A PRACTICAL GUIDE TO MANAGING: YOUR PRIVATE KEYS

My good friend @angelro lost all his SBD a few days ago and his account may have been hijacked – ALL STEEMIANS be aware for any attacks coming from the above account.

For this reason I have put together this post for the benefit of my other friends. I know that there plenty of post on the subject matter. It is not my intention to piggy back on any of those works but instead create something that my specific audience would relate to i.e. The Hello Hello Group.

There are also many posts that explain the various keys and what they do; these post also warn you to protect your keys and keep them offline – but few show you exactly how to do that practically. I will attempt to do that here.

I am not an IT person or crypto specialist by any stretch of the imagination – my system attempts to create some level of protection, but if YOU wish to share more secure methods, please assist us in comments below.

DISCLAIMER:
I will show you how I manage my keys – it is by no means fool proof. This is intended to serve as a guide only – it is best if you develop your own system. I will accept no responsibility whatsoever should you adopt this system and it causes you a loss. If there are any weaknesses in my system it is your responsibility to take precautions against such weakness / es.

---

https://goo.gl/images/K1kJpE

WHAT ARE THE KEYS AND HOW DO THEY WORK?

---

1 - You are issued with four pairs of keys:

• POSTING KEY (public and private)
• ACTIVE KEY (public and private)
• OWNER KEY (public) – Your original PASSWORD is the private component of this key.
• MEMO KEY (public and private)
  
  
  These PUBLIC and PRIVATE keys work together as a unit. At the end of each transaction the blockchain compares the PUBLIC and PRIVATE keys to verify a transaction related to your account.

For more information view the following article - Steem Private and Public Keys Demystified

---

2 - Identifying the keys:

• PUBLIC KEYS start with - STM
• PRIVATE KEYS start with – 5
• PASSWORD / PRIVATE OWNERS KEY starts with – P5

---

3 - Lets review the functions of the key types

1 - THE PASSWORD (is the PRIVATE component of the OWNER KEY)

The owner key is the master key for the account and is required to change the other keys.
The private key or password for the owner key should be kept offline as much as possible.

Comments

• Use only when you log into your account for the first time; and
• At the same time use it to retrieve your PRIVATE ACTIVE KEY
• You should not need it again – unless your account is compromised and you need to recover it i.e. change your - PASSWORD (PRIVATE OWNER KEY)

2 - THE POSTING KEYS:

The posting key is used for posting and voting. It should be different from the active and owner keys.

Comments

• Retrieve you PRIVATE POSTING KEY the first time you log into your account. You will need it to log into your account the next time you sign in and every time from then on.
• You will need the PRIVATE POSTING KEY to give third party applications like Steemvoter, Minnow Booster, and busy.org etc. - permission to execute votes and / or posts on your behalf

3 - THE ACTIVE KEYS:

The active key is used to make transfers and place orders in the internal market.

Comments

• The is the second most powerful key - It’s function is to authorise the movement of funds; even though it can perform posting function. Do not use it for that purpose.
• Also ensure that the transaction you are authorising is at SteemConnect and not some Phishing scam.

4 - THE MEMO KEYS

The memo key is used to create and read memos.

Comment

• There is no need to go into the details of this key as it is seldom used by ordinary Steemit users.

---

4 - Now that we have the basics out of the way, let’s see a possible way to manage private keys:

STEP 1:

• On the first occasion you enter your account use the PASSWORD (the PRIVATE OWNER KEY) provided; and
• At this stage copy your PASSWORD to a word document.
• Make absolutely certain that it is copied 100% correctly – with no spaces or additional OR less characters.

---

STEP 2:

Immediately retrieve all your PRIVATE KEYS and copy to the open MSWord document

• Private Posting Key
• Private Active Key – you will need your** PASSWORD** to retrieve this one
• Private Memo Key
• Make absolutely certain that it is copied 100% correctly – with no spaces or additional OR less characters.

Image - My Own

---

STEP 3:

• Now log out of your Steemit account and disconnect your internet.
• Make several prints of these PRIVATE KEYS for storage in a few secure locations – so if all else
  fails you have a paper back up.

---

STEP 4:

• Now prepare electronic backups of your PRIVATE KEYS.
• Start by scrambling all the PRIVATE KEYS. Do this by removing a part of the key and creating tough clues for the missing parts.

Image - My Own

---

STEP 5:

• Save the MSWord doc with all the scrambled PRIVATE KEYS to a USB stick – this USB will be stored securely and hopefully it will never be needed.

---

STEP 6:

• I now create a second USB for everyday use – save only those scrambled PRIVATE KEYS that you will use daily.

Image - My Own

For most people that will be:

• PRIVATE POSTING KEY; and
• PRIVATE ACTIVE KEY

When you need a key - I use the “everyday” USB as follows:

• Plug in the USB and open the document.
• Unscramble the key
• Cut and paste where it is required.
• Re-scramble using the undo key in MSWord.
• Close and save document and unplug USB.

---

ADDITIONAL TIPS

• If for any reason you feel you have that you have over-exposed your PASSWORD / OWNER PRIVATE KEY or PRIVATE ACTIVE KEY - Take steps immediately to change your PASSWORD. Within in a few short minutes you could have new keys and peace of mind.

• Never leave excessive SBD or STEEM in your wallet; either move it to your savings OR vest it – Other move it to your secure private wallet. SBD and STEEM are most vulnerable if your PRIVAT ACTIVE KEY is exposed. Vested STEEM and SBD in savings cannot be accessed by hackers immediately – which give you time to change your keys.

---

SOURCES CITED

1. https://steemian.info/keys
2. https://www.steem.center/index.php?title=Steem_Key_Management