I would hope that everyone knows the first rule of Steemit:

Do not lose your keys!

It may be possible to recover them, but it's really up to you to protect them. Unlike most sites there are several keys (basically passwords) that you need to be aware of:

• Posting key: This is what you should log into Steemit with. It's all you need to post, comment and vote. It cannot be used to transfer funds.
• Active key: You need this for any sort of transfer, either to others or between your Steem, Steem Power, Steem Dollar and savings wallets. This should be kept more secure than your posting key.
• Owner key: You really shouldn't need this very often. It lets you change the other keys, so keep it somewhere really safe.
• Memo key: Nobody seems to use this. I don't think the memo feature is available from the site.

You'll notice there's a print button that appears when you show the private key. It may be worth printing this page and putting it somewhere safe.

So where should you keep your keys? I use Lastpass. It's a free password manager with extensions for most browsers and mobile apps. You need to set a really good master password, but you can enhance security with second factor. I use the Google code generator, so someone would need my password and my phone to log in. To make specific passwords more secure you can require the password to be re-entered before they can be used. The extension will enter the password for you and I believe this bypasses the clipboard. I use Lastpass for everything and let it generate random passwords for most sites.

For the owner key you could opt to use an off-line password manager, such as Keypass, but ensure that is backed up somewhere.

Something I don't understand is what are the keys that are shown on the screen above before you show the private ones? Are these used for anything. I think this is one of the more confusing aspects of Steemit. There is some information on the FAQ, but I know there are other posts out there about this.

I saw someone on another social site criticise Steemit for using such unwieldy passwords. She wanted to use something show could remember, but that is just not good security. Memorable passwords are more likely to be hackable and it's tempting to re-use them. I don't think it's viable to extract passwords from the Steemit blockchain, but sites get hacked all the time and if you had used the same password elsewhere then the crooks would be trying it everywhere possible.

To further protect your funds you should keep your Steem Powered up as it takes at least a week to extract any of that. There are also the savings wallet that take 3 days to move anything out. If you Active key were compromised you would have some time to change it with your Owner key and stop the transfers. This is all in the FAQ, so please take the time to read through it. I think some people have not realised that there is a whole set of extra options hidden in the menu at the top right of the page.

I don't claim to know all the details, but please leave questions in the comments and I will try to help. I want everyone to have a safe and secure experience on Steemit. What you make here has real value and needs to be protected.

I'm Steve, the geeky guitarist.

Mine cryptocurrency in the cloud at Eobot, including Steem. You can earn as you chat using WowApp. If you use these links I get a small reward. You can recruit others to do the same.