You are NOT safe - How to Create a Powerful Steem Password to Last a Lifetime
Dear whales, as steemit grows hackers will target the richest users first, and there is a 9 in 10 chance your password sucks.
Unprecedented growth, whether it is a city or a website always attracts the attention of unsavory characters. Research shows that psychopaths flock to the largest cities, and online psychopaths will flock to the largest forums. And they will see your STEEM Power and jealousy, even rage will drive them to new lengths of malicious creativity. Feeling safe because it hasn't happened yet is not the answer. You will have to protect your account from getting hacked.
Now why did I write this article? Because I know for a fact that many people on this site are using unsecure passwords. Using a custom made script I have been able to guess several of them - and gain access to several steem accounts. But because I have long given up being a “blackhat” or cybercriminal from over a decade ago in my teenage days, I have informed these users to change their password and I suggest you do the same.
How is this possible?
When you sign up directly on steemit, your keys are generated from your password. Do NOT think you are clever because you used a song lyric, popular quote, or a line from a book. This is exactly what helped me bruteforce (“guess”) several accounts.
I’ve noticed that steem offers a new “generated password” feature, and you may feel secure using something so cryptic and long. But this password is unreadable, difficult to write down and overall a total nightmare. And I don’t know how it was created! That worries me.
Random number generators are a notorious nightmare, and their insecurities have lead to numerous hacks. Most notably the bitcoin wallet website Blockchain.info was hacked because they used predictable “R” values and randomisation “seeds”. Thousands and thousands of dollars were lost because all of their randomly generated passwords followed a certain pattern and didn’t have enough “entropy”. Simply put, they weren't as random as they claimed to be.
Thankfully the main hacker was a good samaritan and returned it. Johoe, the nice whitehat hacker, returned 267 BTC worth an estimated $170,000.
But that doesn't mean you should rely on people acting in good faith!
How can I make a truly secure password that is easy to write down?
You can use several services to generate a 12 word passphrase which will be extremely long and easier to remember than random digits.
This lets you create a bitcoin wallet using a 12 word passphrase, but you can use it as a password as well: http://counterwallet.com
This is the library that it uses: https://bitcore.io/api/mnemonic/
Of course, you can download your own version of bitcore and generate your own 12 word passphrase on an offline computer. ( Even better if you install linux on a thumbdrive and then run a temporary operating system by booting from USB.)
These are a few examples that I have vetted myself, but you are welcome to research them further to make sure they are secure. Don't trust anyone on the internet. Not even me! Read about Bitcoin "best practices" and realize that they apply to steemit as well.
Here is an example of a 'passphrase' which is easier to remember and write down than random characters:
“driver jeans cage follow spread glove drug egg deal leave clue serious”
You can cut this down to a single word:
“driverjeanscagefollowspreadglovedrugeggdealleaveclueserious”
And for extra security you can add some numbers in there as well:
“353driverjeanscagefollowspreadglovedrugeggdealleaveclueserious634”
Wish I were a whale. Still security is important for all, right ?
Yes, of course. But those with the most to lose will cry the most and the loudest, causing a lot of reputational damage to steemit. Hackers are likely to target the richest accounts first.
I'm trying to add the full article but steemit is buggy and won't let me update it... Please bare with me
thanks for the info , take care from now :)
Would you advise against letting your computer 'remember' your password? @filip-martinka