Steemauto stores your passwords in raw format! by emrebeyler

steemauto · @emrebeyler · Mar 12 '18 (edited)

$60.46

Steemauto stores your passwords in raw format!

When you click *"lost password"* at [Steemauto](https://steemauto.com), It will send your password directly to your email. That means, passwords are stored raw in their database.

<center>![Screen Shot 2018-03-12 at 13.52.54.png](https://res.cloudinary.com/hpiynhbhq/image/upload/v1520852771/ctjl1thh4bvn85wejyhw.png)</center>

This is one of the sins of web application development practices. If the system can send you back your password, that means the application **stores your pasword as plain text.**.  

That's extremely dangerous.  If a thief or attacker get the database somehow, they would have every users credentials as well. 

#### Best practice
***

- Salt and hash each password
- Use good hashing functions like Bcrypt instead of md5 or sha1
- Store SALT + HASH in the database instead of raw password

That way you can't send the password back to users but  you may create unique tokens for password regeneration and deal with the recovery as an application developer.

#### What to do as a user?
***

**Use a throw-away and unique password at Steemauto.**

That's the general rule but I am pretty sure %90 of the users, using a generic password that they use on their daily life. If  Steemauto database leaks to some bad-minded parties, your accounts will be in great danger.

#### *Edit: @mahdiyari addressed the issue*
***

*He removed the username-password authentication and started using SteemConnect for it. Thanks for the fast response!*

👍 postpromoter, sndbox, emrebeyler, mangos, felixxx, eroche, voronoi, teamsteem, hansikhouse, themarkymark, zoltarian, mahdiyari, oendertuerk, fr3eze, boontjie, espoem, hendrix22, jefpatat, gikitiki, jumbot, jrswab, erb, crokkon, pnc, nettybot, leotrap, playitforward, hakancelik, cryptastic, blhz, pbock, mrs.agsexplorer, msp3k, wewt, elchin, barton26, mrblinddraw, ekonugraha, damla, intelligencer, teamhumble, yulem, dbzfan4awhile, ahmetay, luoq, jeffbernst, luvabi, dexterdev, kararakule77, olegn, vanessahampton, djlethalskillz, world-travel-pro, revan746, tuanis, berkah, pepegusi, ewq, walnut1, evilest-fiend, synergysteem, primersion, wisewoof, ethemkibar, and 114 others

`post_id`	38,135,086
`author`	emrebeyler
`permlink`	steemauto-store-your-passwords-in-raw-format
`category`	steemauto
`json_metadata`	"{"format": "markdown", "image": ["https://res.cloudinary.com/hpiynhbhq/image/upload/v1520852771/ctjl1thh4bvn85wejyhw.png"], "links": ["https://steemauto.com"], "tags": ["steemauto", "steem", "security", "sndbox", "busy"], "app": "steemit/0.1", "users": ["mahdiyari"], "community": "busy"}"
`created`	2018-03-12 11:08:51
`last_update`	2018-03-12 22:37:42
`depth`	0
`children`	38
`net_rshares`	19,448,740,407,706
`last_payout`	2018-03-19 11:08:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	49.021 SBD
`curator_payout_value`	11.438 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	1,462
`author_reputation`	319,480,565,467,431
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (178)

