I feel it depends. If you're an educated and vigilant person, you can probably stay logged in with your active key per session. But always log out of your active session when you're finished is the point really. It's even safer if you do things like keep most of your Steem as Steem Power, keep your cache clear, delete your cookies regularly, etc. But if you're just going to leave your computer logged in or surf around as a information consumer- Posting Key ONLY is like wearing a condom hahahaha. Because the worst thing that can happen is you get hijacked and post comments or blogs. Those can usually be cleaned up with a script. But if you get hijacked with your Active key logged in, someone could steal your liquid Steem— and even power down if you're not paying attention.
Now that I think about it, there probably should be a Wiki about how to safely log out of Steemit and how to clear caches, and do all that fiddle-diddle. It's habitual for some of us nerdy types, but most average people probably don't have a shut down routine. I imagine the reason these phishing scripts are multiplying so rapidly is because the average user is using an app with their master pass and just surfing like this is Facebook.
Thanks for commenting. It gave me other things to think about as well.
A shutdown routine. I like the sound of that. I wonder what that should look like for me. A lot of people, myself included, have a startup routine, but I never really thought about what to do once I'm done for the day. Thanks again. You gave me a few things to think about.
Hi There! You have just been upvoted by @justinadams Witness. You will always recieve a free upvote on every post you make on steemit as long as you keep your witness vote. Thanks For Your Support.