Hello Steemian! Lately we have been saddened by the news of hackers been busy stealing funds from our fellow steemian. We as active users in here also now in fear of becoming the next victim. Please keep on reading on how to keep your steem account safe.
How to keep your steem account extra safe?
It is recommended that you should do some spring cleaning to your steem account by checking all the dapps that you have login into or you have given these dapps your posting or active key authority in the past.
You should be removing all the posting/active key authority to dapps that no longer active on Steem blockchain.
Another reason is that there is also a possibility that you have accidentally expose your active key while accessing malicious Dapps on your browser.
How to remove the posting/active key authority from these Dapps?
There is a tool by @steemchiller where he explained in more depth in this post here SteemWorld Update / New Tool for Managing Account Authorities you can easily do this process by login into his Dapps https://steemworld.org/
First step, go to https://steemworld.org/ then at the home page click on the Account Auths
On this account-authorities page you will see all the lists of Dapps that you have given your posting/active key authority.
To remove them from still having your posting/active key authority you just click the red "X" sign located at your right side next to the list.
After done with removing all the old Dapps that you no longer need or trust then click "Save Changes" to complete this process.
Then you will be ask to signing the transaction with keychain if you have installed this keychain extension on your web browser or
with steemlogin if you click "No" and you will be asking to put your Private Active key to sign this transaction.
After a few seconds, please refresh the page and you will see that those old Dapps that you have removed no longer in the list. Congratulations! You have done this process successfully 😃
Change your Master Password
The next step you can do to making sure your account extra safe is by changing your Master Password. This can be done by going to this page here https://steemitwallet.com/change_password or go to the 3 bar on your top right side of your Steemit blog page and on the dropdown select "Change Account Password"
Then on the change password page fill in the required data such as your steem account name and your current Master Password.
Then click on the "Click to Generate Password" tab to generate your new Master Password.
Next is copy paste this generated Master password into the next box under the "RE-ENTER GENERATED PASSWORD" and most importantly make a copy for yourself by copy/paste it to somewhere safe online or write it on a piece of paper for offline keeping too.
Then lastly select the 2 boxes of the reminders and click "Update Password" button to complete this process.
The above process is for spring cleaning your steem account from all the old not functioning Dapps. After done with the spring cleaning process, you can then login back into the Dapps that you trust or currently run by top Steem Witness and enable your posting or active key authority to continue using their Dapps.
What if you have been a victim of fund stealing?
If you have been a victims of the hackers stealing funds from your account, you should do the above process then change your Master Password process 2 times to making sure your account is safe.
p/s: You don't need to do Stolen Account Recovery as this process is only for when you cannot access your account with any keys/password that you currently have because hacker have changed your master password.
When to use Stolen Account Recovery?
A lot of Steemian confuse when to use this feature. You only use this Stolen Account Recovery when the hacker have changed your Master Password and you cannot login into your account with your current Master Password/ or any other Keys. You can regain control of your account again by using your old Master password and initiate this process. Remember this process only can be done if :
- within 30 days after your master password was changed, as after 30 days, there is no way to recover it.
- you can provide the email address that you used when you signed up, your steem account name, and a master password that was used in the last 30 days.
You may contact Steemit via firstname.lastname@example.org if no feedback in 7 days after you submitted recovery request.
Please refer to this post for more details on How to initiate Stolen Account Recovery Your Steem Account gets Hacked? What to do next?.
In conclusion, DAPPs on Steem blockchain are not dangerous and unusable. Users can do re-authority/re-enable your posting/active keys to the tools/DAPPS that you trust after you have done the spring cleaning steem account method as explained in the above section. However as everything in life have it's own risk, the same with using this DAPPs and it is recommended to use the DAPPs/tools that you only really need and be extra careful while using them.
I hope at you will be doing this Spring Cleaning your Steem account regularly to avoid hacker aattack.
You may also make use the avings feature on steemitwallet page to keep your fund(Steem/SBD) safe as you will get notified for 3 days before the withdrawal be enable.
Stay safe and Keep on steeming!
cryptooknon.Thank you to Benson from The Steemit Team for guidance and suggestion on this guide.de.