The Beginner's Guide to Steemit, Part 2: Logging In and Keeping Your Account Safe

in #steemit7 years ago (edited)

Welcome to Part 2 of the Beginner's Guide to Steemit! This lesson focuses on your Steemit account, specifically how to register and what to do once you've registered. We'll also talk about your account keys, which are important for performing actions within your account, and how to keep your account safe. If you missed Part 1, you can read it here.



Image created by @ethandsmith. Released under a CC0 License. Image resources from Tumisu and 3Dimage_eu. Used under a CC0 1.0 Universal License.

What You'll Learn

  • How to register on Steemit
  • How to login for the first time
  • How to access the Permissions page
  • Understanding the functions of the Posting, Active, Owner, and Memo keys
  • Why it's important to keep your keys offline and safe
  • How to avoid fraudulent activity

Some of these concepts have been previously discussed in the Steemit Quick-Start Guide. This is intended to be a supplement to the Quick-Start guide as you begin your Steemit journey. The main focus of this lesson is account security. Just as you know to keep passwords for any online account safe, you'll need to do the same for Steemit.

We'll start this lesson with a brief look back at the Steemit sign-up process.

Registering for a Steemit Account

First, the Steemit.com sign up process is fairly simple. Browse to https://signup.steemit.com/ and you'll see this:

The first thing to select is your username. This will be the name others know you as across Steemit, so choose wisely! For example, my username is @ethandsmith. If you're reading this on Steemit, you'll see that it shows up as a tag in this post that people may click on to go to my profile. It also shows up in the URL of every post you share on Steemit. It's up to you and limited only by what has already been taken, so choose wisely and proceed.

Next, you'll need a valid email address. Input it and solve the captcha, and you'll be asked for your phone number. Steemit, Inc. provides each new account with a small amount of STEEM to get started, therefore validating your phone number helps prevent the creation of multiple accounts just to claim the sign-up bonus.

Finally, you'll have to wait for a while. A confirmation email will be sent to your address that you provided, so be sure to check your email and confirm your registration as soon as possible! After confirming, you'll have to wait for a bit. Presently, each new account created via this sign-up process must be approved by the Steemit team manually before it becomes active. This may take 24-72 hours or more, but you will receive an email when it's time to continue.

An Account that Isn't Just an Account

Similar to how we keep our cash and credit/debit cards in physical wallets, digital currencies must be kept in digital wallets. Therefore, when you register for and have your Steemit account approved, the account serves as more than just a login to a social media site, it also serves as a wallet for any STEEM you earn through your interactions on the platform. This means that keeping your account passwords safe is of utmost importance, perhaps even the most important thing you need to know when signing up for Steemit.

Clicking the link in your confirmation email will take you to a page where your account's master password will be generated. The master password is extremely important, so be sure to heed the warnings about never losing it. Copy it and save it to a local text file or physically write it down immediately.

Complete the process by using your username and master password to log in to Steemit for the first time, but DO NOT SAVE YOUR MASTER PASSWORD IN A PASSWORD MANAGER. Why is this so important?

The Master Password

Steemit generates your master password for you after you complete the registration process. It is imperative that you keep this password offline in a safe place. Write it down and never lose it. If you lose it, it cannot be recovered. The private owner key, or master password, gives you access to all functions of your account, so you never want to share it with anyone. I repeat, do not share this password. Write it down and keep it in a safe place. Don't store it online or in a password manager. Keep it offline if at all possible. The only time you should ever consider using it in a browser is for your very first login to Steemit or to reveal your active key on the Permissions page.

In summary: Your master password can authorize all actions associated with your account, but you should use it as little as possible and never share it. Use your private active and posting keys instead.

Think of it like owning a home



CC0 Creative Commons - PlumePluome on Pixabay

In the Quick-Start Guide, I presented an analogy about the master password to your account: Think of your Steemit account as a home you have just purchased. You own the home free and clear. No mortgage. The master key to your Steemit account is like the deed to your home. You should keep it in a safe place and no one else has any reason to ever see it. The private and active keys are like the locks on the front door of your home. You control who comes and goes from your home by issuing keys to your front door lock. The same is true of your account keys on Steemit. You control access via the private active and posting keys. If you gave out a key and you don't want someone to have access any more, you would simply change your locks on your home. You can also do this on Steemit by changing your private and active keys.