voter	rshares	pct
berkah	1,512,400,598	3%
mrs.agsexplorer	5,731,726,551	1.2%
pnc	10,807,406,679	3%
teamsteem	224,259,544,812	3%
olegn	2,121,028,841	100%
gikitiki	18,857,544,822	50%
bitcoiner	396,750,993	3%
felixxx	397,577,656,629	100%
barton26	5,107,491,471	100%
blhz	6,075,230,112	30%
mangos	599,213,619,997	18%
hansikhouse	112,598,918,627	12.5%
voronoi	261,236,375,877	25%
eroche	354,394,455,239	100%
teamhumble	3,258,870,139	6%
alfarisi	170,999,158	25%
heriafriadiaka	299,105,316	25%
pbock	5,765,950,769	100%
damla	4,484,635,209	20%
erb	12,470,953,889	25%
oendertuerk	37,153,992,932	20%
greenstar	498,598,404	3%
dbzfan4awhile	3,082,111,374	3.75%
cryptastic	6,351,651,788	30%
luvabi	2,332,288,425	12.5%
nristen	567,161,206	100%
world-travel-pro	1,804,049,269	1.25%
walnut1	1,355,321,153	1.25%
mahdiyari	59,636,898,002	100%
frederichs	596,863,807	100%
lastozgur	391,707,971	100%
hendrix22	23,446,998,755	10%
sndbox	5,127,646,558,683	25%
jrswab	17,413,925,419	25%
themarkymark	86,939,557,738	100%
buy-bitcoin	578,871,899	100%
kofspades	135,272,482	12.5%
leotrap	6,804,315,658	12.5%
nettybot	10,361,058,907	20%
matrixonsteem	577,789,734	100%
steemliberator	729,984,408	100%
fr3eze	33,879,564,442	25%
djlethalskillz	1,830,175,971	5%
msp3k	5,658,879,752	100%
witnessstats	577,342,773	100%
ponpase	261,651,125	12.5%
boontjie	30,768,578,843	100%
crokkon	11,340,443,705	50%
jefpatat	19,718,536,425	50%
osm0sis	709,326,247	1%
rinpoche	559,713,816	100%
espoem	27,234,782,097	50%
playitforward	6,732,891,412	7.5%
mrblinddraw	4,723,028,560	10%
animagic	318,739,425	25%
r2steem2	581,461,340	100%
lablockchain	802,884,674	5%
steemcreate	604,151,740	100%
omersurer	881,558,302	5%
revan746	1,799,569,142	5%
curationstreet	439,268,231	5%
postpromoter	10,966,523,135,711	10.2%
elchin	5,111,315,520	100%
emrebeyler	752,089,177,943	100%
bobinson	932,976,343	100%
tuanis	1,658,650,524	5%
punky	490,603,229	100%
kamuhuzuru	135,891,161	10%
yulem	3,121,279,158	100%
zoltarian	62,014,705,411	100%
turbot	435,759,561	90%
dangerux	266,528,966	40%
ethemkibar	1,080,679,835	5%
jeffbernst	2,426,874,525	12.5%
evilest-fiend	1,338,374,241	50%
ribbitingscience	555,744,542	100%
thashadowbrokers	69,079,949	100%
ahmetay	2,847,345,649	100%
gokos	434,437,269	78%
matematikciemre	219,596,913	5%
muhammetcan	427,647,400	72%
intelligencer	3,845,932,027	100%
ekonugraha	4,667,588,608	100%
irfandogan	226,132,011	10%
biriki3	276,041,582	10%
mineopoly	77,375,204	0.12%
kirazay	564,946,690	100%
flashfiction	71,880,490	25%
fortunex	915,150,998	100%
brotato	337,069,532	100%
pizaz	336,381,463	100%
triplethreat	69,042,318	100%
dootdoot	50,201,672	100%
wewt	5,582,897,723	20%
conflaxus	69,007,843	100%
tittilatey	69,065,257	100%
cajun	336,965,355	100%
coonass	336,609,817	100%
squirrelnuts	336,460,789	100%
luoq	2,484,663,284	12.5%
ewq	1,470,328,705	6%
steemdevs	336,205,394	100%
jeezy	68,978,357	100%
test.with.dots	68,979,712	100%
pi-pi	68,944,980	100%
listentosteem	68,941,261	100%
kararakule77	2,126,784,363	100%
gravy	68,920,790	100%
sauronbey	272,063,022	12%
yucealiosman	415,030,500	72%
onursa	565,671,200	99%
osmania	522,704,388	100%
selamtux	506,962,500	85%
ucmuharfli	532,520,726	16%
embesilikat	80,053,318	10%
fotobot	57,264,146	10%
gokhan83kurt	452,270,430	5%
deejee	76,609,386	12.5%
e-babil	219,491,078	6%
wisewoof	1,098,410,846	5%
moculemann	288,841,003	100%
gulumserunver	98,012,022	16%
neokuduk	109,540,109	10%
eshapunver	135,865,709	20%
debruyne844	76,612,552	12.5%
queqtra	52,607,452	7.6%
bybrawe	274,394,818	20%
samedb	455,639,345	76%
iluvatar100	899,210,810	10%
dexterdev	2,196,620,664	100%
pepegusi	1,482,333,877	100%
dikemerit	251,945,000	100%
agememnon	887,781,324	100%
eightbitfiction	61,260,398	12.5%
memeitbaby	846,550,160	100%
steem-rocks	491,703,351	88%
carlosbp	73,640,734	12.5%
kilianparadise	1,049,537,521	100%
roscoeh	1,045,812,768	100%
synergysteem	1,199,350,542	100%
pojgaerlan	107,276,249	25%
lavinas	61,260,369	10%
peri	952,042,938	10%
hakancelik	6,547,021,954	100%
darmawan520	89,075,137	100%
kucukprens	435,642,722	100%
privacybydesign	613,230,869	100%
yunus98	543,085,217	100%
ogergami	602,172,309	100%
firster78	168,551,801	28%
irwan777	504,479,789	100%
mawan888	456,365,440	100%
blockmountain	541,955,658	12.5%
feronio	464,665,235	20%
olusegun3386	55,133,237	12.5%
jumbot	17,892,030,005	40%
esme-svh	506,354,450	100%
keybordjp	70,758,497	12.5%
lovethenature	591,733,443	100%
testorz	422,823,771	97%
primersion	1,139,955,928	100%
steemlore	200,250,649	100%
vanessahampton	2,043,503,907	100%
qotd	352,824,907	81%
pokeparadox	600,884,441	100%
pinarhanpolat	597,533,877	100%
ossbelmonte	98,056,841	100%
crpytoanalyzer	96,812,652	81%
atjart	441,162,597	100%
onelovedtube	223,135,811	100%
mrcwar01	581,915,671	100%
mesutbahar	480,846,107	100%
burakdogusoy	532,908,377	100%
bardostyle	364,460,327	100%
spartageo	208,263,044	100%
munefsulaiman	413,460,304	100%
shahabudin	263,388,228	100%
nathanielcwm	419,581,410	100%

