Keys & Security

in TheTerminal2 months ago (edited)

Several people on Hive have written posts about Keys and security, but those posts can rapidly disappear into oblivion without being seen by many people — especially the newer folks who really need to see them. So, here is another one, perhaps with simpler wording or other information that hopefully will be useful to some of my readers.


~ image source: Sahan Jayasuriya on Unsplash.com ~

Many of the newly-joined folks to the blockchain are mystified by the absence of relatively simple passwords as they use on Facebook, Twitter, and other sites. There is a good reason for this, though — money is involved! In order to keep accounts better secured, encrypted Keys are used instead of simple passwords. Furthermore, the blockchain is decentralized, so there is no one person or group that can recover your credentials if you lose them. But, the blockchain offers a decentralized Account Recovery process, which involves an indirect method of gaining access to lost accounts with the assistance of another person or project who can verify your identity.

So, long, complex 5JDsRQ9egbiGG9C6gF27Vx4bZYhpxi678nvXLWUiGFaJEVWicpY Keys are there for your account's protection! Be glad that the blockchain is so secure, even if it's a bit more of a headache to keep the Keys straight. Of course, it isn't very difficult at all to keep Keys straight with the help of one of three awesome tools:

What credentials do we have on the Hive blockchain?

Besides one's @username, the following are supplied to everyone:

🔹 MASTER PASSWORD

The MASTER PASSWORD should only be used on rare occasions such as changing your Keys if you suspect your account has been compromised. Even though it has the word "password" in the name, it should never be used on an everyday basis for logging into your account. It should only be used when specifically prompted that an operation requires your Master Password!

In blockchain technology, this Master Password is actually what is called a seed, and its main purpose is serving as an input in deriving your Keys. That's why it should be carefully guarded, because it serves as a gateway to all of your account Keys. Using the Master Password for everyday logins to the blockchain is probably the most common mistake that contributes to loss of one's account.

From that MASTER PASSWORD, the following four KEYS are derived:

🔸 OWNER KEY

The OWNER KEY is proof that you own your account, and is only to be used in an 'Account Recovery' operation or to reset your other Keys — nothing else! Of the four Keys generated by your Master Password, this one requires the highest security and safety. Whoever has this Key owns your account!

🔸 ACTIVE KEY

The ACTIVE KEY is the one necessary for all wallet transactions as well as voting for witnesses and proposals. It should only be used when prompted to perform those transactions, or to verify another transaction (as in Hivesigner). Whoever has this Key controls your wallet!

🔸 POSTING KEY

The POSTING KEY is required for writing blog posts, commenting on others' posts, and upvoting content. Whoever has this Key can pretend to be you in comments, etc., and is how thieves gain the confidence of others with their phishing links. However, this is the safest option for logging-in and the one that you should use to login on an everyday basis!

🔸 MEMO KEY

The MEMO KEY is only used if you need to encrypt or decrypt a 'Memo' field in a wallet transaction. I've only used it once in the almost-four-years I've been on the blockchain.

How does one find their Keys?

Ideally, when you joined the Hive blockchain, you saved your Keys at that time. Each of the onboarding interfaces provides them in a different way. Some show them to you on-screen immediately after your account is created and instructs you to save them, while some interfaces provide a PDF file that you can download with all the Keys in it.

Each interface to the Hive blockchain has a way of revealing your Keys, but you will need your Master Password to view them. The following screenshots will assist in this.

🔸 HIVE.BLOG

This is the default interface to the Hive blockchain. The software behind HIVE.BLOG is also used by many of the Tribes, so if you use  https://palnet.io  or most other Tribe interfaces, the steps will be the same.

Go to your blog page and click on the Wallet item. Login to your wallet and click on the tab for "Keys & Permissions." Scroll down the page and click "Reveal" beside any of the Keys you wish to see. For the sake of security, you will have to enter your Master Password to proceed. You only need to save the "Private Key" for each Key pair.

🔸 PEAKD.COM

https://peakd.com is one of the enhanced interfaces to the Hive blockchain. It allows you to do everything that HIVE.BLOG offers in addition to many more tools and services. To see your Keys on PEAKD, go to your blog page. Click on the "Account Actions" button, and select "Keys & Permissions." Click the "Reveal All Keys" button at the bottom of the page. For the sake of security, you will have to enter your Master Password to proceed.

