New phishing attempts on the blockchain, always pay attention. But rule #1: Never use your Steem account master password anywhere.
There are new phishing attempts on the blockchain.
Read this post by Steem Cleaners and educate yourself about the latest scam here.
Don't fall for it.
Phishing attempts will try to steal your account keys. Like this:
A comment like the one above will take you away from Steemit or any other Steem front end. It will take you to a website that's made to look like a legitimate service. It is actually a fake website.
The fake website is designed to trick you to put in your account name and password (or active key). When you do that, the hackers log into your account, steal all your money and change your password. Then they use your account to spam other phishing comments with.
The best protection: NEVER USE YOUR MASTERKEY.
As luck would have it the Steem Blockchain comes with the best protection for your account out of all the blockchains out there.
It does this by giving you 3 permission keys. The Posting, The Active and the Master key.
You can find these keys under your wallet --> permissions. (Press the green button on the right).
Even if you fall for a phishing attempt everything is not lost but you need to have followed this 1 simple rule:
NEVER USE YOUR MASTERKEY ANYWHERE EVER!
The Masterkey is the ultimate key. It's the password you got when you made your account.
You don't need this key ever on a daily basis. You only need it when you want to change ownership settings of your account.
As long as you never use this key and keep it safe somewhere you will always be the owner of your account.
Use your posting key for posting content and your active key for transferring STEEM/SBD.
In case your posting key or active key is compromised you can always change them with your MASTERKEY.
Confusing?
If you find this confusing don't worry. It's been confusing for a lot of people.
If you have questions let me know in the comments.
I am part of witness @blockbrothers.
Please consider us for your witness vote if you think we deserve it here:
Vote for @blockbrothers via SteemConnect
Set blockbrothers as your proxy via SteemConnect
We are the creators of Steemify a notification app for your Steemit account for iOS.
Get it Here:
Very important steemians you need to do your best and understand this pronto.
Keep on postin
Posted using Partiko iOS
not your keys, not your crypto
this saying is as true as it will ever be...
%100!
If someone asks for your master key, send them a picture of a large fish. Because they're phishing... Mwahaha! I know, I know, I'm a real cool dude.
lol!
These people will never stop. If they just spent the same amount of energy actually building something useful, maybe they'd see more success. Unfortunately, there's probably too much money in bad behaviour in this world.
Thanks for bringing this to our attention. I can see how people could fall for this one. For me, the dodgy English is always a red flag :)
It's also usually the "amazing" freemium deals like the one above, that turns out to be scams.
It is definitely interesting how they come with ways to fool users into providing passwords. I often feel we are too automatic when logging in and provides for these oversights. I have recently started being more careful when it is early or late and may be tired and browsing as we could be more prone to missing these scams.
Posted using Partiko iOS
Can I use active key for voting witnesses and to sign into dapps.
Just checking
Posted using Partiko iOS
Yes, you can. Just double check you are on the right page. There is always a risk though every-time you fill in your active key.
That's why I'm using keychain more and more to do these action if the dapps support it. You don't have to fill in your key all the time.
https://chrome.google.com/webstore/detail/steem-keychain/lkcjlnjfpbikmcmbachjpdbijejflpcm
Thanks @exyle
Very useful
Posted using Partiko iOS
As you show use posting key and active key that i understood but as you show in screen shot that square is sbowing show private key and logon to show whats that please chear this thing. Thank you in advance
Posted using Partiko Android
When you press those buttons you will see the private posting/active key (the one you need to use to post/transfer).
Ok and without clicking on it we see key in permission TAB what is that key OR it is useless ?
And at front of active key key we can see LOG IN TO SHOW means again we have to login to see the active key??
Please help it is bit complicated. But security is must.
To identify on a blockchain that YOU is YOU we use two keys. One is the public key that is visible to everyone and the other one is only known only by you. We call this last one the private key.
The private key is what you will see when you press the button. That is your personal key for your account.
Steem uses 3 keys with different permissions.
When you press the green button next to the keys on the screen shot it will show you your private keys.
These are the keys you should use to login to websites or to make transfers.
THANK YOU for your clearification from now i will not use my master key because i used it in all the way in STEEMIT . But from now i will use private key of posting and active key to post and to transfer STEEM.
Great help to me and i can more secure my account.
If some one have my private key of ACTIVE AND POSTING then i can change that through my Master key which i got at time of creating account??
Posted using Partiko Android
I guess I am lucky that I have never gotten anything like this. Though 30 Steem is only worth about $10 USD so I probably would have skipped over it pretty quickly anyway! Thanks for looking out for us though and keeping us informed!
I guess on the screenshot you're only showing the public keys and not the private ones, but be very careful with how you're attempting to "hide" them :
https://steemitimages.com/p/26uUsAjKTsXCBRzTxRJWxpz7qLMdK4Nq6Ha3QAmrmWNLCRe6VsSKpQB3shx6HMPWnsCzWRXowa79Q8PNkQQSgAo6E4cap2TEd5ZZwo7MfvA5cSyLGvmQb8H53VsaFe7hgS9XQZAiB9ewRH8bALcWpwDuh2LKnpTjVg644N?format=match&mode=fit
a LOT can be guessed here, like the 4 last characters of the active key (XUCZ), just seeing parts of a character can let a hacker know which character it is.
Doing so decreases exponentially the security of your key, you should never hide them this poorly! If those are actually your private keys (thank god it doenst seem like it), I recommend you change passwords immediately.
It are indeed the public keys. So no worries.
If someone's Master Key is compromised, and their account is hacked.. is that when they'd need to use Steem's account recovery feature @exyle?
As a witness, I think it's important that you ensure there is a strong account recovery system in place.
Yes, if that happens you need to go to account recovery. But if you never use your master key (and therefor it can never be comprised) you can just change your keys yourself incase your posting or active key is compromised with the master password. That you will be in control and not have to rely on account recovery.