Several people on Hive have written posts about Keys and security, but those posts can rapidly disappear into oblivion without being seen by many people — especially the newer folks who really need to see them. So, here is another one, perhaps with simpler wording or other information that hopefully will be useful to some of my readers.
~ image source: Sahan Jayasuriya on Unsplash.com ~
Many of the newly-joined folks to the blockchain are mystified by the absence of relatively simple passwords as they use on Facebook, Twitter, and other sites. There is a good reason for this, though — money is involved! In order to keep accounts better secured, encrypted Keys are used instead of simple passwords. Furthermore, the blockchain is decentralized, so there is no one person or group that can recover your credentials if you lose them. But, the blockchain offers a decentralized Account Recovery process, which involves an indirect method of gaining access to lost accounts with the assistance of another person or project who can verify your identity.
So, long, complex
5JDsRQ9egbiGG9C6gF27Vx4bZYhpxi678nvXLWUiGFaJEVWicpY Keys are there for your account's protection! Be glad that the blockchain is so secure, even if it's a bit more of a headache to keep the Keys straight. Of course, it isn't very difficult at all to keep Keys straight with the help of one of three awesome tools:
Besides one's @username, the following are supplied to everyone:
The MASTER PASSWORD should only be used on rare occasions such as changing your Keys if you suspect your account has been compromised. Even though it has the word "password" in the name, it should never be used on an everyday basis for logging into your account. It should only be used when specifically prompted that an operation requires your Master Password!
In blockchain technology, this Master Password is actually what is called a seed, and its main purpose is serving as an input in deriving your Keys. That's why it should be carefully guarded, because it serves as a gateway to all of your account Keys. Using the Master Password for everyday logins to the blockchain is probably the most common mistake that contributes to loss of one's account.
The OWNER KEY is proof that you own your account, and is only to be used in an 'Account Recovery' operation or to reset your other Keys — nothing else! Of the four Keys generated by your Master Password, this one requires the highest security and safety. Whoever has this Key owns your account!
The ACTIVE KEY is the one necessary for all wallet transactions as well as voting for witnesses and proposals. It should only be used when prompted to perform those transactions, or to verify another transaction (as in Hivesigner). Whoever has this Key controls your wallet!
The POSTING KEY is required for writing blog posts, commenting on others' posts, and upvoting content. Whoever has this Key can pretend to be you in comments, etc., and is how thieves gain the confidence of others with their phishing links. However, this is the safest option for logging-in and the one that you should use to login on an everyday basis!
The MEMO KEY is only used if you need to encrypt or decrypt a 'Memo' field in a wallet transaction. I've only used it once in the almost-four-years I've been on the blockchain.
Ideally, when you joined the Hive blockchain, you saved your Keys at that time. Each of the onboarding interfaces provides them in a different way. Some show them to you on-screen immediately after your account is created and instructs you to save them, while some interfaces provide a PDF file that you can download with all the Keys in it.
Each interface to the Hive blockchain has a way of revealing your Keys, but you will need your Master Password to view them. The following screenshots will assist in this.
This is the default interface to the Hive blockchain. The software behind HIVE.BLOG is also used by many of the Tribes, so if you use https://palnet.io or most other Tribe interfaces, the steps will be the same.
Go to your blog page and click on the Wallet item. Login to your wallet and click on the tab for "Keys & Permissions." Scroll down the page and click "Reveal" beside any of the Keys you wish to see. For the sake of security, you will have to enter your Master Password to proceed. You only need to save the "Private Key" for each Key pair.
https://peakd.com is one of the enhanced interfaces to the Hive blockchain. It allows you to do everything that HIVE.BLOG offers in addition to many more tools and services. To see your Keys on PEAKD, go to your blog page. Click on the "Account Actions" button, and select "Keys & Permissions." Click the "Reveal All Keys" button at the bottom of the page. For the sake of security, you will have to enter your Master Password to proceed.
https://ecency.com is another of the enhanced interfaces to the Hive blockchain. As with PEAKD, it offers a different layout and some tools that are not available on the HIVE.BLOG interface. To see your Keys on Ecency, go to your blog page and click on "Settings" and then the "View Private Keys" button. For the sake of security, you will have to enter your Master Password to proceed.
Of course, if your thumb drive is ever lost or stolen, you risk having someone else in possession of your Keys. For this reason, naming the file "My Hive Keys" or something else very obvious is not a good idea! I know one person on Hive who has saved his Keys to a file on a thumb drive, but he did something clever — he changed the third character in each of the Keys to the next-highest alphabetic letter or number. So, if a Key had an 'a' in the third position, he changed it to 'b' instead. If a Key had the numeral '5' in the third position, he changed it to a '6' instead. Someone else on Hive does the same thing, but changes the seventh character rather than the third.
Another good option is to use a secure "password manager" app. There are many available, such as LastPass, 1PASSWORD, Dashlane, NortonPasswordManager, and others. The only drawback to those is that a paid 'subscription' to use the app is usually required. But if you do a little research beforehand and chose a basic service with only options you truly need, the secure feeling you have might be worth a little money.
Keeping your four Keys and Master Password secure accomplishes several things:
- Keeps your personal account on the blockchain safe, and preserves your reputation as being an informed, cautious, and upstanding member of the platform
- Protects your funds from thieves
- Prevents the necessity of having to go through the Account Recovery process
- Preserves the integrity and reputation of the Hive blockchain, as a whole, in the eyes of the crypto-world. We do not wish to become known as a blockchain full of careless folk who cannot keep their own accounts & funds secure. Not only would that tarnish our public image, but it would also invite even more thieves to join the platform.