
Steem has five different keys or passwords associated with accounts. Four of these are used with typical accounts and the fifth is used by witnesses. They are: owner, active, posting, memo, and signing keys. Each has its own set of functions and limits.

| post, comment, vote, follow | |||||
| transfer funds, make trades, power up/down, change posting/memo/witness/active keys, vote for witnesses | |||||
| change the owner key | |||||
| view private messages |
The owner key gives full control over your Steem account. Its user is able to post, vote, transfer funds, vote for witnesses, and change all keys including being able to change the owner key. Notice I said "its user" and not "you"? Because if someone were to get your account or owner password, they can change all the keys and take your account and whatever it is worth for themselves. The owner key is meant to be used basically only if necessary, and otherwise written down/etched in stone and put into "cold storage," a crypto term for keeping your keys off of running or internet-connected computers. The only thing the owner key can not do is decrypt private messages/memos sent to you, only the memo key can.
The active key can perform almost all functions for an account except change the owner key. It can change all other keys on an account, including the active key. The active key can do everything the post key can do, plus allows transferring, trading, powering up/powering down Steem Power, and voting for witnesses. It cannot decrypt private messages encrypted to your memo key, though if you log in with the password you made when making an account via fb/reddit (don't, see below for why), both of these will be available simultaneously.
The posting key allows accounts to post, comment, vote, and follow other accounts. This is what most users should be logging in to Steemit with every day, only using the active key when something to do with transferring funds or changing keys is necessary. You are more likely to have your password or key compromised the more you use it, so a limited posting key exists to limit the damage that a compromised account key would cause.
The memo key is the only key that can decrypt private messages sent to your account. Before you ask, the feature isn't implemented on Steemit yet. :)
The signing key can be used by witnesses to sign blocks. It's set with the update_witness transaction signed using an active or owner key.
You might be asking, "Keys, what keys? I only have the password I made when I signed up." The password you made when signing up via Facebook or Reddit actually generates all four main keys for your account. You can see this by going to your account's permissions page (https://steemit.com/@insertyouraccountname/permissions). You will be able to show any key including the owner key. This means you're logged into all of these keys at once. For daily non-transactional use you should be logging in with your posting key only. See the posting key link below for instructions.
How to login with your posting key (and why this is important)
How to use or make a secure enough posting key and switch to using it to log in.
Your Steem account is worth money! How to secure it with a new owner key to keep it yours forever
How to make a very secure owner key for cold storage.

This newly created download able webpage generates new public private keys for you to secure your account.
The procedure is very simple:
dist/index.html in your browserThe page will generated four new keys for your (owner, active, posting memo).
After creation of your new keys, you should print out the page and write the password on it with a pen!
You can change the keys on your permission page:
First read @pfunk's excellent article.
I highly recommend that you generated a
Put at least the printed owner key into a safety deposit box and make sure to have it printed out multiple times!!
I now pushed version 0.2 and 0.3 that allow you to print your master password and let you uncover the typed password.