However, if someone took the deed to your house, they could move in and claim the house was theirs. Assume transfer of the deed means a transfer of ownership. This means you no longer have a claim to your house. The person with the deed could sell it or live in it, and you could do nothing about it. The same happens if someone else gets access to your master Steemit key. They can come in and drain your account or pretend to be you, and there isn't anything you can do about it.

This is why it is so important to keep your master key offline and safe. You should be the only person who controls your account.

So if you can't use your master password, what should you use instead?

The Keys to Your Account



Image created by JeongGuHyeok. Used under a CC0 1.0 Universal License.

Once you've logged in for the first time with your master password, navigate to the permissions page of your account by going to

steemit.com/@yourusername/permissions

or by clicking your avatar in the top right, then select "Wallet" from the drop-down menu:

then select the "Permissions" link:

You'll immediately see several long strings of characters that will serve as your passwords.

"Passwords" is plural in this case because registering for Steemit will generate eight account keys that will be associated with your username. Don't worry, though. They all have specific purposes, which will be explained shortly.

First, you'll need to know that there are four different types of keys, and each of them has both a public key and a private key. Private keys are the "passwords" that you use to authorize actions within your account. Each time you log in to Steemit, you will do so with a private key. Public keys are used to verify that you were the one who performed the action.

Public keys are indeed public, so it's not as important to keep them in a safe place. However, it is extremely important to keep your private keys in a safe place.

All of these keys (public and private) are derived from your master password. I'll explain why by going through the different types of keys and what they do (in order of how they are listed on the Permissions page):

Posting Keys

The posting keys allow you to perform actions that you would normally associate with other social media sites. You will be able to share blog posts, comment on other users' blogs, and give out votes (we'll explore voting later). Therefore, when you log into Steemit, you will generally want to use your private posting key. When you go to the Permissions page for the first time, you'll see a link beside your public posting key that says "show private key."

When you click it, you'll see the private posting key, which begins with the number 5. Copy this key and save it offline somewhere. Alternatively, you may save this one in a password manager if you so wish. Log out of Steemit and use your private posting key to log back in. You'll see that you have access to the same functions as before when you were logged in with the master password.

Your private posting key may on rare occasions be shared with third parties in order to facilitate other services available to you on the STEEM blockchain. I will address some of these services in a later post, so for now, keep your private keys private!

In summary: When logging into Steemit, use your username and your private posting key as the password. Keep your private key private (stored offline or securely in a password manager).

Active Keys

As I've hinted at, there are certain operations that may be performed with your Steemit account that are different from other social media accounts you may have. These mostly include wallet transactions. Once you begin to earn rewards from your blogs and comments, you will start to see STEEM, STEEM-backed dollars, and STEEM Power accumulate in your wallet. I'll address each of these currencies in the next lesson, but what you need to know now is that you are able to move these currencies around and perform various operations like sending them to other users, transferring them to an exchange, and exchanging between the currencies on internal and external markets (Again, we'll cover all of these subjects later). All of these operations require your private active key. Similar to your posting key, you'll need to click on "Login to show" to see the private active key (see image above for position of button). This one requires that you use your master password to login. You'll need to do this at least once so that you can copy your private active key and save it offline for future use. Again, don't save your master password in your browser's default password manager.

Your active key may also be shared with third party services to facilitate certain account actions. We will cover this in detail in a later lesson.

In summary: Your private active key is used to authorize important account actions and functions. Keep it offline and safe.

Owner Keys




Image created by me using images by 3Dimage_eu and sbigelow on Pixabay. Used under a CC0 1.0 Universal License.

The owner keys serve many of the same purposes that the master password does. The private owner key would allow all of the account access that the master password does, therefore it is not displayed on the Permissions page. As long as you have your master password saved offline, you won't have to worry about using the Owner keys.

Memo Keys

Presently, these keys allow the encryption/decryption of memos sent on the platform. This will allow only the receiver of the memo to read it. It is believed that this key may serve other purposes such as messaging in the future on Steemit, but for now, be sure to save the private memo key offline with your other keys.

Storing Your Passwords Safely




CC0 Creative Commons - JanBaby on Pixabay

I suggest saving all of your account keys in a file on a USB drive, DVD, CD, or SD card. If you choose to leave your keys in a file that stays on your computer, be sure to encrypt it so that malware cannot gain access. If you have Microsoft Word, use it to encrypt the document with a password. You could also use 7zip to encrypt it within an archive. If not, look into other encryption options, and never store your Steemit keys on a machine that isn't your own. If you have your Steemit keys stored on your local PC and you don't have a password set on your Windows, Mac, or Linux login, get one now. Your Steemit keys are precious, so treat them that way.