@muratti · Mar 12 '18

Bilgi için çok teşekkürler üstad.

properties (22)

`post_id`	38,135,387
`author`	muratti
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t111317256z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 11:11:24
`last_update`	2018-03-12 11:11:24
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-19 11:11:24
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	33
`author_reputation`	67,091,370,995
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@tts · Mar 12 '18

To listen to the audio version of this article click on the play image.
[![](https://s18.postimg.org/51o0kpijd/play200x46.png)](http://ec2-52-72-169-104.compute-1.amazonaws.com/emrebeyler__steemauto-store-your-passwords-in-raw-format.mp3)
Brought to you by [@tts](https://steemit.com/tts/@tts/introduction). If you find it useful please consider upvote this reply.

👍 nristen

`post_id`	38,136,867
`author`	tts
`permlink`	re-steemauto-store-your-passwords-in-raw-format-20180312t112308
`category`	steemauto
`json_metadata`	{}
`created`	2018-03-12 11:23:09
`last_update`	2018-03-12 11:23:09
`depth`	1
`children`	0
`net_rshares`	576,358,415
`last_payout`	2018-03-19 11:23:09
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	364
`author_reputation`	-4,535,933,372,579
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
nristen	0 B		576,358,415	100%

@synergysteem · Mar 12 '18

$0.03

Passwords and authentication are often not programmed well, good public service announcement.

👍 emrebeyler, pokeparadox

`post_id`	38,137,638
`author`	synergysteem
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t112836612z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 11:28:36
`last_update`	2018-03-12 11:28:36
`depth`	1
`children`	0
`net_rshares`	8,856,405,512
`last_payout`	2018-03-19 11:28:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.025 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	93
`author_reputation`	40,947,012,609
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
emrebeyler	0 B		8,264,718,282	1%
pokeparadox	0 B		591,687,230	100%

@themarkymark · Mar 12 '18

$0.09

I talked to him about a week ago why an email and password is needed.  SteemConnect w/ posting authority would be so much more secure and painless.

