Bluffer's Guide to Steem - Knowing Your Keys & Account Security
It's a steep learning curve joining this platform where everything has different names compared to conventional social media and there's seemingly a stronger emphasis on account security compared to anywhere else!
Passwords aren't called "passwords" in these parts but rather, they are called "keys" and you have multiple keys for doing different things and you shouldn't use this password compared to another password... a bit of a headache already isn't it?!
Well, this is where the Bluffer's Guide to STEEM comes in to help simplify all these concepts that you will come across when you start out here and guess what? It's all done using PLAIN ENGLISH. Wait, what? Yes! Words that can be understood by a a normal person, like me (although technically, I'm more of an eccentric mad scientist) and of course... MEMES 😁!
Nonetheless, by the end of this blog (and the series so far), you'll hopefully be in good stead to make the most out of this platform, have a better idea to make sure you're in control of your account and most importantly, have fun! Speaking of fun, it's time for the disclaimer...
Before I begin, I want to emphasise that this is a highly simplified version of what I have learnt from my own research and I'm sharing my learning with you. If you do know this topic inside out, be nice to those who are still learning about this (myself included) and we can grow together.
Furthermore, this is not financial advice and I am not a financial advisor. I am a crypto/STEEM enthusiast and wanted to create a guide to help total beginners understand what this is all about. Please seek financial advice from a qualified professional if you have any doubt about how to spend your money.
So with that said, brace yourselves, you might learn something! Shall we begin?
Keys, Glorious Keys
You'll see this word a lot in the crypto world, including the phrase "not your keys, not your crypto" (if you haven't already). What this boils down to is basic account management and online security, which I do cover in Chapter 3.1 of the Bluffer's Guide (see contents at the bottom of the blog), but if there's one message to take from all of this is that DON'T LOSE YOUR KEYS!
What Are "Keys"?
Similar to how you'd get in to your bank account or your social media profile etc, you have PIN numbers, passwords, memorable names, places, dates etc. You need these to log in, otherwise, you're locked out. In crypto world and Steem, these things are called "keys" and you won't be able to access your account if you don't have them.
What's more, cryptocurrencies are all about giving ownership back to the people (and cutting out a 3rd party) so you really are in full charge of your account. However, this also generally means that if you lose your keys, it's impossible to get your account back so it's worth repeating - DON'T LOSE YOUR KEYS!
Thankfully though, Steem has something called "Account Recovery" which we'll cover later on but you may have noticed when you signed up that there's "public and private keys".
Public vs Private Steem Keys?
"Public keys" you don't really need to concern yourself with as these are more for the database (aka blockchain) to know which account did what transaction and when.
The important passwords you need to get access to your account are called "private keys" and these are the ones you want to keep in a safe place. They are easy to differentiate between the public keys as they start with the number 5 and there are 5 different keys that you will need to know about, each of them with different levels of access to your account.
Private STEEM Keys
The "Private Posting Key" is what you will be using the majority of the time on Steem. It's the lowest level access to your account and allows you to write a post, comment, resteem, vote on content... basically, anything social.
The "Private Active Key" is the next highest level access to your account and is what you use when you want to do anything related to your wallet such as sending STEEM/SBD, buy or sell STEEM/SBD on Steem's internal market, power up/down or for other activities on the network such as vote for witnesses, make profile changes or create a new user token.
The "Private Owner Key" is what you need if you wanted to change your posting, active and owner key itself. In other words, it's one of the highest level access keys to your account and is really important if your account fell in to the wrong hands through some phishing scam or other unfriendly method as you'd need this for account recovery purposes. You should store this key offline as much as possible.
The "Master Key" is your last resort for your account. Once you have been given it on account creation, NEVER USE IT AGAIN! Keep this in the absolute safest place imaginable as if you lose this, you really can't be saved. You will need to log in first and foremost to see what your other private keys are but once you have all of the ones above, keep this offline - handwrite it as paper can't be hacked online!
I have never used this but if you wanted to send someone an encrypted memo through wallet transfer then I believe you type "#" followed by the message in the memo. Then you'd use the private memo key to encrypt and the receiver would use their private memo key to read your message (but may need correcting on this).
In traditional, centralised social media, if you forgot your password, you would usually click on a "forgotten password" button, then you'd get an email with a link to click to reset your password and you can rest your weary heart. Phew! 😅
However, with Steem, we don't have that so much. If you set your account up with steemit then they would be the ones to speak to to recover your own account but what if you wanted to have a different account that you trust to help you out in time of need? This is where you would nominate a recovery account to call upon should your account get hijacked.
Setting A "Recovery Account"
You can do this on @steempeak by clicking "Actions" --> "Keys & Recovery" --> "Change Recovery Account" (as shown in the screenshot below). I've changed my recovery account to one I trust and as you can see, the process takes 30 days to complete for security reasons - I guess in case you didn't make the changes yourself and it gives you enough time to see what's going on.
When you click on "Change Recovery Account", this will then create another pop up box asking you to enter the account you want to help with your account recovery and your "Private Owner Key".
So, I guess the question is, who do you trust that will be there to help you recover your account? You may want to speak to them and ask them if they'd be OK with it before activating the change.
What If My Account Has Been Compromised?
Firstly, keep as calm as possible and get in contact right away with the person in private to see if they are available to help you.
Staying Safe - Keychain
Your account safety is THE most important thing but thankfully, some clever wizards have developed a browser extension called "Keychain" which is available on the Chrome store here - thanks to @yabapmatt for this one!
What Keychain does is keep your posting, active and memo key safely stored in your browser behind a password protected plug-in which appears in the top right of your browser:
All you need to do is create a password yourself so you can log in to the extension, then go to settings (the four squares circled below) and it's as easy as 1, 2, 3!
1 - Add Account - this will be your "@username"
2 - Manage Accounts - to drop those private keys in (except your owner and master keys)
3 - If you needed to change your Keychain password, you can do that here.
The reason Keychain is more preferable is that you don't need to keep putting in your private keys every time you want to log in to say @steempeak to view content on the Steem network. It's effectively an encrypted password storage plugin and allows you to just carry on doing what you wanted to do in the first place - enjoy being on Steem... but safely of course!
So there you have it, a few key pieces of information here to make sure that you keep safe when using Steem. It may sound daunting at first but you will get acclimatised the more you use it and remember - keep your owner and master as safe as can be - i.e. NOT online!
Hopefully you have found today's blog useful and understand the importance of how the different keys and levels involved with managing your steem account work.
If there's anything you'd like me to cover next time, let me know!
As an aside, I don't work for Steem, I'm just a guy who makes Drum & Bass music, writes travel blogs and these Bluffer's Guides from time to time, trying to make STEEM as prosperous as it can be for every one so we can all win.
Now, back to the music studio 😉
For those what wanted to see the body of work behind the Bluffer's Guide, these are most of the posts I did (some of the platforms I reviewed in Chapter 7 have since collapsed, under delivered or lost their way). Enjoy 😃
The history and technology of Bitcoin
2.1 How and why did Bitcoin come in to existence?
2.2 How does Bitcoin & blockchain actually work (Part 1)?
2.3 How does Bitcoin & Blockchain actually work (Part 2)?
8.1 The Rewards Pool, Upvotes & Downvotes
8.2 STEEM, SBD, STU, VP, SBD...WTF?
8.3 Getting Started, Networking and Growing Your Account
8.4 Keys & Account Security (you are here)
Concluding Thoughts (never getting here)