Keep this in mind when you use your keys to login. If you are using a clipboard manager of any kind, be sure to clear its memory after copying your Steemit keys, or consider not using a clipboard manager at all. Also, it is important to make sure your antivirus software is up to date. You don't want to risk malware being able to read your keys from the clipboard. If you use a password manager such as LastPass, storing your private active and posting keys within it may not be a bad option, as long as you aren't using a shared computer.

So if you haven't figured it out already, keeping your Steemit account login information safe is very important. Not only do you not want anyone to be able to use your account fraudulently, but you also want to protect your account's wallet.

Other Security Considerations




CC0 Creative Commons - typographyimages on Pixabay

As with most other websites, there are people who are out to steal your account information and exploit it. One of the most common methods used to steal information is called "phishing." This is where a user clicks on a link that leads to an external website that will attempt to ask for a password. If a user enters the password, a criminal will now have access to your account.

Steemit has not been immune to phishing attempts. It's important to pay attention each time you enter your keys to log in. Make sure you are on steemit.com or another trusted website in the STEEM ecosystem. Criminals can be clever by changing or adding letters to URLs, which can make it more difficult to realize that fraudulent activity is occurring. Again, any time you log in or authorize an action with your private active or posting key, be sure you are on a trusted website.

One recent feature Steemit has implemented helps users spot links to external websites. Take a look at this excerpt from the Quick-Start Guide:

Notice there are two links included in this excerpt. The first link goes to another post on Steemit. The second links to an external website. There is a small icon beside the external link that will appear beside every link that takes you away from Steemit.com. Use this to increase your awareness of security! External links are not a bad thing, but external links that immediately ask you for your password are almost always attempts at fraud.

Here are some examples of phishing that have already occurred on Steemit:

Steemit, Inc. does take steps to take down these fraudulent websites, but new ones pop up each day.

These links may appear in comments, posts, or even wallet transfer memos (we'll talk about these in the next lesson). Don't be afraid to follow links in posts. I've included many helpful ones in this very post, but always be skeptical if a website immediately asks you for your username and password, especially if you know you have been logged in already that day.

You should now be familiar with the basics of your account keys! In the next lesson, we'll discuss your account's other primary function as a digital currency wallet and discuss the digital currencies themselves!

What You Should Know

After reading this post, you should be familiar with the following:

  • Steemit Registration
  • Logging in for the first time
  • Accessing the Permissions page
  • Understanding the functions of the Posting, Active, Owner, and Memo keys
  • Keeping your keys offline and safe
  • How to spot and avoid fraudulent activity

If you aren't familiar with all of these points, go back and read over the sections again. All of these concepts are extremely important for the entire time you are on Steemit. I believe grasping the basics of keys is one of the most important things to know. Next, we'll take a look at the currencies that make Steemit work. You'll learn all about the differences between STEEM, STEEM Power, and STEEM-backed dollars, as well as how each of them serve unique functions across Steemit!

Feedback

If you have feedback on the presentation of this post or if I should have included a discussion of a certain topic, please let me know! All of these lessons will be placed in a final guide and published in a shareable format, so I would love your feedback. Leave it in the comments here!

All images are screenshots taken by me or are CC0 obtained on Pixabay.com.

Footer

The STEEM Engine

Footer

Sort:  

Excellent yet again. The analogy of the house was great, it really helps to picture how important the various keys are.

The only thing I would maybe consider is where you said to store your keys on the computer. As much as it probably won't matter, it's easy to get malware if you're not clued up. USB and SD card are a good shout for your keys, as long as you keep a backup and you eject and remove them properly.

Well written and I enjoyed reading, good job mate. Any clue what the next part is going to be about?

Hey @calumam! Thanks for stopping by! I believe I'm going to go back and add a section about encryption and offline storage. I believe you're right that USB drives are a more secure way of storing the keys in the event of malware.

The next lesson is about the wallet and token system. It explains wallet functions and STEEM, STEEM power, and STEEM dollars. I expect it to be one of the most useful lessons in the guide. It should be out soon!

Wow! Well written and good explained. You know, even after spending one year at Steemit I didn't know this feature about internal/external links. Thank you, maybe it will save my account in the future.