👍 freebornangel, emrebeyler

`post_id`	38,147,290
`author`	themarkymark
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t123832376z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 12:38:39
`last_update`	2018-03-12 12:38:39
`depth`	1
`children`	3
`net_rshares`	30,814,511,851
`last_payout`	2018-03-19 12:38:39
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.073 SBD
`curator_payout_value`	0.020 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	147
`author_reputation`	806,615,692,176,612
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
freebornangel	0 B		22,549,334,164	50%
emrebeyler	0 B		8,265,177,687	1%

@leprechaun · Mar 12 '18

Too bad SC demands the active key.

properties (22)

`post_id`	38,226,143
`author`	leprechaun
`permlink`	re-themarkymark-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t213441377z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 21:34:51
`last_update`	2018-03-12 21:34:51
`depth`	2
`children`	2
`net_rshares`	0
`last_payout`	2018-03-19 21:34:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	34
`author_reputation`	3,043,219,887,107
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@themarkymark · Mar 12 '18

Yes, but it is fairly trusted and it is only used locally and not saved.

properties (22)

`post_id`	38,226,330
`author`	themarkymark
`permlink`	re-leprechaun-re-themarkymark-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t213613879z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 21:36:12
`last_update`	2018-03-12 21:36:12
`depth`	3
`children`	1
`net_rshares`	0
`last_payout`	2018-03-19 21:36:12
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	72
`author_reputation`	806,615,692,176,612
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

1 reply

@kilianparadise · Mar 12 '18

Thank you for sharing this important information @emrebeyler.
Thumbs up!!!!

properties (22)

`post_id`	38,148,082
`author`	kilianparadise
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t124303038z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "users": ["emrebeyler"], "tags": ["steemauto"]}"
`created`	2018-03-12 12:43:15
`last_update`	2018-03-12 12:43:15
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-19 12:43:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	75
`author_reputation`	5,843,414,133,735
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@yulem · Mar 12 '18

$0.02

Other than selecting "Lost Password?" there doesn't appear to be any way to manage passwords. :-(

👍 emrebeyler

`post_id`	38,148,493
`author`	yulem
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t124544422z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 12:45:45
`last_update`	2018-03-12 12:45:45
`depth`	1
`children`	2
`net_rshares`	8,266,725,377
`last_payout`	2018-03-19 12:45:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.018 SBD
`curator_payout_value`	0.005 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	97
`author_reputation`	376,318,488,374
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
emrebeyler	0 B		8,266,725,377	1%

@emrebeyler · Mar 12 '18

Yeah, seens like you cannot change it.

👍 yulem

`post_id`	38,181,473
`author`	emrebeyler
`permlink`	re-yulem-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t161438911z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 16:14:39
`last_update`	2018-03-12 16:14:39
`depth`	2
`children`	1
`net_rshares`	2,836,069,968
`last_payout`	2018-03-19 16:14:39
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	38
`author_reputation`	319,480,565,467,431
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
yulem	0 B		2,836,069,968	100%

@fan1 · Mar 12 '18

this is very important information, thank you

properties (22)

`post_id`	38,185,892
`author`	fan1
`permlink`	re-emrebeyler-re-yulem-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t164331916z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 16:43:30
`last_update`	2018-03-12 16:43:30
`depth`	3
`children`	0
`net_rshares`	0
`last_payout`	2018-03-19 16:43:30
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	45
`author_reputation`	16,176,661,164
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@flugschwein · Mar 12 '18

Wow, that's some ridiculous stuff imo. I thought literally no one stores passwords that way these days.

properties (22)

@mesutbahar · Mar 12 '18

$0.02

Eline yüreğine sağlık kardeşim işllah daha çok kazanırsın.

