When you are just starting out on Steemit there are some things that can be confusing or unclear. One of the things that took me a while to grasp is how to properly use the keys. It took me a long while to understand why there were different keys and it turned out that I was using them wrong for a long period of time. Chances are that a lot of Steemians are making the same mistake.
Keys are the passwords you use to login the Steemit site, these are the same passwords you use for Dtube and Utopian among others. The thing is that instead of one key (or password) Steemit provides you with 4 keys.
The 4 keys have different levels of permission.
The Posting Key
Allows you to do basic stuff like post and comment but you are not able to transfer funds out of your account for example. Basically the Posting Key lets you do all the everyday things except manage your funds.
The Posting Key allows you to:
- Post
- Comment
- Vote
- Follow
The Posting Key is the key you want to use for your everyday Steemin’
The Active Key
Allows you to do all the things that you can do with the Posting key but also lets you manage your assets. So with the Active Key you can transfer Steem/SBD, make trades on the market, Power up, Power Down.
The Active Key gives you full control over the Steem/SBD you have earned and also your Steem Power.
The Active Key allows you to:
- Post
- Comment
- Vote
- Follow
- Transfer funds!
- Trade on the market
- Power up/down!
- Change Posts/Comments
- Change your Active Key!
- Vote for Witnesses
If your Active Key should fall into the wrong hands that person will also be able to control your hard earned Steem. So avoid using this Key as much as possible.
The Owner Key
This is the most important key, the key that you get when you first sign on with Steemit. I can not stress enough how important this key is. Never.. let me repeat that.... never use this key! Lock it away somewhere safe, just write it down and put it in a vault.
With the Owner Key someone (hopefully that someone is you) has full control over an account. Even if your Active Key gets lost you can recover your account with the Owner Key. Losing your Active Key is bad but at least you can recover your account, losing your Owner Key means that you have lost your account forever.
The Owner Key has the same privileges as the Posting and Active Key plus the added bonus that this key can be used to recover your account (if you get hacked for example).
The thing is that the importance of this key may not be clear when you first start out on the platform.
The importance of the key is mentioned when you first login but with the excitement of finally getting approved and getting ready to earn some money, it is understandable that you have missed this important fact.
In my case I figured that the key I got when I first signed on was my "regular" password, I mean I could access everything and that was really convenient, right? Well, it turned out that I was using my keys the wrong way. What I should have done was backed-up my Owner Key and used my Posting Key instead. I really like using the Chrome browser and Chrome automatically saves your passwords for you so that accessing password protected sites becomes an user-friendly affair. But in this case Chrome saved my Owner Key and in my ignorance I never bothered to change it.
There is also the Memo Key that is used to view private messages but I will not include that one in this article so that we can focus on the more “important” keys
Like I mentioned, I was happily using my owner Key to post, transfering funds and going about my business on Steemit. Every time I had to access a site on the Steemit Blockchain I let my browser login with my (as far as I knew) default password which in reality was my Owner Key.
But there are some people out there who would like nothing else to get their grubby little hands on your Active Key and especially your Owner Key.
Why you ask? Well, this way they can access your Steem, start a Power Down, transfer your SBD and Steem to their accounts or an exchange and even lock you out of your account.
There are several ways these scammers try getting your keys, the most obvious way is a link asking you to login so that they can copy your key. Now if you are like me and your browser has saved your key, you will undoubtedly use that particular key to login. In my case that would have meant that someone else would get my Owner Key and would be able to take over my account.
It is very important to check which key you are using when you access your Steemit account and make sure that it is the Posting Key and not your Active or even worse Owner Key.
You can find your keys in your wallet under the "permissions" tab.
When you access your account, go to your wallet. Here you will see a menu item called “Permissions”. On the left side of the permissions tab you will see your four keys, Posting, Active, Owner and Memo.
The keys will start with STM followed by a bunch of numbers and letters.
These are not your keys! To see the real keys you need to click on the button on the right side of the screen. The real key will start with a “5” so it would look something like 5J99gNB3454534874085jlkjfjf984234jdljdl334kjf
The button for the Posting Key will say “show private key”, if you press on it, it will show you the real key that you can use.
The Active key will say “login to show” here you can use your Owner Key to see the real Active Key.
The Owner Key has no button, if done correctly this key was issued to you when you created your account and is now safely sitting in your vault.
Because Chrome is the most used browser at the moment I will use this as an example to check which key is saved as your password to login to the Steemit site.
Start up chrome and visit a random website. on the left side of the URL address you will see a green lock (secure).
I am assuming that you only visit https secure websites
Click on the green lock and a menu will pop up. Go to the bottom where it says site settings. Click on it and a new menu will open up.
On the upper left side of the screen you will see a menu called “settings”. Click on the icon on the left side of it to see all the options.
Go to the “Passwords and Forms” section and then to the “Manage passwords” option.
Tada! Here you will see a list of all the passwords that Chrome has saved for you.
From left to right you will see: the website, username, password (hidden) and an icon resembling an eye.
Search for Steemit (or Dtube, Utopian, etc) and you will get a list of the passwords saved for accessing those accounts.
If you click on the eye icon Windows (or whatever operating system you are using) will ask you to login so that you can view your password.
Make a note of the key used to login. Check if it matches the Posting Key, if not you are using either the Active Key or Owner Key. If so delete the saved password by clicking on the three dots on the right side of the eye icon (make sure that you have backed up the key if you hadn’t done so already).
If you continue using your saved Active or Owner key you are vulnerable to phishing attacks and run the risk of losing your Steemit account
Restart the browser when you are done and go to Steemit.com. Instead of automatically logging in you will be asked for your password. Make sure that you use the Posting Key. Chrome will ask you to save your password.
This way if you are the victim of a phishing attack the only thing the hackers can do is post or comment (who knows they might write a trending post for you!) and because you have your Owner Key safely tucked away you can always reset your Posting Key.
Use your Posting Key for your everyday Steemin’ activities. Only use your Active Key if necessary and make sure that your browser doesn’t save the Active Key. Never, Ever use your Owner Key.
The only exception is when someone gets a hold of your Active Key of course.
Be sure to double check the passwords saved by your browser.
Never click on links you don’t trust and be sure to think twice before entering your keys.
Be safe out there my fellow Steemians