I frequently hear about users who have had their account hacked. Just the other day another well known Steemian lost 100 Steem due to their account being compromised. These attacks are usually the result of one of two things:
- Sending private key/password in wallet memo
- Clicking a link and entering your username and password
While a password manager will not prevent the first situation it will eliminate the second.
How does a password manager prevent phishing attacks?
Before I get into that, I want to go over some basic checks you should do whenever conducting business on the Internet or entering your password.
Always check for the secure SSL certificate
While this varies browser to browser, they all display a lock symbol when you are on a secure site using SSL with a valid certificate.
Below you will find all the popular browsers and what a secure site with a valid certificate looks like.
Chrome
Firefox
Microsoft Edge
Internet Explorer
If you do not see a secure lock symbol, you are likely not where you want to be. Tread very carefully and only enter passwords or private information if you are absolutely sure you know what you are doing.
Always look at the URL
Whenever asked to enter your password you should always check the URL and make sure you are where you should be. Look carefully as many phishing attempts use URLs that are very similar to the original name. For Steemit, you should see this:
If you are entering your password manually, you should do these steps every time. They only take a moment but will dramatically reduce the chance of your account being stolen.
You said something about a Password Manager?
Yes, and this is what I highly recommend for every user. While the password manager I use costs money, but I highly recommend it. Any popular password manager should work well though, far better than no password manager.
The way a password manager will protect you is a side effect of how they work. Most password managers have a button that gets added to your browser's toolbar like this: 
.
When you want to fill in a form to login, you click that button and it loads all the passwords it knows for that particular URL.
If you click on a link taking you to a site that looks like Steemit, but isn't Steemit.com, you will see no passwords listed. This will tell you right away you are not where you think you are. Phishing attempts have gotten very clever and frequently changing to use different ways of fooling users. In the end, though, they all have one goal. Fool a user thinking they are on Steemit.com, and make them enter their username and private key.
Once someone does this, scripts are activated to automatically drain the account and usually post comments on your behalf attempting to lure other users into doing the same thing.
This one simple feature of a password manager should protect you from nearly 100% of phishing attempts. If you do not use a password manager, you should be very diligent in checking the URL and SSL lock icon to verify you are where you want to be. In the past, there have been attacks that have been able to forge this by using special characters that make it look like you are at the site you think you are. This is where a password manager is foolproof and will save your ass every time.
KeePass is a very popular option for people that want a free password manager but it does not have a browser extension that offers the functionality described above. There is a third party extension but I can't vouch for how well it works.
Password Managers have many other benefits
Preventing phishing is something that good password managers do really well. There are many other features that dramatically increase your security online.
One of the biggest features is the ability to use unique 64 character passwords like this !T*qF}L@E6Jxhdbh=]-7pZ=mozipfwK8#fQD#7TchBx}WfX,:-ntvgwZy}odN*7d on every site you use. All you need to remember is your one master password. This makes your password impossible to brute force but also protects you if one of your other logins gets compromised, they cannot find all your other logins on other sites as they are all unique.
Password managers also will synchronize across mobile devices and desktops securely. The good ones are encrypted locally and no unencrypted data is ever sent over the Internet.
Crypto is YOLO
I have a saying that crypto is yolo. When sending transactions in crypto, you are responsible for protecting your wallet and ensuring you sent to the correct address and the correct amount. There is no one to call if you mess up, and you are responsible for any losses. Property security is critical and is your responsibility.
I've used Lastpass for years. I find it essential now as it also ensures I have a different password for each site. Too many people re-use passwords. You should use two-factor too, but I don't think that's viable for Steem. Any other site that wants you to sign into your Steem account should really be using Steemconnect
Why would anyone with right mind send password in wallet memo in the first place. They ask for the stealing obviously lol.
Speaking of password manager, you certainly missed out the best one -- Bitwarden. It is open source as the Keepass but offering cloud syncing. I store my every credentials in Bitwarden and use Keepass for cold storage. Never felt better saying to Lastpass few months ago.
Posted using Partiko Android
They do this by mistake, and there is actually articles on the web that tell you to do this with your private memo key for transfers from exchanges. This is bad advice (even though a private memo key won't allow someone to transfer), you only need a memo going to Exchanges, but it still happens.
Always lookin out marky! Also, if a person is at a college or somewhere their computer might be exposed they can protect their passwords by applying a master pass to Chrome and/or Firefox. Surprise surprise, edge does not support this feature, although your passwords are automatically locked by your computers password when using edge, they can still be lifted by third party applications. Be sure to stick with Chrome of Firefox!
My only problem with password managers is that they cause me to forget my passwords!
I have over 1,500 passwords over the years, there is no way I could remember these without a password manager, especially since they are all crazy long like the example above.
O.O Impressive, you would have to be a savant to remember all of that! Password managers are definitely the way to go. I bet they even help mitigate potential key logging attacks too. I am going to check out those password managers you linked
As the post has been added to the feed of Utopian contributions, thus I will give a few notes to you. We can see your efforts in helping people not to be scammed or lose any sensitive data. However, the topics you write about are often of too broad nature and thus making it difficult to see your posts to perfectly fit the Utopian aim.
On the other hand, you increase the awareness of risky behaviour on the blockchain and on the web in general, which may help other people to avoid making these mistakes.
It is great to see that people are doing their best to help others stay safe and not lose what they earned by working hard.
Hey, @themarkymark!
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Get higher incentives and support Utopian.io!
SteemPlus or Steeditor). Simply set @utopian.pay as a 5% (or higher) payout beneficiary on your contribution post (via
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!
Thanks for this helpful information. Looks like a smart move, given the escalation of attacks online.
Yup!
Thanks for the insight.
Be careful out there folks. They're trying to get that wallet!!
Exectly password manager is the one of the best solution to prevent from phishing attack..
@themarkkymark well written thanks for shearing a nice and very helpful post with us
Posted using Partiko Android
I have been using a password manager for years now and it is a great tool and provides efficiency as well as security while browsing. There are also a couple of plugins to browsers that provide an additional oversight of the sites you visit. I have tried both Norton and Identity Guard and they work pretty good. The great part is that they come free from other subscription services like antivirus and ID monitoring.
Thanks for your information and help.
Thanks pancake man I will look into getting one of these.
This post was shared in the Curation Collective Discord community for curators, and upvoted and resteemed by the @c-squared community account after manual review.
Thank u - this serves as a reminder for me as I have considered it but did nothing.
Life before password managers was no fun and I am betting a lot of people used exactly the same password on everything and probably had that on a post it on the side of their desktop :-)
If I could Resteem this, I totally would,
but Resteems can only be done on Posts, that are less than 7 days old.
Any time after, the Resteem Button disappers.
!popcorn
!pancakes