create account

How are you login in? by meno

View this thread on steemit.com
· @meno ·
$4.34
How are you login in?
<div class="text-justify">
Of course as a Steemian I've done my best to bring people to the platform. I've invited friends, friends of friends, relatives and of course family. My intention has been at all times to bring them into the fold, show them what this blockchain can do, what the cryptocurrency revolution is all about. But sometimes, I've failed to say some basic, basic things.

<center>
<img src="https://blog.mozilla.org/wp-content/uploads/2016/09/Cybersecurity.png">
</center>
<h1>How did you just log in?</h1>
And so it happened, my brother in law @knightly who has been here for some months now, mainly as a quiet account who wanted to speculate on the who crypto craziness. He bought some tokens to give it a whirl, made some posts, and soon learnt that he could put his SP to work passively.

Being someone who has very little time to blog himself, he decided that this would be the best move. Maybe because of that, I did not explain some basic things, and maybe that is my fault. 

Today, he logs into to his account and we see that all his liquid funds, the one's he had been collecting from his small delegation are gone. All gone, seven days ago to be precise. 
<center>
<img src="https://ipfs.busy.org/ipfs/QmaJ5b2arDmLLRgzr28LimcZK7h17xCDf6vh333zQbh17Y">
</center>
The thief or thieves, because it could be more than one, even tried to power down the account right before it stole the funds. I think he/she gave up because it was going to take too long to extract the amount, and maybe it was not worth it. 

We are sitting there scratching our heads, How did this happen? How would anyone have access to the account? Of course, right away I made him change the master password, safeguarded and what have you, and then he logged back in, and then I noticed it.

<b><i>"How did you just log in? with the master password?"</i></b>- Yes, that is a big and I do mean a big no no. Now, I still don't know how the active key got copied, or if the master password was compromised. I doubt it, since they would have changed the master password right away, but it reminded me of this little security tip we must all know.

Never and I do mean <b>never</b> log in with your master password. Use your posting key, and then your active for financial transactions. In other words 99% of the time you should be using your posting key and that's it.

So, lemme ask you... How did you just log in?
</div>
https://steemitimages.com/DQmW2fijoxrybX3Kg83HCgZZmZwF8SujXWvr3tn8YCUPCsw/meno%20logo.png

πŸ‘  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 35 others
properties (23)
post_id62,284,773
authormeno
permlinkhow-are-you-login-in
categorysteem
json_metadata{"format":"markdown","image":["https:\/\/blog.mozilla.org\/wp-content\/uploads\/2016\/09\/Cybersecurity.png"],"app":"busy\/2.5.6","links":["\/@knightly"],"community":"busy","tags":["steem","steemit","besafe","besmart","busy"],"users":["knightly"]}
created2018-09-12 18:37:27
last_update2018-09-12 18:37:27
depth0
children18
net_rshares4,122,053,655,841
last_payout2018-09-19 18:37:27
cashout_time1969-12-31 23:59:59
total_payout_value3.747 SBD
curator_payout_value0.588 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length2,504
author_reputation148,669,616,868,095
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (99)
@elsiekjay ·
$0.02
OMG that is devastating! I am not even feeling paranoid with my account. I never really thought about it until now, thank you for the tip Meno!
πŸ‘  
properties (23)
post_id62,285,206
authorelsiekjay
permlinkre-meno-how-are-you-login-in-20180912t184311637z
categorysteem
json_metadata{"format":"markdown","image":[],"app":"busy\/2.5.6","links":[],"community":"busy","tags":["steem"],"users":[]}
created2018-09-12 18:44:00
last_update2018-09-12 18:44:00
depth1
children0
net_rshares20,252,165,948
last_payout2018-09-19 18:44:00
cashout_time1969-12-31 23:59:59
total_payout_value0.019 SBD
curator_payout_value0.001 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length143
author_reputation93,086,968,870,341
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@cryptoandcoffee ·
$0.02
We must all remain vigilant. Is there a procedure one should know about if shit happens. Who does one contact etc. Maybe there is another post for you lol.
πŸ‘  ,
properties (23)
post_id62,285,716
authorcryptoandcoffee
permlinkre-meno-how-are-you-login-in-20180912t185157597z
categorysteem
json_metadata{"app":"steemit\/0.1","tags":["steem"]}
created2018-09-12 18:52:00
last_update2018-09-12 18:52:00
depth1
children2
net_rshares22,180,065,587
last_payout2018-09-19 18:52:00
cashout_time1969-12-31 23:59:59
total_payout_value0.022 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length155
author_reputation54,813,671,015,584
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (2)
@meno ·
if your account gets stolen, there is a recovery method, I can teach you if need be, but there are plenty of posts about it. 

