Hive Account Security: Take These Two Steps And Never Ever Lose Access

avatar
(Edited)

cover.jpg

It is comfortable to know how utterly robust the recovery process on Hive is. The algorithms governing the security of your account and its recovery - should anything go badly wrong - work, and they work very well. As long as there are a few critical settings in place, you can feel secure that your account will always remain under your control and, even if you get hacked or your keys are stolen, you can fairly easily get it back.

recoveryAcc.jpg

Here's what to put in place to secure your Hive account:

  1. ensure your 'Recovery Account' is set to something other than 'steem'. This could be an alt, or somebody you know and trust. If you were on the Steem blockchain before the birth of Hive and you haven't changed the recovery account, there is a good chance it could still be set to 'steem'
  2. ensure your 'Master' and 'Owner' passwords are always stored offline in hard and soft copies (printed and on some form of removable media). These are almost never required and they do not need to be handy. The only use case I know of for the 'Owner' key is to change the keys of the account or to recover it. The 'Master' password is the key generator by which you can obtain all the keys for the account. Keeping these two bits of valuable information offline will ensure that nobody can steal them from your computer and also that you will not use or lose them by mistake. If you do reveal your posting or active keys or you get hacked, your owner key will allow you to immediately change the account keys and stop any actions that may have been taken on your account. If a hacker obtains your owner keys, then, by changing the account keys, you may be locked out altogether - not your keys, not your account/crypto. HOWEVER, even then you have a chance at recovery - how amazing is that? As long as you have a functional recovery account (ie not set to 'steem', but someone you trust or an alt), you can use an 'Owner' key which was valid no more than 30 days before the recovery attempt, in order to immediately recover your account and regain access with new keys that supersede those of the hacker! This is incredibly robust.

keyGen.jpg

Summary of Hive account keys:

  • Posting: the key used most often (posting, commenting etc), but without the power to make major account changes
  • Active: the highest level of key you will ever need for practical day to day transactions, such as moving funds around or editing your profile
  • Memo: a low-level key used for reading encrypted memos
  • Owner: this is the highest level of key for your account. AFAIK, you would only need this for changing account keys or account recovery; it is best stored offline in hard and soft copies and not on your phone/computer
  • Master: this is the 'key generator' for the account. Even if this is the only key you have, it can be used to generate the correct keys for the account using a tool like Hiveworld or PeakD; this Master Password is best stored offline in hard and soft copies and not on your phone/computer.

Why is this post being written?

Simple, I went through the month of October in a coma of lost account and keys due to not having observed the critical points mentioned above. I wasn't hacked, but I did lose access and I had thought my account was gone for good. For all but a heart-stopping 9-minute window out of 30 days, the recovery account was set to 'steem' and I could do nothing about it.

I ended up studying the recovery process from multiple angles before eventually arriving at a way of recovering the account, helped enormously by Hive witness @deathwing. It was a breath-taking adventure which you can read about here, and one I would not wish on any Hiver. I am sharing what I feel to be the gems of this experience - fortunately not a bitter one - with anyone who might not be aware of how badly things could get messed up and also how easily such a situation could be avoided entirely!

Resources:



0
0
0.000
15 comments
avatar

This post has been rewarded with an upvote from city trail as part of Neoxian City Curation program . We are glad to see you using #neoxian tag in your posts. If you still not in our discord, you can join our Discord Server for more goodies and giveaways.

Do you know that you can earn NEOXAG tokens as passive income by delegating to @neoxiancityvb. Here are some handy links for delegations: 100HP, 250HP, 500HP, 1000HP. Read more about the bot in this post. Note: The liquid neoxag reward of this comment will be burned and stake will be used for curation.

0
0
0.000
avatar

DUDE!

BlogChain 220.jpg

0
0
0.000
avatar

hiveIT.jpg

0
0
0.000
avatar

I did it finally... Sorry it took so long. Really appreciate all the gentle reminders and HIVE Regards for your thrilling account lose story from last month.

From the begining I was an early process adopter of the whole BY HAND way of the Crypto Key. From there it spread out to ideas on how to Local Area Net, then that became the way to figure out how centralized our lives really are with tech.

So then I became only interested into going forward in time with less and less of this technical duplicity following us. So I was REALLY interested in hearing about the Intentional Community you studied with and see to it that I begin MY IC off a very simple Blockchain like this.

I still think there will be the option for you and I to call in and discuss some of this stuff with a very small audience of interested folks from the chain. @the-outpost is tryna set something like that up. I wish her great luck because someone needs to do it but the VIMM group is run by children so IT likely will fall apart eventually.

Till then thank You for this fantastic ART piece!
As always, High Regards Bruv

kboomer.jpg

0
0
0.000
avatar

Scary situation there! I thankfully switched mine over months ago once I realized the vulnerability. I think as well if you create an account that's an alt through a service like PeakD you are set as the recovery account. I haven't made an alt in a while but I think that's how it works.

Glad you were able to get it squared away!

0
0
0.000
avatar

if you create an account that's an alt through a service like PeakD you are set as the recovery account

Pretty sure that's right. Accounts I created for others using resource credits etc have the account creator set as recovery account, which is sensible. The 'steem' issue applies to older accounts, AFAIK those created by Stinc.

Good for you for acting on this realisation - it was my lack of action that almost cost me dear.

Thanks for stopping by and commenting :)

0
0
0.000
avatar

Definitely doing this now. Very helpful post. Thanks for all the information.

0
0
0.000