Just because the password is long it doesn’t mean you are safe.
There are many other ways to get ahold of a password other than brute force. With the recent increase in price and popularity of steem, the risk of your accounts being attacked is increasing daily.
Basic Security
Steemit has multiple private keys for a reason, use them.
To find them first you go to wallet, and click on permissions. Then you just click on show private key and then you can log in with that. The typically use the posting key when using my account normally. It can’t send transactions but it can still upvote and make posts. The Active key allows you to make transactions, including: powering up/down, moving stuff out of savings, and transferring steem/sbd. The owner key allows you to do all those, as well as change them. This is the password you were given when you created your account.
Do not store your password online unencrypted. Storing it if offline on your computer(s) is safer. Although, you shouldn't do this on a public computer. If you believe somebody else is using your account, change your password. That will change all the other keys too.
Mid-level Security
Some of you have thousands of dollars or more in your account. You might want some additional security. My advice at this point is to keep your password completely offline. You could either write it down and keep it in a safe place or keep it on a usb drive. Keep it somewhere hidden, so that nobody stumbles onto it by accident. Using your active and posting keys instead of your password is also a must.
At this point some may consider changing their password regularly. The steemit password is long enough that brute force is unlikely to crack it. Changing it often decreases the chance that brute force can crack it, but there is little other reason to do it. Nobody who gets ahold of the password will keep it the same for long, they will try to take control as fast as possible. You should still change your password after any lapse in security, those happen often enough either way.
Paranoid level Security
Some people have hundreds of thousands of dollars in their account, sometimes you need to go overboard. At this point you should always encrypt your passwords. I typically save my passwords in a text file and then encrypt them using gpg on linux . Next I store them offline in multiple usb drives in distant locations, so that if something happened to one area the rest would be safe. (I have also uploaded my encrypted passwords to google drive, behind a 30 character encryption password, just to be safe.)
At this point you should also worry about malware. Windows computers are especially prone to get them. This means a good anti-malware is a must. If you have a good understanding of computers or are willing to learn, Linux will turn out to be a better option. Linux is more secure and some distributions can encrypt files without downloading extra programs.
The more secure everyone's password is, the less likely hackers are to go after any of them. That ends up helping everyone.
Thanks for friendly reminder! It is about time we start taking that seriously :)
Thank you sir for the writeup and tips, I pretty much secure all my stuff at Paranoid level security. This is a good reminder, and super helpful for all the influx of crypto noobs and the fact that never before has a social network account had the ability to store hundreds to thousands of dollars.
Cheers!
Upvoted. Resteemed. Following.
Upvoted the post, resteemed it and already followed
very smart post. Most people don't realize this stuff..... Just upvoted and followed
@evanrvoss
That's the same combination I have on my luggage!
This post received a 13% upvote from @randowhale thanks to @anarchyhasnogods! For more information, click here!
Hello ! Can I translate your post in french ? I'm sure a lot of peoples could be interested !
yeah sure, the more people who see it the better.
I just printed my password on a bumper sticker and have it on my rear truck bumper. I take it that is not recommended?
I'm not sure, send me a picture.
LOL
Yeah I second that, send us a picture just to make sure. Two pairs of eyes on it is always better.
LOL. You guys are quick. Love the humor!
I just got my account approval the other day and have yet to get any good content up, but I have to say that this was excellent advice for a newbie. Thanks for sharing such great info! Now I can ensure proper account security.
This is true guys ‼️🤙🏾® Follow me on steemit for some cool dope post! 💨🚀®
Thank you for sharing! A link to your post was included in Steem.center wiki page about Steem Key Management. Thanks and good luck again!
Saving your passwords encrypted and offline is really important, very good info :-)
Resteeming so I remember all of this. Really important information. Thank you for sharing.. especially for those of us who are new and trying to understand it all.
Xx, Kay
very good information!
Great post! Only found out about your posts recently, but you do some great work! Keep on keeping on :)
Up voted and resteem :-)
Thanks, didn't know about the keys.
