Some Precautions For Your Accounts

in OCD11 months ago

It's been a while since the Hive-Steem split already.

I wonder how many of us have taken precautions after the split, regarding our accounts.

I know I have been quite relaxed about it.

But the recent soft fork on Steem worried me, especially realizing I know little to nothing about most key players now on Steem. Players with ability to change code arbitrarily, to control key tools like SteemConnect and possibly more.

I'd go even further and not make it about who has access or controls what on Steem.

Let's say phishing takes place and some fall for it. Let's say some private keys are leaked somehow.

If you have the same master password / private keys for your account on Hive and your account on Steem and one becomes compromised, so is the other one.

That is why it is paramount that you change your master password, especially for your account(s) on Hive.

You should also use different passwords / lock codes for storing your private keys by HiveSigner vs. SteemConnect, Hive Keychain vs. Steem Keychain, Peak Lock on SteemPeak vs. on PeakD.

One other precaution you should take and I've seen this stated multiple times around the fork and after, is to change your recovery account, if it's @steem. You should do that on both Hive and Steem, unless you started it before the fork! Unless of course you trust the new Steemit, Inc. to initiate the recovery procedure for you in a timely manner if someone compromises your account.

One other thing you should do is check the positions of your witness proxy -- if you have one set -- prior and post the split and, if you agree with their positions, keep your witness proxy account, otherwise change it.

About changing the master password, private keys and recovery account on either Steem or Hive, here's an easy to follow process.

To make changes on Steem, use SteemPeak. To make changes on Hive, use PeakD.
Go to your account's profile and follow these easy steps:
image.png

  1. Click on Actions button at the right side (as in the image above)
  2. Click on Keys & Permissions from the dropdown menu
  3. Choose "CHANGE PASSWORD" from the menu to change the master password and implicitly the private keys
  4. Choose "RECOVERY ACCOUNT" from the menu to check who is it and change your recovery account

The instructions on PeakD/Steempeak are easy to follow, so I'm not going to pretend I know how to present them in a better way.

Be safe, in all the relevant ways!

Sort:  

Funny that I forgot to do this myself ...thanks for the reminder :)

I shared as soon as I did it myself. Thought about it before I went to sleep last night.

So you are saying that if one ever used steem connect they should change their masterkey, that's the one they tell you to never lose right? When changing that does that automatically change the others or will you at that time be asked if you want to change active and posting keys also?

Then when we do this on hive it will change the keys you came over here with to one's exclusively to hive?

On account recovery who do we assign the recovery option to on each site?

So you are saying that if one ever used steem connect they should change their masterkey

I'm saying anyone who uses Hive, regardless if they still use Steem or not, should do the following (at minimum):

  • change account password on Hive as described in the post (the interface on PeakD will provide you with more details, yes that will mean automatically changing all private keys which are derived from the master password, and yes, that means you will have to re-add them to Hive Keychain or HiveSigner or PeakLock, but all that you'll be told by the PeakD interface, so read carefully)
  • change locking/storing password on Hive Keychain, HiveSigner, PeakLock as a precaution (especially for HiveSigner, unless you know and trust the current devs of SteemConnect from Steem)
  • change recovery account, if it's @steem

On account recovery who do we assign the recovery option to on each site?

That is up to you. It should be someone you can count on to be there for you if your account is compromised and you need him or her to start the recovery procedure. Also ideally someone who knows you more than on Steem/Hive, someone to whom you can prove it's really you (on Discord is ok I suppose).

You are so right about changing credentials for your Hive account especially... There are really crazy things happening on the STEEM and, unfortunately, nobody is safe there anymore...

I have started my recovery account change, and after that, I will change the other keys...

Thanks for bringing the importance of this up!



Made in Canva

@thisisawesome Moderator


This is Awesome Content, and it will be manually curated with an upvote of 65% from @thisisawesome (will be done today), and it will also be included in our Awesome Daily Curation report in category Awesome CTP Curation for more visibility.

The goal of this project is to "highlight Awesome Content, and growing the Hive ecosystem and the CTPtalk tribe by rewarding it".


Source

Yeah, it's painful to think like that about Steem... But that's the situation and we have to move on and watch our steps, so to speak.

Thanks for reminding me! This really isn't much work and can save a lot of trouble. And with the same scripts/tools working on both chains, it can also prevent from accidentally sending the post/vote/transfer to the other chain

Yup, true, not much work at all!

it can also prevent from accidentally sending the post/vote/transfer to the other chain

That's one other thing we can prevent, and human errors are quite likely to happen.