👍 emrebeyler

`post_id`	38,153,340
`author`	mesutbahar
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t131614589z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 13:16:27
`last_update`	2018-03-12 13:16:27
`depth`	1
`children`	0
`net_rshares`	8,267,164,766
`last_payout`	2018-03-19 13:16:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.018 SBD
`curator_payout_value`	0.005 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	58
`author_reputation`	-16,426,897,814
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
emrebeyler	0 B		8,267,164,766	1%

@fr3eze · Mar 12 '18

Good to know that, may be a 2FA implementation could solve that. But they should not store sensitive information in plain text in the first place.

properties (22)

`post_id`	38,155,608
`author`	fr3eze
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t133029800z
`category`	steemauto
`json_metadata`	"{"app": "busy/2.4.0", "community": "busy", "tags": ["steemauto"]}"
`created`	2018-03-12 13:30:45
`last_update`	2018-03-12 13:30:45
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-19 13:30:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	146
`author_reputation`	62,134,575,174,807
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@sndbox · Mar 12 '18

$0.02

Thanks for highlighting this @emrebeyler. The SteemAuto team really needs to implement a safer system.

👍 emrebeyler

`post_id`	38,165,774
`author`	sndbox
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t143125116z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "users": ["emrebeyler"], "tags": ["steemauto"]}"
`created`	2018-03-12 14:31:24
`last_update`	2018-03-12 14:31:24
`depth`	1
`children`	0
`net_rshares`	8,265,177,687
`last_payout`	2018-03-19 14:31:24
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.018 SBD
`curator_payout_value`	0.005 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	102
`author_reputation`	632,573,670,086,700
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
emrebeyler	0 B		8,265,177,687	1%

@nristen · Mar 12 '18

Thank you for sharing this valuable information - I will steer clear of them until I hear of a change.  On piece of advice that I have is to make sure each password is unique to each site.  I use LastPass for to help manage this which removes most of the difficulty with remembering and entering strong passwords.

👍 pbock

`post_id`	38,171,453
`author`	nristen
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t150726375z
`category`	steemauto
`json_metadata`	"{"app": "busy/2.4.0", "community": "busy", "tags": ["steemauto"]}"
`created`	2018-03-12 15:07:27
`last_update`	2018-03-12 15:07:27
`depth`	1
`children`	0
`net_rshares`	5,658,175,988
`last_payout`	2018-03-19 15:07:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	313
`author_reputation`	114,815,362,149
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
pbock	0 B		5,658,175,988	100%

@mahdiyari · Mar 12 '18

$0.28

yes,
that is right.
that was because I will remove this login system and all saved passwords.
I will use steemconnect as login system.

👍 mahdiyari, freebornangel, emrebeyler

`post_id`	38,187,221
`author`	mahdiyari
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t165221716z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 16:52:21
`last_update`	2018-03-12 16:52:21
`depth`	1
`children`	9
`net_rshares`	91,950,014,446
`last_payout`	2018-03-19 16:52:21
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.269 SBD
`curator_payout_value`	0.011 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	134
`author_reputation`	50,504,878,810,975
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
freebornangel	22,784,223,061	50%
mahdiyari	60,899,054,574	100%
emrebeyler	8,266,736,811	1%

@emrebeyler · Mar 12 '18

Thank you @mahdiyari for the clarification. Looking forward to see the upcoming developments on Steemauto. 👍

properties (22)

`post_id`	38,194,404
`author`	emrebeyler
`permlink`	re-mahdiyari-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t174033072z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "users": ["mahdiyari"], "tags": ["steemauto"]}"
`created`	2018-03-12 17:40:33
`last_update`	2018-03-12 17:40:33
`depth`	2
`children`	1
`net_rshares`	0
`last_payout`	2018-03-19 17:40:33
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	108
`author_reputation`	319,480,565,467,431
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@mahdiyari · Mar 12 '18 (edited)

Login method changed. I hope to see a new post or edited post here:)
I'm going to remove all information(passwords and emails).

properties (22)

