RE: The Beginner Guide To Not Getting Hacked On Steemit
This is a great write up. I go through intro posts and give promising new people beginner information. A "Security" section is part of it. I want to make sure people understand the basics of account security right away.
In addition to the key issue, people should also understand why using "Savings" to store Steem Dollars and Steem Power to store STEEM is so important. The three day withdraw time for Savings and the many week long withdraw time from Steem Power protects your investment here in case you are hacked or have your account compromised.
I'm beginning to think I completely understand the key issue too, but there's still one missing link people fail to mention. Your master key when you get the account starting with P5 is a hint. I was initially getting confused when I looked in my account permissions area and did not see that key. Well, it makes sense, for the key you see listed in the Owner section (same as master) is the public key. The one you get when the account is first made is the private master key. Is that correct? Per traditional PKI knowledge though, that can be confusing. Both should not be shared with anyone. "Public" does not mean it should be given out.
Here's the security blurb I share with new promising accounts when I see them:
Security
Do not use your owner key to log into Steemit.com to post. Use your private posting key instead. Keep your owner key offline as much as possible, and only use it when you must.
Per the advice given by Arcanage, you should only use your owner key to:
- Recover your account.
- Change the other keys.
- Give a present to your children a few minutes before dying.
A lot of scams have been happening on Steemit recently. If you click a link to a site that prompts you to log into it, be extra careful. Double and triple check the address to make sure it is really steemit.com. A recent scam was using "lsteemit" as the domain name, and people were entering their owner keys to log into it. That allowed the scammers to take those user's accounts, empty the money from them, and then ruin their reputation by using the newly hacked accounts to further the scam.
If you find or suspect a scam, please report it in the #steemitabuse channel on steemit.chat.
Edits and suggestions are welcome. Thanks everyone for being diligent, patient, and helpful regarding the security of Steemit.com!