However the main thing here is, use your posting key.. not your password.
πŸ‘  
properties (23)
post_id62,285,862
authormeno
permlinkre-cryptoandcoffee-re-meno-how-are-you-login-in-20180912t185414333z
categorysteem
json_metadata{"app":"steemit\/0.1","tags":["steem"]}
created2018-09-12 18:54:06
last_update2018-09-12 18:54:06
depth2
children1
net_rshares13,630,972,656
last_payout2018-09-19 18:54:06
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length200
author_reputation148,669,616,868,095
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@cryptoandcoffee ·
I do only use my posting key .Thank you.
properties (22)
post_id62,286,004
authorcryptoandcoffee
permlinkre-meno-re-cryptoandcoffee-re-meno-how-are-you-login-in-20180912t185623648z
categorysteem
json_metadata{"app":"steemit\/0.1","tags":["steem"]}
created2018-09-12 18:56:24
last_update2018-09-12 18:56:24
depth3
children0
net_rshares0
last_payout2018-09-19 18:56:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length40
author_reputation54,813,671,015,584
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
@apshamilton ·
$0.11
Great advice. This should be taught as Steemit 101.
Its very confusing when you first join, but this is critical.
πŸ‘  ,
properties (23)
post_id62,286,353
authorapshamilton
permlinkre-meno-how-are-you-login-in-20180912t190136512z
categorysteem
json_metadata{"community":"steempeak","app":"steempeak","tags":["steem"]}
created2018-09-12 19:01:36
last_update2018-09-12 19:01:36
depth1
children1
net_rshares109,797,091,029
last_payout2018-09-19 19:01:36
cashout_time1969-12-31 23:59:59
total_payout_value0.102 SBD
curator_payout_value0.012 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length113
author_reputation6,374,475,326,421
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (2)
@meno ·
very much so... problem is, that i dont see it ever becoming too different, so if it ever becomes easier, it would not be at a blockchain level, but at a front end that manages the whole thing easier. Now, is that safe? im not sure..
properties (22)
post_id62,295,215
authormeno
permlinkre-apshamilton-re-meno-how-are-you-login-in-20180912t213853566z
categorysteem
json_metadata{"app":"steemit\/0.1","tags":["steem"]}
created2018-09-12 21:38:45
last_update2018-09-12 21:38:45
depth2
children0
net_rshares0
last_payout2018-09-19 21:38:45
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length233
author_reputation148,669,616,868,095
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
@onnovocks ·
$0.02
I log in with my posting key, but every time I do a financial transaction and use the active key, da kaput'r wants to update to the active key. If you are not careful and accidentally click on "update" instead of "don't update", the next time you log in, the Kaputer will be using the active key. At that point the thieves are one step closer to taking your mojo. Never use your master key, because if they get that, they won't take your mojo; they will take the account.
πŸ‘  
properties (23)
post_id62,287,491
authoronnovocks
permlinkre-meno-how-are-you-login-in-20180912t191942694z
categorysteem
json_metadata{"app":"steemit\/0.1","tags":["steem"]}
created2018-09-12 19:19:42
last_update2018-09-12 19:19:42
depth1
children3
net_rshares20,293,925,632
last_payout2018-09-19 19:19:42
cashout_time1969-12-31 23:59:59
total_payout_value0.015 SBD
curator_payout_value0.005 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length471
author_reputation1,540,911,788,856
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@h-p-oliver ·
I'm the last guy who should be offering tips, but I will anyway. Don't use your computers auto password fill in function. I work on a secure computer no one else uses, so I keep my Steemit passwords on an electronic sticky note on the screen and grab the one I need when I go to log in. No accidents that way.
πŸ‘  
properties (23)
post_id62,290,559
authorh-p-oliver
permlinkre-onnovocks-re-meno-how-are-you-login-in-20180912t201150658z
categorysteem
json_metadata{"tags":["steem"],"app":"steemit\/0.1"}
created2018-09-12 20:11:51
last_update2018-09-12 20:11:51
depth2
children2
net_rshares11,377,315,678
last_payout2018-09-19 20:11:51
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length309
author_reputation2,576,980,374,514
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@onnovocks ·
That wouldn't work for me, but is a valid method for those with only a few accounts. Thanks for thinking along on these issues. Greetings!
properties (22)
post_id62,298,168
authoronnovocks
permlinkre-h-p-oliver-re-onnovocks-re-meno-how-are-you-login-in-20180912t223809414z
categorysteem
json_metadata{"app":"steemit\/0.1","tags":["steem"]}
created2018-09-12 22:38:09
last_update2018-09-12 22:38:09
depth3
children1
net_rshares0
last_payout2018-09-19 22:38:09
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length138
author_reputation1,540,911,788,856
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
@karinxxl ·
$0.02
Shitttt...totally bummer for him and a good wake up call for everybody who is not doing this as yet logging in with posting/active key!

