With Hive Keychain you can choose how "hot" it is. If you only store your posting key there, it can only sign posting-level transactions, which are generally the transactions that require the lowest level of security. eg. Votes, posts and comments
You can store your active key (which is used to sign transfers and other monetary transactions) in Hive Keychain or store it in a paper wallet or where-ever else you choose. If you keep it offline then it is equivalent to "cold storage".
There is a higher level key known as the "Owner Key". That is used for changing your keys and other transactions that require the highest level of security. Hive keychain won't even allow you to store it in the app.
Hi @demotruk! And thank you for the great explanation! So basically it's only hot when I log in, and cold when I go off, right?
One question, what about the memo key? I entered it in my Keychain, but what is it for?
Not exactly. A "hot" wallet is one where keys are kept on a computer connected to the internet, and the risks associated with that. If you have your posting key in Hive Keychain, it's still possible a hacker could get you to, for example, upvote something that you don't want to, or make a spam comment you don't intend to, but they couldn't get you to transfer money. Putting your active key into keychain makes it more "hot", because then transferring some of your liquid Hive or HBD would be possible if they managed to compromise that computer.
Memo key has no authority on the network, but can be used to sign and encrypt messages. This allows you to prove who you are without using a key that could be used for transactions if compromised.
I think I understand. So, to use Ecency, for example, I have to have to enter my posting key and my active key in Hive Keychain. There is no way around that, right?
But if I understand you correctly, my Hive Keychain can only, potentially, be hacked when I'm online (logged in), right?
If you want, you can use Ecency with just your posting key. You won't be able to make transfers, power up etc. without the active key though.
Your keychain is protected by a password, so as long as that is secure, the only way you can be "hacked" is if a site tricks you into signing transactions that you shouldn't. You can always look at the details of any transaction Keychain is requested to sign. If it only requires posting authority, it is low risk.
That's comforting to know. Thanks for all this valuable information!
!POB
!PGM
!CCC