Introduction
LeoFinance offers easy signups through Metamask. A user signed up that way can download the entire set of public-private key pairs through their Leo wallet. This is great. But to my surprise you get the keys in a regular text file without any instructions as to what to do with them. I guess the assumption is that anyone who downloads their keys has already done their homework and knows how to proceed.
I'm making this post to advise you on what you should do when they get the keys just to make sure you will be safe.
Get a password manager
A password manager is a program that allows you to store a large number of passwords for various purposes to be stored in an encrypted file and to be accessed using a single password.
You will need a password manager in any case. If you don't already have one, get one as soon as possible. You can google up on password managers. Read reviews and see for yourself which option suits you best.
Change the Hive Master key
The quickest and most reliable way to do that is to log into the Hive.blog wallet app.
https://wallet.hive.blog/@youraccountname/password
Follow the instructions on the page.
Store the new Hive Master key to your password manager
When you have stored the master key, copy the encrypted password file to at least one other location for safekeeping.
Install Hive key chain
Hive Key chain is a browser extension that you download only once as opposite to using a web app that your browser has to download every time you navigate to the website that it is on. By using Hive Key chain you will never have to insert your private key to any form on a web app. Instead, what happens is that when a transaction needs to be signed, any web app that has Hive key chain integrated passes it to Hive key chain to be signed using the appropriate private key. The cryptographic signing of transactions means calculating a function as the key and the unsigned transaction as inputs, the output of which is the signed transaction from which it is impossible to calculate the private key. That way, the only piece of software that ever gets access to your private keys is Hive key chain, which improves your security and convenience in a major way.
Additional information on Hive key chain can be found here:
https://github.com/stoodkev/hive-keychain
Hive key chain is compatible with Chrome/Brave or Firefox.
Here's a link to the Chrome/Brave version on Chrome webstore:
https://chrome.google.com/webstore/detail/hive-keychain/jcacnejopjdphbnjgfaaobbfafkihpep
Here's a link to the Firefox Add-on store:
https://addons.mozilla.org/en-GB/firefox/addon/hive-keychain/
Add your account to Hive key chain
When you're done installing Hive key chain, add your account to it:
Click on the "hamburger" icon in the upper right corner.
Click on "Add Account".
Click on "USE KEYS/PWD".
Enter your Hive username and your Master Key.
Hive key chain will then generate all the other keys. You can save them in your password manager, too, if you like.