You are viewing a single comment's thread from:

RE: SCAM ALERT: No witness will ever ask you for your passwords or keys!

in #security7 years ago (edited)

First of all, the best approach is to treat every case of "enter your secret here:" as NOT-OK situation. Scammers always do their best to present you something that looks ok. Similar domain name, same page layout that you are familiar with, etc.
After you are sure that it's really SteemConnect asking you for a key, you still need to make sure what it will be used for.
For example you can use this link:
https://steemconnect.com/sign/vote?voter=polebird&author=polebird&permlink=re-gtg-re-polebird-re-gtg-scam-alert-no-witness-will-ever-ask-you-for-your-passwords-or-keys-20180227t054353477z&weight=1
to 1% upvote your own comment (that I'm now replying to).
SteemConnect will ask you if you want to confirm this operation (explicitly stating what it will be), or in case of an applications if you want to authorize certain Steem account @some_application.app to use your posting role (it shouldn't be asking for anything more than posting role, but as I wrote before, to authorize some app to use your posting role you have to confirm that with your active authority (app itself will not get that privilege)).
Of course there's a risk that app will become malicious, so it's not wise to authorize random apps without ensuring first that they have solid reputation.