One of the fundamental ideas behind the creation of Bitcoin and the revolution of cryptocurrency technology is private key encryption.
Private keys are the “passwords” that unlock your wallet. Many crypto veterans have a lot of experience with private keys as they have experimented, played around with and even lost money with various private key management strategies.
I was explaining private keys to a friend recently as he just started to dip his toes into Bitcoin. He ended up buying 1 BTC on an exchange and then I had to have the talk with him.
The talk consisted of me telling him that so long as that Bitcoin is held on an exchange, it is never truly safe.
I even showed him the now infamous video of Andreas Antonopolous showcasing the ideas of “Not your keys, not your Bitcoin. Your keys, your Bitcoin.”
This is so important for everyone who holds crypto to understand. It is also one of the most significant barriers to entry, as the majority of people in the world are accustomed to having a custodian who takes care of their money.
In crypto, we don’t trust custodians. We don’t trust banks. We don’t trust centralization and we certainly don’t trust exchanges with our money.
Use an exchange to transfer money and exchange it for other cryptocurrencies… but when you’re done, your money should land in some sort of wallet where you own the private keys.
I proceeded to help my friend get a hardware wallet and give him some reading material. He understands private keys and how to secure his hardware wallet and his backup passphrase. A backup passphrase is 12-24 English words that derive your private keys.
If you lose your hardware wallet or update your wallet without this backup passphrase, your money is likely gone forever.
Bridging the Concept to Steem
The conversation didn’t end there. My friend was also getting into STEEM (and LEO). The private key situation on Steem is slightly different, but the fundamental principle — not your keys, not your Steem — still applies.
On Steem, you have a master password. This master password is similar to that 12-24 word backup passphrase used for hard wallets. It is used to derive your other private keys such as your active key, your posting key, your memo key, etc.
Many Steemians still login to Steem using their master password. This is a huge no-no. Steemit, Inc. recently updated Steemit.com so that you can’t login with your master password. This is a step in the right direction, but education is ultimately the solution to this problem.
So I told my friend to follow these steps:
- Create your Steem account
- Write down the username for the account and the master password on a piece of paper (I suggested 2 pieces of paper — 1 for himself and 1 for a trusted family member to store in case something happens to him)
- Delete the master password from your computer
- Input the posting, active and memo key into Steem Keychain (a chrome/brave/firefox extension that allows you to securely login to various Steem apps)
- Login to Steemleo.com, signing the transaction with Keychain
Boom! He’s all set and secure. His master password is securely stored in 2 locations and now he can do everything he needs to do on Steem with his posting, active and memo keys.
This hierarchical private key structure is extremely underrated on the Steem blockchain. With Bitcoin, for example, you only get 1 private key for your wallet. So if you want to send a transaction, you need to find a way to securely enter that private key (or have a hardware wallet).
On Steem, you only need to make contact with your “master private key (master password)” 1 time when you create the wallet. So long as nothing bad happens, you’ll likely never need to touch that master password again.
You can login to most sites and post with your private posting key.
You can send transactions/power down with your active key.
You can encrypt and decrypt memos with your memo key.
If any of these keys get stolen, you can reset them with your master password. If someone steals your active key, then they can steal any liquid STEEM or Steem-based tokens from your wallet. However, if you are smart and keep your STEEM or Steem-based tokens powered up (vested), then the thief has to start a power down and wait for them to be unvested before withdrawing.
This gives you plenty of time to change your private keys and stop the power down. Locking the thief out of your Steem account and re-securing your money.
With enough education, we can show people that Steem has a robust way of hodling crypto. It’s secure and highly functional as you can login to any Steem-based app and trade any Steem-based tokens. One account to rule them all.