Excellent advice - one cannot be too careful. You make several interesting points but one in particular I had not considered until now. In my zeal to protect my own information, I did not properly appreciate the fact that by each of us securing our information, we essentially reduce the collective weakness of crypto-currency. In other words, if repeated efforts at hacking yield no results, the cyber criminals will choose easier targets (non-cyber currency) and that's good for all of us.
Luckily I was already storing my password offline, but I could be doing better by encrypting it. Good article.
On the topic of malware I've been wondering what anti-virus system would work well with crypto wallets since most of them are from unverified devs.
I use malwarebytes and haven't seen it attack my ether, dogecoin, or bitcoin wallets. Although I have seen it go after the nicehash miner
I stored in my heart ❤️
Thanks for the advice, I hope we never have a problem with hackers doing crazy stuff. I think people should really watch out for their family and friends the most sad to say.
Thanks very helpful for newbies like myself!
Definitely something to consider, especially as our accounts become worth more and more! At this moment I am at the stage of saving it in multiple locations on different devices (encrypted). I am hoping to find a better method in the future, but for now this works.
Thanks for sharing!
Thanks for the info @anarchyhasnogods your blog are very helpful to other steemians have an idea to be careful about keeping thier password. Thanks again and regards
Thank you for the post! Great for someone just starting up like myself :)
This was genuinely useful information. Until today, I was posting with my owner key stored in my browser and saved in my email inbox. Password now changed, encrypted and stored multiple places, and posting with the posting key. Thanks!
Oh, and now following you.
Adding 2FA will make it secure.
Right now it is plain password period, whatever you do with it.
very informative post...
glad you posted this..all of us should be aware of this security information.
thumbs up...!! @anarchyhasnogods
Thanks for this. I'm new to the whole crypto world and I don't think about these things on my own.
Omg ! I never taught about that....... -_- Thanks !
thanks for sharing, everyone should read this and take it all into consideration
Thank you so much for sharing this information. Okay, please oblige me this "dumb" newbie question: "How do I copy those active keys and use them?" They are those weird looking icons under passwords, right? (You see how dumb I am here....yikes!) Thanks for holding my hand. Sending you much chocolate and puppy love. (I come from the ancient time when Cacao was currency; read my blog on it!) You can find me @organiccacao. In Joy, Christina
I just saw a good post on them that can explain it better than I can. Here is the link: https://steemit.com/security/@noisy/public-and-private-keys-how-they-are-used-by-steem-making-all-of-these-possible-you-can-find-answer-here
Thank you so very much! Please visit my page.
Quality post and a good reminder of security for even the most cautious of us.
thank you for telling this post as its most important thing and i have to save my password to else place and its big so cant remember but i think if i change password then at least i put other which i can remind it.
oh you are really smart blogger.
thanks for the security lesson. i'm new here and the more info i can absorb the better
Thank you for the security tips. I'll have to take these steps although I just started here. I use only my phone since my PC is down. Following and resteeming.
Very important... RESTEEMED !!!!
Thx for the information. Great post
HeartlyThank you @anarchyhasnogods for sharing .. it was an very informative for me.. hope more help and suggestion from you... m just basic learner. you are great
Good Information. I had no idea what those passwords were for. I need to Resteem this, so that I have it on hand. Thanks! AAGGH! No Resteem button!
Thanks for the info :) why dont they integrate a 2FA???
because steem is a blockchain, not just the site
Perfectly put together, really easy to digest and use.
This is one of those things you wanna say you already knew, but I wouldn't have searched it if I knew haha.
I wasn't sure exactly what the majority did with their passwords, I thought a USB drive was either really archaic, or just plain ridiculous.
Apparently I'm not crazy, and a USB is the best idea.
Question: Is there any reason too get an encrypted USB? I'm assuming the only reason it needs to be physically encrypted, is if someone physically steals it, correct?
If you dont encrypt them, all it takes is you losing one of them to get your keys stolen
I encrypted them beforehand don't worry
yeah