Also scary that even small accounts are at risk!
πŸ‘  
properties (23)
post_id62,289,524
authorkarinxxl
permlinkre-meno-how-are-you-login-in-20180912t195417402z
categorysteem
json_metadata{"tags":["steem"],"app":"busy\/2.5.6","users":[],"links":[],"community":"busy","format":"markdown","image":[]}
created2018-09-12 19:54:18
last_update2018-09-12 19:54:18
depth1
children0
net_rshares20,293,925,632
last_payout2018-09-19 19:54:18
cashout_time1969-12-31 23:59:59
total_payout_value0.015 SBD
curator_payout_value0.005 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length185
author_reputation11,809,247,432,396
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@h-p-oliver ·
$0.02
Interesting. I may be the least tech savvy guy on the planet, but I got the message about which passwords to use and when to use them the day I got them. I can't remember where I saw the information, but it was somewhere on the site, probably in the FAQs. Has everyone read the FAQs? Somebody went to a lot of trouble to write them. There were probably reasons for that.
πŸ‘  
properties (23)
post_id62,290,266
authorh-p-oliver
permlinkre-meno-how-are-you-login-in-20180912t200713823z
categorysteem
json_metadata{"tags":["steem"],"app":"steemit\/0.1"}
created2018-09-12 20:07:15
last_update2018-09-12 20:07:15
depth1
children0
net_rshares20,293,925,632
last_payout2018-09-19 20:07:15
cashout_time1969-12-31 23:59:59
total_payout_value0.015 SBD
curator_payout_value0.005 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length370
author_reputation2,576,980,374,514
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@curatorcat ·
$0.02
It IS very confusing when you start... and you look at "permissions" and it seems like you have SIX passwords! *"What does what?"* I asked myself.

And it's not made easier by the fact that SteemConnect asks for different things, depending on which app/utility you are trying to access.

So yes, it's important to stay safe; thanks for the reminder!

Going to re-steem this.

=^..^=

Sorry to hear your brother-in-law lost some of his tokens...
πŸ‘  
properties (23)
post_id62,290,471
authorcuratorcat
permlinkre-meno-how-are-you-login-in-20180912t201021919z
categorysteem
json_metadata{"tags":["steem"],"app":"steemit\/0.1"}
created2018-09-12 20:10:24
last_update2018-09-12 20:10:24
depth1
children0
net_rshares20,293,925,632
last_payout2018-09-19 20:10:24
cashout_time1969-12-31 23:59:59
total_payout_value0.015 SBD
curator_payout_value0.005 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length444
author_reputation3,058,831,511,475
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@lemony-cricket ·
$0.05
This is really important, but why should we have to evangelise this to fellow Steemians? Steemit Inc is actually being **negligent** on this by providing a loaded footgun to users.

When you design a user experience, you should design it in a way that discourages insecure practices. There is a proverb that goes "you can lead a horse to water, but you can't make it drink." A corollary is, "you can't prevent a suicidal horse from dehydrating itself, but you _can_ make it wait by  the river until it dies."

The fact that the Condenser application even _allows_ logging in with the master password is negligent as hell. When generating their accounts, new users should be instructed to write their master passwords down and _never_ use them again... and if they try, _it shouldn't work._ Extra points for forcing them through the password reset workflow after detecting the activity.

Crypto can't go mainstream until we make the necessary security practices understandable to Average Joe. We need to expect as little of Joe as possible. We need to assume that he's not only stupid, but _actively_ acting against his own interests, because social engineering makes that not only possible, but probable; not only probable, but **inevitable**. 

Then, we need to do what we can to empower him (in a manner as _brain-numbingly simple as possible_) to protect himself from himself.

