Account Recovery - About trusting and not being trusted
A few days ago, during the Hive Meetup organized by the Spanish-speaking community, I presented the Hive Account Recovery Services that I created.
During the ensuing Q&A session, someone asked the following question:
At first, I answered with a "Yes, that could be a good choice" and me to qualify my answer ... "Of course, you have to trust @blocktrades (which is true for me) or @arcange (which is also true for me)".
But later, I went back on my answer by saying "No, you should NOT do that!"
Why this change of mind?
It seems that at first, I let myself be carried away by my emotions and my personal experience. Let me explain.
You have to admit that when someone shows their trust in you and asks you to be their recovery account, it flatters your ego a bit. We also want to honor this trust and respond to it in the same way.
Yet I felt like I heard my little voice telling me "Hmmm, are you sure that's the right answer?".
At first, I imagined it whispering it because I didn't want to take on this responsibility and considered @hive.recovery to be a much better candidate. After all, that's why I created such a service and I had just introduced it to the audience.
It was only after a little while that I really understood why such reluctance.
The key factors of the recovery process
Fogged up by the bias described above, I had completely overlooked two important factors in choosing your recovery partner:
1. Reverse identification
Your recovery account must be able to formally identify you!
Take the case of @blocktrades and the fact that I could choose him as my Recovery Account.
Beyond trusting him to have the technical skills and be willing to help me recover my account if it were to be compromised, I also trust him that, if he should receive a request to recover my account, before executing such request:
- he will try to verify if it's me, @arcange, who is making the request.
- he has the ability to identify me without a doubt.
The above two lines must absolutely guide the choice of your Recovery Account!
Dan (@blocktrades) knows me personally. We met physically (meaning in the "real" world, don't be kinky 😜) and I can for example remind him of certain elements of conversation that we had together and that only the two of us know. I believe he will ask me other questions as well. Therefore, I know he will be able to identify me with certainty.
In the case of people asking the question during the meetup, I had no information about them: neither their name, where they lived, nor even what they looked like. Nothing.
Another point to which you must be particularly careful in choosing your partner: you must know how to contact him.
It is absolutely useless to choose someone you trust if you don't have their consent, if you don't know how to send them your account recovery request and if you are not sure that they will respond to you. within a certain period (as short as possible).
Why are these key factors?
The ideal for a hacker is to take full control of an account in order to:
- Empty your wallet of its liquid tokens.
- initiate a power down to get their hands on your Hive Power.
- initiate a transfer from your savings to make your tokens liquid.
- use your account to scam other users.
1. Reverse identification
Imagine that you are smart enough not to leak your password or keys, but that a hacker notices that you have just changed them. He could then contact your recovery account, pretend to be you and say "Hey, my account just got hacked, can you help me get it back?"
If your recovery account is not cautious and runs without due diligence, it could be the one giving control of your account.
Identity theft is so easy to do these days. Reverse identification is a must and any reliable recovery account holders should categorically refuse to initiate the recovery process if they are not able to identify the requester 100% certainty!
This is what I expect from my recovery account in order to protect my account!
You must be able to communicate quickly with your recovery partner.
- A transfer from your saving takes only 3 days.
- You and your recovery partner only have 30 days to complete the recovery process.
- Each week that passes, a 13th of your funds become available to the hacker.
If you do not know how to reach your recovery partner or if it does not respond, you are in trouble. And after 30 days, it will be game over. You will have permanently lost your account!
As you can now see, choosing or being a recovery account is something important to think about a bit, from both parties
Choosing a recovery account
- Pick someone around you who you trust, who can formally identify you.
- Ask him for his agreement before making the change
- Your choice is not final. If your partner disappears or no longer deserves your trust, change your recovery account.
- If you don't know who to choose, use @hive.recovery services.
Being a recovery account
- Be aware of the responsibility you take.
- If you agree to do so, set up an identification protocol.
- Pay attention when the day you need to act comes. Scammers are cunning and clever.
- Feel free to decline and tell your friend about @hive.recovery
I hope that this few information and tips will help you better understand the Account Recovery process and its subtleties, and enable you to make the right choice.
Take mutual care of your accounts!