In a previous post, I wrote about Steem Private and Public Keys Demystified. Please read it before you continuing with this post. If you don't understand it fully, read it again and again until you do. For the rest of this guide, I will be talking about the PRIVATE keys, for the sake of clarity, I won't be typing "private" every time. To know the difference between private and public keys, refer to the post I just mentioned. My emphasis will be on the Owner Key. Steem is not the average easy platform. It's a complicated environment. It's a learning curve.
During your first login, the system asked you to generate a new password. The password is the same thing as the owner key. It was repeated many times: Do not lose your password. Guess what, despite the warnings, people still manage to lose it! Every week we get cases of lost passwords in the help channel on Steemit.Chat, whether it's a new user just logging for the first time, or someone not having a backup of their password. And when the poop hits the fan, they rush freaking out about it. 99% of the time, it's the user's fault. Here's a good example from the user 
What's in a Wallet?
Your Steem account is a wallet. It earns you money, it holds your money. Treat it with respect. The owner key is the key to your safe, which contains your money, if you lose it, you lose your money. Notice how many times I said money? People will pay attention when they hear money (no pun intended). So pay attention to your owner key. Don't come crying if you got hacked, lost your owner key, and can't access your hard earned money, while someone is draining it. Don't be reckless.
Securing the Owner Key
Back up the the owner key OFFLINE, it means some place that is not connected to the Internet. It could be a in a text file saved on multiple USB keys; the more the merrier. If you can encrypt the file (PGP/GPG for example) or compress it with a password, that's even better. Of course, don't forget the zip password or lose your PGP keys, right?
Also, it could be written on a piece of paper and secured in a safe, away from fire and other earthly hazards, such as your faithful dog who loves to chew on your things, or your cute baby drooling over your desk. However, keep in mind the owner key is case-sensitive, if you mistype it when you need it, you will be denied access to your account. The owner key starts with P5 and is 52 characters long, while the other keys start with 5 and are 51 characters long.
Whatever your do, NEVER EVER send yourself an email with your owner key. That's the riskiest careless atrocious backup method. Emails are the prime target for hackers; if they stumble on your nifty owner key, you can kiss your account goodbye.
And most importantly, double check that the owner key you backed up or written on that paper IS WORKING, before you can breathe with assurance. Open a new browser instance and try it.
It goes without saying, NEVER share your private keys with anyone, unless you completely trust them, like a family member or a loved one.
📌 Copy/Paste Tip: sometimes the commonly used copy/paste method (CTRL-C, CTRL-V) can change the character encoding of the string, depending on the apps being used. If your password isn't working all of a sudden, it may be related to that issue. Make sure the password is in a plain text file, not a Word or other text processing document. Try to copy with CTRL-INSERT and paste with SHIFT-INSERT, this can solve this rare problem. These instructions are for a PC (Windows/Linux); for MAC computers, I have no solution, they live in a different world with weird keyboard buttons. I'm part of the PC Master Race, sorry.
How Bad Can It Get?
There are two outcomes for a troublesome account.
1- You completely lose the password. In which case there's NO WAY to recover your account. You'll be locked out forever. You need to create a new account. However, if you have your posting and active keys you can still manage to secure your funds to a new account you create. But without the owner key, you won't have total control over your account.
2- Someone got a hold of your password, logged into your account, changed the password and key set, stole your stash (SBD, STEEM), then initiated a power down. Steem has a mechanism which allows the account recovery by the trustee that created your account, for example steem. steem is the main account creator controlled by Steemit.com. You can initiate a Stolen Account Recovery at https://steemit.com/recover_account_step_1, on the condition that you have the old owner key. If someone else created your account, they can follow the instructions in 
Steem Little Secret: Granting Permissions
It's not a secret really, developers know this, but are you aware you can allow another account/key to interact with your own account? Yes you can, by granting posting, active or owner permissions! Do I see some eyes twinkling all of a sudden? Granting posting permissions is usually done when people subscribe to trails, on streemian for example. If you give posting permissions to someone else, they can log into your account using THEIR posting key, and post/upvote/downvote for you. Cool isn't it?
Granting access can be done with cli_wallet, or more easily with steem-python (https://github.com/steemit/steem-python). The command line is different in cli_wallet. Here is the command for steempy:
steempy allow --permission active --account your_account foreign_account
If you don't want people to see which account was granted permission, you can use its public key (posting, active or owner) like this:
steempy allow --permission active --account your_account foreign_public_key
The permission parameter can be posting, active or owner.
To revoke a permission, you use disallow instead of allow.
Interesting isn't it? Very practical too. You can create a backup account, grant it access to your main account, and in the case of a problem, you have an ace in your sleeve and can at least rescue your funds. This method is not user friendly, I can write a more detailed post about it, if you guys are interested.
Conclusion
Use the posting key to login for your daily blogging activity. Have the active handy when you want to make money transactions. Safeguard your owner key as if your life depended on it, and don't use it unless you really need to. Be smart, be careful, be secure.
P.S. I'm chatting with a user just now from the help channel. He's trying to create a new account because his computer was stolen before he had the chance to use his account. He had his password backed up only on that computer. Hence the importance of having a backup in cold storage, and in several places.
ADDENDUM
I want to add an important note about Bittrex.com transactions. Their transaction page can be misleading because it's not very clear to new users. The MEMO field is OPTIONAL, but they don't mention it! You can leave it empty or write whatever your like. Dozens of people have made the mistake of writing their private or owner keys in there! NEVER do that, because it will show up on the blockchain and in your wallet. A malicious person can take advantage of that.
I said it in my first guide and I repeat it again: NEVER share or use your private keys with anyone (including foreign websites), especially the Owner or Active keys.
Also, always do a small test transaction and check your wallet, before doing a bigger one.
Check 
project.Join us on https://discord.gg/GpHEEhV
Available & Reliable. I am your Witness. I want to represent You.
🗳 If you like what I do, consider voting for me 🗳
Thank you for your support.
If you never voted before, I wrote a detailed guide about Voting for Witnesses.
Go to https://steemit.com/~witnesses
Enter my name in the voting textbox and press VOTE once.
Alternatively,
with cli_wallet : vote_for_witness "YOURACCOUNT" "drakos" true true
with steem-python: steempy approvewitness drakos --account YOURACCOUNT