About this:

Presently, each new account created via this sign-up process must be approved by the Steemit team manually before it becomes active. This may take 24-72 hours or more

I see a long approving as a weak point of Steem because in some cases confirmation time can be really long. For example my husband's account was approved after 3 month of awaiting and only after my ask, published in the Steemit-chat. This is not very encouraging for new users.

And the whole Steemit platform is not easy for newbies. Keep up your educational work, there are still much things that needs explanation.

Thank you for your helpful feedback! I'm glad you enjoyed the post.

Sorry to hear about your husband's account taking so long for approval. I have encountered this as well and ultimately used Steeminvite to create the account with delegation myself.

Sign-ups are one of the biggest issues that Steemit is attempting to solve right now. I think it's going to take another hard fork to accomplish from what I've heard, but we're hopeful they'll get this sorted out because it's going to be necessary for mass adoption.

I'm hoping that guides like this will continue to help people get on board despite the challenges that the platform faces right now. Thank you for your support of this post and your comment!

.

Thanks so much for these clarifications. I'll update the post to include them.

I suppose I didn't realize that the memo keys could be used to encrypt transfer memos. Thanks for the information. I'll keep this in mind for future lessons!

Ive been on steemit for a few months and cant believe i just found you!!! Thanks to @crazybgadventure s recent shout out saturday!!(https://steemit.com/shoutoutsaturdays/@crazybgadventure/shoutout-saturdays-3-fantastic-people-fantastic-platform)
Very well explained! Now i understand the differences between the key passwords:) and i love the analogy of the house!
Ok, going on to your next tutorial... thank you so much for adding this content to steemit :) looking forward to more of your work 🤗

Hey @cooknbake! Sorry it's taken me so long to respond to this. I'm so glad you found this post and that it's been helpful to you.

@crazybgadventure has been a fantastic person to get to know, so I'm glad he was able to point you in this direction. I hope that the further installments of this series have helped you, too.

Please let me know if there's anything at all that I can help you with!

Probably one of the better getting to know Steemit type posts I have seen. I like your thoroughness, and the depth in which you are addressing these issues. I think that especially in the current climate of excessive phishing attempts (and even their success in some cases) this is a very timely post, for both newcomers and those of us who have been here a while.

I added the phishing section right before publishing this, actually, because it's become such a relevant topic. Thanks so much for stopping by and leaving your feedback. I appreciate it, and I hope you'll check out the future lessons as well!

Very nicely done, if the batteries ever go dead on my steemit key fob I might screwed. need to head the advice and pay more attention to keys.

It's been interesting to see what this series has taught some of the veteran Steemians, even myself. Hope you get the fob situation sorted out!

Yet again another very useful post and guide.
I noticed the external link thingy last week and thought... COOL! NO need to have to worry about opening a new tab, it does it automatically for me now.

I appreciate your thoughts and support!

I agree that the external link marking is a great feature. I noticed it only a few minutes before I was planning to release this post, so I'm glad I decided to add it at the last minute. It could be very helpful moving forward for some users!

I like when little things are added to the platform. Every one makes it more user friendly and inviting.

Excellent tips! The decoy Steemit websites are especially scary to me...

I think all of us have been surprised that phishing scams have risen to prominence and affected so many people lately. I'm glad I could share these resources with everyone so that we can help protect ourselves and the community from fraud.

Thanks for your comment!

Thanks information

You're welcome. What specifically did you find most helpful?

Vote me....

Thank you so much :)

You're welcome! What did you most enjoy about this post?

Great piece, I am resteeming this, it something every newbie and minnows must know, security is the most important in all man's dealing.

Yes, I agree! I hope this was a helpful post to you and that you can use it to help others in the future. Thank you for your comment!

Incredibly well written, Ethan! Steemit should send every new user to this post hahaha. I didn't realize before the thing about the outside links, that's really cool.

Thanks so much, @siucatti! The outside links is a newer feature that has been introduced, but it's definitely helpful to know when you'll be taken off the platform!

I appreciate your comment!

Well, now I know how I should be logging in... I gotta go change a few things I think. Ha!

It's great to know that this series is teaching veteran Steemians a thing or two, also. I'm learning plenty as I delve into how to best explain all of these topics.

Protect that master key!

This is priceless! It will benefit a lot new users. Amazing job!

