You are viewing a single comment's thread from:

RE: 💰 [20SBD CONTEST] Protect People From The Ongoing Phishing Scam

in #contest7 years ago

Thanks a lot for the post @simplymike!

Albeit using Steemit for a couple of months now, I am also still really confused between the different keys, as so far I remember only to have been asked for the Private one. At the same time my email adress is getting more spams, and crap stuff wich seems to be sent by my own email including dodgy links!

What with steemconnect for instance, it's the private key required if I recall correctly or? What about stuff like steemauto and steemdunk? They seem legit but how can you spot sites that could be scam? One discovers every day platforms where keys are asked and for people who are not into the technical side, it is complicated to make the part!

Do you know if there's any post that explains this (so about the various keys) in 5 years old language?

A big shame indeed that STINC isn't showing more care, friends of me who wanted to register really got cold feet because of the opacity of the company.

Thank you again!

7 years ago in #contest by
$0.00
    Reply 6
    Sort:  
  • Trending
    • [-]
     7 years ago  

    For daily posting on SteemIt, you use the private posting key. For transactions through Steemconnect, you need the private active key. If someone gets his hands on your private posting key, he can post and comment with your account, but your funds will be safe.

    It’s important to NEVER use your master password (which was the first one you received to get into your account)

    I think there’s a pretty good explanation about the keys in the FAQ:
    https://steemit.com/faq.html#What_are_my_different_keys_for

    And a part about account security:
    https://steemit.com/faq.html#How_can_I_keep_my_Steem_account_secure

    As for which sites and apps to trust, that’s a difficult one. I always look up what’s written on SteemIt about it, and how trustful the author is (10 articles about an app by people with a reputation score of 25 are not really trustworthy, but if people like @yabapmatt write an official release post about a site or an app, there’s more chance it is to trust - unless one of them got his account hacked, of course. This is why you can never rely on just one source.)
    It’s important to pay good attention. For example, one of the phising sites that is used is autosteem (dot) info (do NOT go there). There is/was also an ‘official’ site that was called autosteem, but it was autosteem (dot) .ca. So the domain extension is different.

    In my experience, there’s no ‘real’ way to tell if the site doesn’t use Steemconnect (if the site uses Steemconnect, always check the URL!!)
    Somebody please correct me if I’m saying something wrong here. I’m not an expert, everything I know I have learned from experience.

    $0.02
    • Past Payouts $0.02
    • - Author $0.02
    • - Curators $0.01
    1 vote
    Reply
    [-]
     7 years ago  

    Ok, seems I wasn't really getting that each key had really such different roles, hence they are called "permissions".

    Since the beginning I was logging in Steemit.com and a few others like steemauto.com with my password.

    So now, I made a new password and copied all the keys. I logged out from Steemit.com and the other apps. I quickly looked if Chrome saved a password but it said none.

    Then logged in again but this time with the Private Posting Key. Until now I think I do correct? :D And if I need to transfer or other operations then I use the Private Active key! I think I am getting there.

    My last question is, is there any difference (besides that they are different) between the password and the owner key? As they seem to both give the same permissions (everything).
    They are like, if any problem, to retrieve everything or some sort?

    About the other apps, yeah better paying real attention indeed. Gonna triple check now!

    Thank you again!

    $0.00
      Reply
      [-]
       7 years ago  

      I think you’ve done great! If only everyone was such a quick learner :0)

      I honestly don’t know if there is a difference between the master password and the owner key. I asked steemcleaners. As soon as I know, I’ll let you know

      $0.00
        Reply
        [-]
         7 years ago  

        Haha luckily I came accross your post!

        Still, as far as I understood, using the Posting Key instead of the Owner Key or Password is to lower the chances of these last two being used, thus exposed to theft.

        But when you log in with your Posting Key, you can see the Owner Key, in the permission tab.... so a hacker who'd get in just with the Posting Key could just take it? Again I think I miss something...

        $0.00
          Reply
          [-]
           7 years ago (edited) 

          I just got a reply from Steemcleaners:
          The owner key is public, it’s the digital version of your username, if I understood correctly.

          When someone has your master password, but doesn’t know your username or owner key, the password is useless.

          So to get to the keys, you need both the owner key and the master password.

          When you use your private posting key to log in, and you accidently log into a malicious site, the hackers would only be able to post and comment with your account, but they couldn’t touch your funds or change your keys. Using the private posting key limits the damage that can be done if you make a mistake...

          [-]
           7 years ago  

          That is lot clarified .)

          Thank you again!

          $0.00
            Reply