Keys and Security

Key is any device that is being used to open an enclosed place, such as door to a house, padlock that is used to lock a door, vault, etc. Security is the main reason we use key, thus key and security are like twins, such that security without key is like no security at all. Key may not be physical, it can be in the form of a word, sound, writings, numbers, etc. The pin we use in authorizing payments through debit/credit card and mobile money transfers are also forms of keys.

If we want to protect our properties, we will put them inside a strong building and then use a lock to prevent unwanted access to people whom we do not trust. For a lock to be useful, it will have a key that will be used to close the lock (when we are leaving the house) and also to open the lock (when we come back and want to enter the house). If we lose the key, lock will not allow us to open the door, we will be locked out; if a criminal gets the key to our lock, he can use it to open the lock and then open the door, thus having unwanted access to our valuable properties. To increase security in our house, if we have many precious items, we can discreetly put these items in different rooms with different keys, then we can put all these keys in a strong room and lock them with one key, called master key, which will serve as a reservoir for all these keys and their duplicates. To have access to any item, one need to use the master key to open the strong room and bring out the key for that room, use the key to open that room so as to have access to the valuables in that room.

If it discovered that a key to one of the rooms is lost, or it is suspected that a criminal have produced a duplicate to a particular room and may have had access to the valuables, for security reasons the lock of that room will be replaced with a new lock (and new key) from the reserves in the strong room (which only the master key can open). As long as the owner of the house is holding the master key and keeping it in a very safe place, the valuables in the different rooms are secured, and any breach to security will easily be handled. If for any reason, either by carelessness, deception , compromise, and/or otherwise a criminal have access to the master key, he has now acquired access to all the rooms and the valuables. The worst situation is when that criminal change the lock (and key) to the strong room; under this condition the original owner will no longer have access either to the strong room (with his master key), or to the other rooms and the valuables, because the criminal will change all the locks and their keys once he had access to the strong room.

In summary, all the keys to the rooms are very important and should be kept very safe to secure the valuables in them, but the master key is the most important, since it can give access to all the rooms, including the strong room which is a reservoir of locks and keys to all the rooms.

Keys and Security in Steemit.

Steemit is comparable to the house with many rooms and a strong room. Upon signing up in steemit, I was given a master password. I used the master password to login into my wallet and thereafter generate the other keys, namely owner key, posting key, active key, memo key, and TRON key. The keys have different permissions and extent it can operate in the steemit environment. After generating all the keys, I copied them into a document that is offline, that is a document that has nothing to do with internet activities in order to keep them secure.

The posting key has the least permission, it is only for logging in to steemit to open my page for social activities such as viewing posts, posting my own write-ups, commenting on posts, reposting other people's post (resteeming), and voting on posts. It has no permission to do anything in the wallet (personal financial bank in steemit), except viewing the wallet and claiming rewards. It cannot be used to do any financial transaction in my wallet. I have been using it to enter steemit environment to do all my posts.

The active key is higher than the posting key in permission, it can be used to login in to steemit environment just like posting key and do all the functions of the posting key, but can also do financial transactions such as transferring tokens, powering up , buying tokens, etc. When I logged in to my steemit page, I was able to use my posting key to view my wallet and to claim rewards. When I wanted to log in to my wallet, the posting key could not do that, it was my active key that opened the access to my wallet to do a power up. Below is my wallet before powering up, where I have 0.002 steem and 1.842 steem power.

After powering up, see my wallet thereafter.

I used all my steem to power up and my steem power increased to 1.844. By using all my steem to power up, I have joined club100, since I have not withdrawn anything from my account, despite the fact that my steem is of low value.

To transfer tokens to other accounts, just a click on any of the inverted arrow (close to the numerical values of steem, steem power, steem dollars, savings and TRX) as shown by that sketched arrow above, and the drop down box will show, where you will be given the options such as transfer (to other account), power up (to your account or other person's account), trade (buy or sell), etc. After the desired selection, you need the active key to authorize or finalize the transaction(s). If I want to transfer steem to other persons account, I will click at the inverted arrow beside steem, from the dropped down box I will select transfer , which will open another box where I will put in the username of the person I want to transfer to and the exact amount I want to transfer. The active key will then be used to finish the transaction.

Because of its permission to do financial transactions, I am always very careful in using my active key; because ''money matter no be play play matter oooo."

The owner key is the most powerful key, it has all the permissions attributable to the posting key and active key, and can also perform extra functions which these other keys cannot do; it can be used to regenerate new posting key, new active key and also a new owner key. It is like a master key, but can only be overpowered by the master password, which can be used to recover any compromised account.

The other keys is memo key and TRON key which I am yet to use.

Since passwords are not saved in the blockchain system (because of security reasons), I manually copied both my owner key and master password into my personal notebook which I kept in a safe place, so that I can always exercise supreme authority over my steemit account. Loss of both master password and owner key mean perpetual loss of the steemit account and all the tokens (money) contained therein; that is why I am always conscious of the steemit 7 rules:

The first rule of Steemit is: Do not lose your password.

The second rule of Steemit is: Do not lose your password.

The third rule of Steemit is: We cannot recover your password.

The fourth rule: If you can remember the password, it's not secure.

The fifth rule: Use only randomly-generated passwords.

The sixth rule: Do not tell anyone your password.

The seventh rule: Always back up your password.

I am grateful to @cryptokannon and @kiwiscanfly for their helpful tips such as "Basic Security on Steem" and "Understanding your Steemit wallet & Powering up" respectively. These tips has tremendiously helped me to understand the security in steemit.