I certainly hope it will benefit many people who join! Thank you for taking the time to read and comment!

thanks for explaining about the keys here that was one of the major part :) not many people know in the beginning

You're very welcome. Thanks for taking the time to stop by all of my posts and leave a comment! Was there anything in particular you enjoyed about this guide or my others so far?

Even i understand about those keys today thanks so much for your guide :)

I'm glad I helped illuminate some things for you. Did you find anything specific to be helpful? I'd love to know more about what you thought!

Master key is the main key here we should avoid using it

Yes. I hope I did a good job of making this clear in the post. Did you have any other feedback?

i am here for so long but even i don't know so much about steemit wow good post bro

It's been great to see long-time users learn a lot from these posts even though they are directed at new users. Thank you for your feedback!

A complete hepful and detailed post. A must for every user. Keep up the good work @ethandsmith. 👍

Thanks so much for your support of this post! I hope it will help many users in the future.

U doing a fabulous job... @ethandsmith for sure it helpful for everyone..

Another great segment! Thanks for sharing it! Resteemed and upvoted!

I appreciate the support! I hope your initiatives continue to go well!

I appreciate this post. It is methodical and well thought out. some other posts of a similar nature I have seen assume a level of competence from newbies that is not there (me). So I like that you kept it simple and easy to understand. Will certainly look for the next post.

I'm glad that you were able to follow the post easily. It's always good to get feedback from new users since these posts are directed at them.

I apologize for my delay in responding to your comment. I really appreciate you taking the time to read and respond to the post. I hope you've checked out further lessons in this guide, as they may also be useful!

Nice post. A post like this would have been greatly appreciated when I first joined. There were some out there I'm sure; I just wasn't lucky enough to find them. I hope many new users find this post and read it.

I've gotten this feedback from many users, so thank you for sharing it with me again. I'm hoping to compile all of these guides in one place that can be accessed easily so that new users can find them.

Thank you for taking the time to read and respond to this post. I apologize for my delay in getting back to you.

Congratulations! This post has been chosen as one of the daily Whistle Stops for The STEEM Engine!

You can see your post's place along the track here: The Daily Whistle Stops, Issue # 76 (3/17/18)

The STEEM Engine is an initiative dedicated to promoting meaningful engagement across Steemit. Find out more about us and join us today!

If I suspect my master password has a security issue, can I regenerate a new master password, with no issues?

Hey Steve,

Sorry for the delayed response. Yes, if you believe your master password has been compromised, you have two options. You may go to https://steemit.com/@stevestrange/password and generate a new one using your current master password. If that does not work, you'll need to use account recovery, which will allow you to get access to your account again.

I hope one of these two options will help you figure out the issue. Please let me know if you have any further questions.

It's funny. I never thought I was a stupid man, but I am absolutely baffled by all this. I suppose that if I read it enough times it may start to sink in but I'm not hopeful.
What would help me I think is having someone actually show me and explain it in the process.
I have screwed up somehow in that I cannot figure out how to find my real password or main key. Somewhere along the line, when I was trying to use steemit on my little tablet, I tried to regenerate a new password. Not sure why now. But at any rate, I never was able to get it to work. And now, when I go to the password page, copy the password that is there, open up Chrome, (I've always used Firefox), and try to log in to steemit on Chrome, it tells me that it is the wrong password. So I figure that the only reason I'm still able to access stemmit on Firefox is because I've never logged out. I am sure that if I do log out, I'll never be able to log in again.
If there were someone in my geological area, Tampa/St. Pete FL, that would be willing to help me with this I would be eternally grateful and would try to make it worth their time. Otherwise, I'm afraid that when this ancient computer, (still using XP), gives up the ghost I will be history on steemit.

Hey Steve. I'm really sorry that I didn't see this comment sooner. Somehow it slipped under my radar.

There are definitely a lot of tricky concepts to master when first joining Steemit. I'm sorry to hear you've had issues with your account login. This is one of the reasons it's so strongly emphasized to write down and store your master password for situations like this.

If you clicked "Save password" on Firefox, it's possible your key can be accessed through Firefox's password manager. Let me know if this is the case, and I'll guide you through that process.

You may also still access your account's permissions page to view your Private Owner key, which will allow you to login to Steemit and post, vote, and comment. However, if you want to use the Market or transfer any funds away from your account or perform other wallet actions, you'll need to find your private active key or your master password.

I'm happy to answer any other questions you have because I know this can be confusing. Just let me know!

Not totally new, but still needed this. Many thanks. :)