You are viewing a single comment's thread from:

RE: First Update to July 14 Security Announcement from Steemit CEO Ned Scott

in #steemit8 years ago (edited)

But I am old! and so much of the detail is gibberish to me :-( even after reading thru that link and writing it down.
I'll get my computer science daughter to help.

Another question, tho...what happens if I don't do this and just keep my current login to steemit, besides maybe not being protected? Are there any other reasons?

Sort:  

Please do get someone you trust to help you with the process.

You are lucky to have not been directly compromised in this hack this time (although it may still be possible the attacker has compromised you anyway yet hasn't acted on it yet, so it is important to update your passwords). Normally, if your password is compromised with the default setup after registering via Reddit or Facebook, it means your owner authority is also compromised. If your owner authority is compromised, you no longer own your account and no one can help you recover it (with the exception of hard forks but that is a nuclear option that is only justifiable to bring out for truly exceptional and massive attacks like was done yesterday).

So it is really important to have a separate strong and random password (you don't need to remember it) for the owner key and to keep that stored securely off of a computer. A perfectly decent option is writing it on good old analog paper and keeping it in a fire-proof safe (and having backups in other safe locations you can trust is smart, but make sure people you don't trust cannot see the information on the paper). That information can basically act as your passport proving you are the real gardenlady in case your computer gets hacked, so that you can recover your account and funds.

Lastpass is a great choice. It is smart to have password managers such as Lastpass generate the strong passwords for you and save/manage them. So you could use Lastpass to save your posting/memo password as well as store a separate active password.

Normally, you would be logged in with the posting password (see this guide for details). But you can temporarily log in (in a private or Incognito window for example) using your active password any time you want to do any operations other than posting or voting. That includes powering up or down, sending money to other accounts, using the internal exchange, or changing your active, posting, or memo keys. Then once you are done with that privileged operation, you can logout or simply close that Incognito window, and go back to using your normal posting login.

thank arhag. Right now I use lastpass to hold passwords, I was thinking that it's pretty trustworthy, and I have 2 levels of password protection just to open lastpass accounts. regardless, i will try to get help from said daughter :-)

oh, and i read somewhere that when you Power Down (which i'm not doing anytime soon) you'll need the separate passwords because we shouldn't Power Down via steemit? we should do it thru ?....oh, I didn't understand.