHCDEiR7mop5cRzpHcA2psLNRdykhzgbjPzxsqcg

Master Password (KEEP REALLY SAFE!) - starts with P5 and looks like this:
P5KjZuqMC9q7MR1iKeXA2KzpRhnMHyhLQNyBHSDnSSiTiKnjyUCN

With the Master Password you can do everything with your account, because it is used to derive all the keys for your account. And if you lose it or someone else gets it, all your crap will be buggered...

To learn about all this properly from someone who really understands all this go HERE

jag.jpg

MY MINIMALIST STEEMIT SIGNATURE

For more info, see MY WHOPPING BIG STEEMIT SIGNATURE

steemithackedsecurityloginpassword
7 years ago
sift66665
via steemit
$ 17.50
102
H2
H3
H4
3 columns
2 columns
1 column
48 Comments