Because of the latest shenanigans of seeing people's accounts being obliterated by who knows how to deceive others, I thought I would throw some visual representations of how people are doing when they are using their private keys, and try to educate a bit if I can.
Before I start, what should you use instead? Use the Hive Keychain (
The place where you insert your private keys must be an auditable place, otherwise you are incurring unnecessary risks that others may be exploiting. And this is why I am trying to stress that entering your keys in apps or websites that you don't know anything about, is a big big RED 🚩 FLAG!
I am trying to convey this message in a funny way, if I can... but I am serious too!
So, let's start! (and comment below if you have more questions about any of this)
How many keys does Hive Blockchain have?
The answer is a minimum of 4 (default) with one thing extra that is not really a key, but let's call it a key for now... and I will not complicate this with how many more it can have, just because it's already complex with this many. So let's talk about these 5 "secrets".
1. This is the least harmful key to use...
You MEMO key, can be used to decrypt encrypted MEMOs, sent by other users to you. Without this key, you can't see what they sent you.
So, if you leak this key, nothing really important might be lost (given you didn't receive any important encrypted information in your account that you don't want to be public).
Otherwise... I am sorry... but, mana mana, whatever that means!
2. The fourth most important key that can cause some pain... if you leak it, is...
...the POSTING key. This key can do a LOT of stuff, so if the attacker gets hold of it, they can make your account miserable for a while. Let me explain!
The POSTING key can, for example, vote, comment, claim rewards, and validate some other actions on the chain, but it can't be used to steal your money (aka making a transaction to send HIVE/HBD to another account).
Although if the attacker takes control of it, it might start changing your posts, voting on accounts of their own, or simply impersonating you to their benefit. And in a sense, if you don't prevent this from happening, the impersonator will be "stealing" some of the rewards from the power of your voting.
In my view, when you use your POSTING key, you should be responsible for being able to know how to quickly change your keys. Otherwise, don't use your posting key in places you don't know.
If you naively do it, then this might happen to you!
3. The third most important key, is your MONEY key!
Sorry, it's not called that, but that might help understand what it does... It's called the ACTIVE key, and it can do "funds" related things, among some other important actions that change the way "financial" things happen around your account. For example, if you want to transfer HIVE or HBD to another account, or if you want to Power up or down some HIVE.
It's also a key that allows you to do "governance" things... such as voting for proposals or witnesses, or enabling other types of permissions.
If the attacker takes this key, then you will likely see your funds stolen if you don't act quickly to change your keys. This is why you should have most of your HIVE, staked (powered up), because even if an attacker gets your keys, you have a week to react. This is because powering down takes 13 weeks, and the first deposit into liquid HIVE happens a week after you submit that request with your ACTIVE key.
How does it look when you are using your ACTIVE key in places you should not?
From the epic pre-COVID days, where everyone was trying to demonstrate their wealth, and then things went wrong... in many cases.
4. The second most important key, aka the most important one too!
The OWNER key. This private key can only be used to perform specific tasks that help secure your account. Such as initiating the account recovery process, changing ALL your keys (including the OWNER key), and changing the account recovery person, which should be someone you trust to allow you to recover control of your account in case an impostor changes your keys, for example.
BUT YOU STILL NEED TO KNOW YOUR OWNER PRIVATE KEY - so keep it in a safe/private place.
This key can't sign broadcasts for commenting or transacting HIVE anymore. So, if someone asks you to enter this key for those things, that's a big RED 🚩 FLAG!
Don't use this key on a daily basis, and have a backup of it somewhere else. If you lose this key, you lose access to your account ownership. Hence why it's called the OWNER key.
How does it look when you are using this key for things you should not?
The "piranhas" are the attackers wanting to get your keys if you didn't get the idea.
5. The most important one, which you should never use ANYWHERE!
The "seed phrase" is referred to as "Backup Password" or Master password in some places. It's a backup thing... store it somewhere safe, and never use it again!
This is not really a key, but more like a "password" that is able to derive ALL your keys. And apps that used this one in the past would do was to get all your keys, and then use the key that was appropriate for each action. And that's why you should not use it. It's a "last resort" thing.
How does it look when you use this one everywhere? Well, you look like this...
Watch the video if the picture does not ring a bell...
Luckily, there are not many places left where you can use it, but just so you know, if someone is asking you to put this somewhere for something very normal, like logging in, or posting a comment, or even broadcasting a transaction, then that's a big RED 🚩 FLAG!
Hope you learned something!
Thanks for reading.