I may make this into a post later. Without cooperation from Steemit and a massive security awareness campaign, an extremely large portion of the Steem userbase, possibly even a majority, is headed for complete disaster. **We are one keylogger epidemic away from a mass extinction event.**
πŸ‘  ,
properties (23)
post_id62,292,590
authorlemony-cricket
permlinkre-meno-how-are-you-login-in-20180912t204833352z
categorysteem
json_metadata{"app":"steemit\/0.1","tags":["steem"]}
created2018-09-12 20:48:36
last_update2018-09-12 20:48:36
depth1
children0
net_rshares50,328,504,441
last_payout2018-09-19 20:48:36
cashout_time1969-12-31 23:59:59
total_payout_value0.039 SBD
curator_payout_value0.012 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length1,669
author_reputation8,687,381,404,640
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (2)
@rodneysreviews ·
$0.02
Posting Key.

When I joined in June, Steem 1010 advice was dispensed in the joing FAQ, which was adamant that using the "posting key" most of the time was imperative, and that if I used and compromised my master password, it would all be on my own head.

Since then, I have realized there are ways to get your account back even if you lose your master password (ie with help), but this should never be relied on.

Sorry your brother-in-law got burned like that. :(
πŸ‘  
properties (23)
post_id62,301,781
authorrodneysreviews
permlinkre-meno-how-are-you-login-in-20180912t235135523z
categorysteem
json_metadata{"tags":["steem"],"app":"steemit\/0.1"}
created2018-09-12 23:51:42
last_update2018-09-12 23:51:42
depth1
children0
net_rshares20,295,097,637
last_payout2018-09-19 23:51:42
cashout_time1969-12-31 23:59:59
total_payout_value0.018 SBD
curator_payout_value0.002 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length464
author_reputation1,177,907,294,060
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@dedicatedguy ·
$0.02
This is very serious, what devices and OS is he using?

Any idea how he got hacked besides using the master password?
πŸ‘  
properties (23)
post_id62,316,253
authordedicatedguy
permlinkre-meno-how-are-you-login-in-20180913t041508482z
categorysteem
json_metadata{"tags":["steem"],"app":"steemit\/0.1"}
created2018-09-13 04:15:03
last_update2018-09-13 04:15:03
depth1
children1
net_rshares20,349,581,148
last_payout2018-09-20 04:15:03
cashout_time1969-12-31 23:59:59
total_payout_value0.016 SBD
curator_payout_value0.005 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length117
author_reputation107,977,516,232,770
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
author_curate_reward""
vote details (1)
@meno ·
no idea so far...
properties (22)
post_id62,354,404
authormeno
permlinkre-dedicatedguy-re-meno-how-are-you-login-in-20180913t143312683z
categorysteem
json_metadata{"tags":["steem"],"app":"steemit\/0.1"}
created2018-09-13 14:33:03
last_update2018-09-13 14:33:03
depth2
children0
net_rshares0
last_payout2018-09-20 14:33:03
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length17
author_reputation148,669,616,868,095
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars10,000
@kantos ·
Es un excelente consejo amigo @meno Muchos usuarios no conocen ese dato y usan la contraseΓ±a de propietario para todo, quedando de este modo mas frΓ‘giles y sin seguridad si llegara a caer en manos equivocadas.<div class="text-right"> Again... <div class="phishy"> <i> THANK YOU! <br> </i> 

https://steemitimages.com/0x100/https://i.imgur.com/oIujWBY.png</div>
πŸ‘  
properties (23)
post_id62,319,476
authorkantos
permlinkre-meno-how-are-you-login-in-20180913t051750998z
categorysteem
json_metadata{"app":"steemit\/0.1","users":["meno"],"image":["https:\/\/steemitimages.com\/0x100\/https:\/\/i.imgur.com\/oIujWBY.png"],"tags":["steem"]}
created2018-09-13 05:17:57
last_update2018-09-13 05:17:57
depth1
children0
net_rshares1,214,418,206
last_payout2018-09-20 05:17:57
cashout_time1969-12-31 23:59:59
total_payout_value0.000 SBD
curator_payout_value0.000 SBD
pending_payout_value0.000 SBD
promoted0.000 SBD
body_length360
author_reputation4,823,178,482,239
root_title"How are you login in?"
beneficiaries[]
max_accepted_payout1,000,000.000 SBD
percent_steem_dollars0
author_curate_reward""
vote details (1)