Understanding Posting & Active keys Authority

in #security2 months ago

steem1.1.png

Hello Steemian!
I have published a post about issue on dapps of https://steemdb.online/ yesterday and I have been respond by @steem-supporter in this comments’ thread here

How steemdb.online curation trail works?
We also had a conversation in discord server this morning on my timezone as I had asked him about this the day before and was waiting for him to reply me there.
As I understand it from our conversation, his sites https://steemdb.online/ only have users’ posting key authority NOT the actual posting key itself.
The application that is used for getting the posting keys from users is steemlogin which is operated by @hightouch of @futurewitness

As I understand it from @steem-supporter, steemlogin only has our **active key authority **but not having any record of our active keys in their apps, as steemlogin only stores our active keys credentials in our web browser.

Why users need their active key to authorize steemdb.online service?
https://steemdb.online/ require users to put active keys via steemlogin because in order for posting keys authority to work with steemdb.online dapps,higher level keys, such as active keys is required by the steemlogin which will then making it possible for steemdb.online dapps posting key authority to work.

TL:DR

There is no way for dapps such as https://steemdb.online/ and steemlogin.com having record/store of your posting keys and active keys.

Is it safe to use any dapps on Steem?
There’s still a possibility that your account gets hacked if you’re using these dapps as hackers might have found a way to do it as you store the keys in your browser.
So in conclusion, use these dapps at your own risk, the creators of those dapps are not responsible or have anything to do with your stolen funds while you use their dapps as they do not store your actual posting/active keys, they only have your posting or active key authority.
It might have to do with your internet browser security or something as I’m not a developer or programer to know more about this on how your steem account could be compromised.

How to protect your Steem/SBD?

saving1.pngGo to your steemitwallet page and transfer any liquid steem/sbd into Savings

saving2.pngThis will protect your funds for 3 days before they enable the withdrawal

If you or your community rely heavily on this curation trail service or any other dapps on Steem blockchain that require active key authority on their dapps, it is good that you transfer any of your liquid steem/sbd into saving so you will get notified when someone withdraws your steem/sbd in 3 days before it can be withdrawn. This way you can still have a chance to stop the stealing as opposed to you will lose your funds at an instant if you just let it sit there.

Thank you @steem-supporter for clearing things up for me and the Steem Community members.
Until then, keep steeming!

Regards,
cryptokannon

Sort:  

I am Korean
I want to share a lot of information with you.
If you send me an email or SNS, I'll send you a message.^^

Hi @speedask nice to meet you. What are the information that you want to share with me? You may find me on twitter too https://twitter.com/cryptokannon

Thank you for information Mrs. @cryptokannon .,

Today I am trying to create a community that has the basics of history and culture. This idea has been around for a long time, I haven't seen steemians writing articles about history and promoting cultures. Because of that, my friends and I wanted to create a place for steemians who want to learn a lot about history and culture, and share them. History and culture will never run out. If we as millennials don't preserve it, then that history and culture will be lost.

This community will teach us how to love history and culture. This community will also unite us from all corners of the region to exchange stories that contain elements of history and culture. This community will raise many aspects of history and culture in each place where the steemian lives. It may not be easy, but I am doing my best to raise this community. so that this platform is progressing and developing rapidly.

Therefore, I really need your support and encouragement @cryptokannon, from @steemitblog, @steemcurator01, @booming. so that this community can flourish. Without your support this community would be nothing, without your support the ideas we wanted to bring about would not have happened. I came here to submit a proposal to you @cryptokannon and the other steemit team. I hope you consider it. I want to say a thousand thanks to you, Sincerely @rezamusic22 @hc-curator

hc.jfif

Please visit the post Introduction of the new Community and the official "History & Culture" curator account on the Steemit Platform.

As a newbie, this is very informative and helpful. Thank you so much.

I can see they comment their introduction. here is mine
https://steemit.com/hive-172186/@jansepu/introduceyourself-hello-steemit

Thank you @cryptokannon for informing us .Its a big help for me as a new here.

Will translate it in SteemSEA for indonesia newcomers. it will definitely useful for them to have better understanding of using auto vote and giving authorities of the account to third parties

Thanks

Hi @cryptokannon, I have compiled the entire achievement task guide in Indonesian in one post
https://steemit.com/hive-172186/@heriadi/kumpulan-panduan-tugas-achivement-dan-materi-tugas-pencapaian-bagi-pendatang-baru

Thank you for giving me this opportunity

Thanks [email protected]
it is a good solution for saving coins

Hi @cryptokannon... I have chosen your post on "-Understanding Posting & Active keys Authority-" for my daily re-steeming initiative - voting and commenting...
alegria+.jpg
Let's keep working and supporting each other to grow Steemit.

Terimakasih infonya bu 🙏

Thanks for giving us information about this

cryptokannon up vote plz

Truly helpful! Thank you so much. We will keep this in mind.

Hola a todos amigo estoy nuevamente activo en esta plataforma,espero puedan ayudarme con al menos un reesteem de mi #logro1
https://steemit.com/hive-172186/@rhom82/logro1-presentacion-en-steemit-escrito-original-de-rhom82-18-04-21-newcomerscommunity.. Saludos desde brasil

Please verify my account

hola amiga, muchas gracias por esa informacion, estoy activandome nuevamnete en steemit y desconozco muchas cosas, y esta información para mi es de mucha ayuda para estar pendiente de mi cuenta.

Thank you for this @cryptokannon, this so very informative.

They could say they don't store it but you never really know. How many times have an app from the app store ended up with a back door?

I save my keys on a trusted centralized browser. Google security for the win.

This is not an accusation. Must be phishing links...

Greetings @cryptokannon, thank you so much for your very informative article.
I am so grateful that I have been in this platform the steemit.

Thank you for the information Mrs. @cryptokannon I am a newbie and information would be more useful to me following you on Twitter too now

@cryptokannon please look into my account, i don't like what am seeing there. please help me to solve the issue