`post_id`	38,233,782
`author`	mahdiyari
`permlink`	re-emrebeyler-re-mahdiyari-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t223116699z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 22:31:18
`last_update`	2018-03-12 22:32:00
`depth`	3
`children`	0
`net_rshares`	0
`last_payout`	2018-03-19 22:31:18
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	127
`author_reputation`	50,504,878,810,975
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@leprechaun · Mar 12 '18

Why when you can simply Convert the Private Posting Key to it's Public key and see if it matches the account information?  
```
# Routine returns 'owner'   if passed the master password or private owner key
#                 'active'  if passed the private active key
#                 'posting' if passed the private posting key
#                 'memo'    if passed the private memo key
#              or None otherwise

def get_login(connection, username, password):
    pk = None
    try:
        Pk = PrivateKey(password)      
        pk = Pk.pubkey
    except Exception as e:
        # Perhaps not a private key
        Pk = PasswordKey(username, password, role="owner")
        pk = Pk.get_public()
    if testnet:
        spk = format(pk, "STX")
    else:
        spk = format(pk, "STM")
    s = steem.steem.Steem(nodes=get_node_list(connection))
    account_information = s.get_account(username)
    for role in ['owner', 'active', 'posting', 'memo']:
        try:
            for key_power_pair in account_information[role]['key_auths']:
                if spk == key_power_pair[0]:
                    return role
        except:
            pass
    return None
```

properties (22)

`post_id`	38,226,059
`author`	leprechaun
`permlink`	re-mahdiyari-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t213352438z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 21:34:18
`last_update`	2018-03-12 21:34:18
`depth`	2
`children`	6
`net_rshares`	0
`last_payout`	2018-03-19 21:34:18
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	1,178
`author_reputation`	3,043,219,887,107
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@mahdiyari · Mar 13 '18

$0.05

Storing posting key is not secure!

👍 leprechaun

`post_id`	38,296,014
`author`	mahdiyari
`permlink`	re-leprechaun-re-mahdiyari-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180313t060545558z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-13 06:05:45
`last_update`	2018-03-13 06:05:45
`depth`	3
`children`	5
`net_rshares`	18,171,472,027
`last_payout`	2018-03-20 06:05:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.042 SBD
`curator_payout_value`	0.012 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	34
`author_reputation`	50,504,878,810,975
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
leprechaun	0 B		18,171,472,027	100%

5 replies

@dexterdev · Mar 12 '18

Great article. Good job man. This is really helpful. Resteeming it

properties (22)

`post_id`	38,187,411
`author`	dexterdev
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t165152574z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 16:53:33
`last_update`	2018-03-12 16:53:33
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-19 16:53:33
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	66
`author_reputation`	14,307,229,891,937
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@buy-bitcoin · Mar 12 '18 (edited)

Tellin' it like it is. Good man.

### This would be a good time to change  Steemauto passwords as well as other accounts. 

Take precaution.

👍 buy-bitcoin

`post_id`	38,189,572
`author`	buy-bitcoin
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t170719337z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 17:07:21
`last_update`	2018-03-12 17:09:24
`depth`	1
`children`	0
`net_rshares`	542,118,128
`last_payout`	2018-03-19 17:07:21
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	140
`author_reputation`	152,522,295,653
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
buy-bitcoin	0 B		542,118,128	100%

@vanessahampton · Mar 12 '18

Oh, my

properties (22)

`post_id`	38,191,091
`author`	vanessahampton
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t171740071z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 17:17:45
`last_update`	2018-03-12 17:17:45
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-19 17:17:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	6
`author_reputation`	3,362,533,862,951
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@honeylyn2330 · Mar 12 '18

Nice blog @emrebeyler
Very big help to us

properties (22)

@frederichs · Mar 12 '18

thank you my friend for clarifying this a bit, really, I needed a great article, my vote for you,

properties (22)

`post_id`	38,214,160
`author`	frederichs
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t200601580z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-12 20:06:06
`last_update`	2018-03-12 20:06:06
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-19 20:06:06
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	97
`author_reputation`	1,265,383,660,414
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@postpromoter · Mar 12 '18

$0.06

re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t201155762z

You got a 10.20% upvote from @postpromoter courtesy of @emrebeyler!