🔸 ECENCY.COM

https://ecency.com is another of the enhanced interfaces to the Hive blockchain. As with PEAKD, it offers a different layout and some tools that are not available on the HIVE.BLOG interface. To see your Keys on Ecency, go to your blog page and click on "Settings" and then the "View Private Keys" button. For the sake of security, you will have to enter your Master Password to proceed.

Protect your Keys!

Once you have your Keys, please put them in a safe place! Or, better yet, put them in several safe places! A 'thumb drive' (a.k.a.: Flash Drive, USB Drive) is one good option. But remember that all hardware can potentially fail, so placing the Keys on multiple Thumb Drives is better than just one.

Of course, if your thumb drive is ever lost or stolen, you risk having someone else in possession of your Keys. For this reason, naming the file "My Hive Keys" or something else very obvious is not a good idea! I know one person on Hive who has saved his Keys to a file on a thumb drive, but he did something clever — he changed the third character in each of the Keys to the next-highest alphabetic letter or number. So, if a Key had an 'a' in the third position, he changed it to 'b' instead. If a Key had the numeral '5' in the third position, he changed it to a '6' instead. Someone else on Hive does the same thing, but changes the seventh character rather than the third.

Another good option is to use a secure "password manager" app. There are many available, such as LastPass, 1PASSWORD, Dashlane, NortonPasswordManager, and others. The only drawback to those is that a paid 'subscription' to use the app is usually required. But if you do a little research beforehand and chose a basic service with only options you truly need, the secure feeling you have might be worth a little money.

Keeping your four Keys and Master Password secure accomplishes several things:

  • Keeps your personal account on the blockchain safe, and preserves your reputation as being an informed, cautious, and upstanding member of the platform
  • Protects your funds from thieves
  • Prevents the necessity of having to go through the Account Recovery process
  • Preserves the integrity and reputation of the Hive blockchain, as a whole, in the eyes of the crypto-world. We do not wish to become known as a blockchain full of careless folk who cannot keep their own accounts & funds secure. Not only would that tarnish our public image, but it would also invite even more thieves to join the platform.

~ LET'S ٠ STAY ٠ SAFE ٠ OUT ٠ THERE! ~

 😊

SOURCES
   1 Hive.Blog FAQ – Security
   2 Hive Wallet – Permissions


21-Jul-2021

Sort:  

A 'thumb drive' (a.k.a.: Flash Drive, USB Drive) is one good option.

I call it simply pendrive. By the way, it is a good idea to put some secure encryption on it, so if you lose the pendrive, people will not get access to your wallet, and you can change your keys much before anyone would hack that encryption. This is a much better technique than changing the third character in each of the keys.

Hi @thekittygirl
I found your blog via @brittandjosie and read this article first. Thank you for that detailed description of everything key related, including the pitfalls.

pixresteemer_incognito_angel_mini.png
Bang, I did it again... I just rehived your post!
Week 66 of my contest just started...you can now check the winners of the previous week!
4

This post has received a 100.00% upvote from @fambalam! Join thealliance community to get whitelisted for delegation to this community service.

Your content has been voted as a part of Encouragement program. Keep up the good work!

Use Ecency daily to boost your growth on platform!

Support Ecency
Vote for Proposal
Delegate HP and earn more

Key information that always comes in handy.

Easy to read and informative! Hopefully, your post helps others.

This post has been manually curated by @bhattg from Indiaunited community. Join us on our Discord Server.

Do you know that you can earn a passive income by delegating to @indiaunited. We share 80 % of the curation rewards with the delegators.

Here are some handy links for delegations: 100HP, 250HP, 500HP, 1000HP.

Read our latest announcement post to get more information.

image.png

Please contribute to the community by upvoting this comment and posts made by @indiaunited.

This post gave good description of the keys.

This was a very useful post. Thank you! I have managed to access my Posting, Active and Memo keys from the keychain plugin. However I can't seem to find the owner key anywher in the hiveKeychain. I found all 4 keys in my Hive wallet, but when I click reveal, it asks me to log into the hiveKeychain again and then nothing happens. Any idea what I can do to reveal the Owner Key so that I can back it up?

You have to actually put your Keys into Keychain. I edited the post to add the steps to find your Keys in each of the main interfaces to Hive! THANKS for your comment that led to that additional info being added! 🙂

Excellent! Thanks so much for adding this information. I know have all my keys backed up. 😁

I can not repost these enough! Thank you so much for this! (again) You are amazing. xoxo