Want to promote your posts too? Check out the [Steem Bot Tracker website](https://steembottracker.com) for more info. If you would like to support the development of @postpromoter and the bot tracker please [vote for @yabapmatt for witness!](https://v2.steemconnect.com/sign/account-witness-vote?witness=yabapmatt&approve=1)

👍 mjrcrypto

`post_id`	38,214,943
`author`	postpromoter
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180312t201155762z
`category`	steemauto
`json_metadata`	"{"app": "postpromoter/1.8.6"}"
`created`	2018-03-12 20:11:57
`last_update`	2018-03-12 20:11:57
`depth`	1
`children`	0
`net_rshares`	21,725,281,607
`last_payout`	2018-03-19 20:11:57
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.049 SBD
`curator_payout_value`	0.014 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	394
`author_reputation`	21,053,937,692,175
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
mjrcrypto	0 B		21,725,281,607	10%

@jdc · Mar 13 '18

Does this mean we have to keep logging in with our active key every few hours? Because I'm not doing that.

properties (22)

`post_id`	38,264,198
`author`	jdc
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180313t021426127z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-13 02:14:27
`last_update`	2018-03-13 02:14:27
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-20 02:14:27
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	106
`author_reputation`	1,190,023,548,895
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@cryptohazard · Mar 13 '18

I would also add that you need a way to *properly* score  the passwords . I usually recommend https://github.com/dropbox/zxcvbn/tree/master

properties (22)

`post_id`	38,444,450
`author`	cryptohazard
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180313t225044845z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "links": ["https://github.com/dropbox/zxcvbn/tree/master"], "tags": ["steemauto"]}"
`created`	2018-03-13 22:50:45
`last_update`	2018-03-13 22:50:45
`depth`	1
`children`	0
`net_rshares`	0
`last_payout`	2018-03-20 22:50:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	139
`author_reputation`	17,113,283,041,617
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@valth · Mar 31 '18

Thanks for the warning! This is definitely worrying, but luckily I used a throwaway password there.

properties (22)

`post_id`	41,394,608
`author`	valth
`permlink`	re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180331t070706086z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-31 07:07:06
`last_update`	2018-03-31 07:07:06
`depth`	1
`children`	3
`net_rshares`	0
`last_payout`	2018-04-07 07:07:06
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	99
`author_reputation`	74,131,024,130,091
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

@emrebeyler · Mar 31 '18

$0.08

This has been handled by the owner after this post. He also stated that he removed the old database and switched to SteemConnect for the authentication.

👍 valth

`post_id`	41,395,829
`author`	emrebeyler
`permlink`	re-valth-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180331t071834938z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-31 07:18:36
`last_update`	2018-03-31 07:18:36
`depth`	2
`children`	2
`net_rshares`	30,146,459,512
`last_payout`	2018-04-07 07:18:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.078 SBD
`curator_payout_value`	0.006 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	152
`author_reputation`	319,480,565,467,431
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
valth	0 B		30,146,459,512	19%

@valth · Mar 31 '18

Oh, that's great! I realized it that the post was a little bit old, but I didn't expect it to have been fixed yet. Thanks for the update :)

properties (22)

`post_id`	41,396,986
`author`	valth
`permlink`	re-emrebeyler-re-valth-re-emrebeyler-steemauto-store-your-passwords-in-raw-format-20180331t073020132z
`category`	steemauto
`json_metadata`	"{"app": "steemit/0.1", "tags": ["steemauto"]}"
`created`	2018-03-31 07:30:21
`last_update`	2018-03-31 07:30:21
`depth`	3
`children`	1
`net_rshares`	0
`last_payout`	2018-04-07 07:30:21
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 SBD
`curator_payout_value`	0.000 SBD
`pending_payout_value`	0.000 SBD
`promoted`	0.000 SBD
`body_length`	139
`author_reputation`	74,131,024,130,091
`root_title`	"Steemauto stores your passwords in raw format!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 SBD
`percent_steem_dollars`	10,000

1 reply