Review your recovery account, if you don't want to lose your assets!

in #witness-update5 years ago (edited)

If you don't own your keys, you don't own your assets. Remember that sentence and review your recovery account. Seriously, do it right after reading this article. It's crucial for your digital safety.


TL;DR: if you have steem set as a recovery account, your assets are not secure because you won't be able to recover your account in case someone changes your keys. Change this to your alter account or someone you can trust.


If you're using Hive blockchain, I hope you know how it works. I hope you know that due to blockchain principles, you cannot recover the forgotten password or private key. It is just technically not possible. Nobody stores your private keys or master password, but it's possible to change it by a blockchain-level mechanism. Anyone with a master password or owner key will be able to do it. You will be able to do it, and anyone who knows your password will be able to do it.

Now, try to imaging how someone could obtain your keys or master password:

  • it could be guessed if it's short and easy (master password)
  • you could publish it within your post by mistake (I bet you do copy your keys from time to time)
  • you could send it as a transfer memo by mistake
  • you could post it on your discord or another communicator by mistake
  • you could publish a screenshot of your desktop screen with keys revealed
  • someone could take a photo of your screen with your keys revealed
  • you could commit it to your public git repository by mistake (if you're a developer)

Do you think you won't make a mistake? Never? Seriously? I will tell you one thing: we all make mistakes.

But there is a mechanism built-in in a Hive blockchain to recover an account even if you don't know new keys. It's especially useful if someone changes your keys without your permission, aka "your account has been stolen".

Account recovery

The mechanism is quite simple by its idea. If you have your previous keys, you can change the current keys. It's possible during the first 30 days after the change. Why did I say that it's not possible to recover the forgotten password? Because you have to know your previous keys. It's that simple. If you do - it's possible to recover an account. If you don't, you're done.

By the way, that's the reason you have to be careful if you plan to buy an account from someone. Even if you change the keys, the previous owner could recover it, and you could lose your assets already deposited. Please have it in mind, and if you really need to buy an existing account, do not deposit any tokens on it during the first 30 days from changing keys.

Recovery account

It's also crucial to understand how the recovery mechanism works, and basically, it's all about trust. Every Hive account has something like a "recovery account", which is a trusted entity that could make a recovery request for you. Yes, another account needs to make a request to recover your account. You cannot do it by yourself.

This is why you need to take care of your recovery account. By default, it's set to your account creator, which is often steem (if you have an account created by Steemit Inc). If it's your case, you are in danger now. Steemit Inc was bought by a Justin Sun, and he doesn't care about blockchain and its users. You can be sure that he will not be willing to help you with the recovery process.

So what happens if someone changes your keys? Your account is lost with all of its assets because you can do nothing with it. Good luck with contacting Justin Sun to start your recovery process.

Change your recovery account

This process takes 30 days, so do it now if you want your account to be secure. You cannot change your recovery account if someone already changed your keys!

How to check which account is set for you? Just visit https://hiveblocks.com/@youraccount (replace @youraccoynt with your real Hive account of course) and check the left sidebar. There will be a piece of information you're looking for:

Which account should you use? If you have multiple accounts, you can use your second account. If you don't, set your friend, family member, or someone who knows you and whom you trust. In case of emergency, you will need to prove that "you are you", and this account should be able to immediately start the recovering process.

Do not set yourself as a recovery account (don't do self-recovery). You can't start the recovery process if someone changes your keys so it's just like having steam. Always use another account.

How to change the recovery account?

1. Easiest way is to use peakd.com:

You will need your Private Owner key to publish a transaction. After all, you should see something like this:

2. Use hivesigner.com

Prepare the link for yourself:
https://hivesigner.com/sign/change_recovery_account?new_recovery_account=YOUR_SECOND_ACCOUNT

Replace YOUR_SECOND_ACCOUNT with your second account or any other trusted party who you wan't to have as a recovery account. Visit the link and sign the transaction with the Owner Key.

Do not set yourself as a recovery account (don't do self-recovery). You can't start the recovery process if someone changes your keys so it's just like having steam. Always use another account.


I started notifying 243 015 users who should care about it

I've used HiveSQL to get a list of accounts that:

  • have steem set as a recovery account
  • have a reputation of 25 or more
  • have at least 0.001 HBD or HIVE

I'm going send a transfer to each account with proper warning and instruction in a memo.

If you want to know how to start and finish the account recovery process, let me know in a comment section and I will prepare appropriate instruction.

Vote for @engrave witness if you find this notification useful

Vote for @engrave witness

Sort:  
There are 4 pages
Pages

Thanks for the heads up. I started another account for a project I will soon be doing , but it just links to my original profile.. Is there a way to separate the two, in case of this issue?? Then I can use that as a recovery and visa versa. I will be starting a show in the relatively near future, so I would have needed to do this at some point anyway.. Thanks again for the heads up :)

but it just links to my original profile.

If those accounts have different keys, you will be fine.

Then I can use that as a recovery and visa versa

Yes, you can do this, no problem :)

Ok Thanks a lot :)

Okay, I've been gone from the steemit/crypto for a while, and perhaps foolishly just left all my assets in various wallets to grow without paying attention to what was happening in the fast paced crypto world. Anyway, I'm back now, noticed this new HIVE thing exists, and got your message.

Obviously changing the account recovery account is important. Is it advisable to do this BEFORE or AFTER updating the steem and hive keys to be different? I feel a bit confused on what process I should follow, and want to make sure I don't screw things up.

You need your keys to be different on each system, but up to you if you keep using the Steem one. Many people here gave up on it as Hive is so much better in many ways. When you set your recovery account should not matter, but updating the Hive keys is a priority just in case.

!BEER

Yes. I think I will update Hive keys, then reset the recovery account, then go back to steem to recover my vested steem power. Hive definitely looks like the future. Blurt seems to be going nowhere.

Good choice!

!BEER


Hey @antonchanning, here is a little bit of BEER from @steevc for you. Enjoy it!

Do you want to win SOME BEER together with your friends and draw the BEERKING.


Hey @antonchanning, here is a little bit of BEER from @steevc for you. Enjoy it!

Do you want to win SOME BEER together with your friends and draw the BEERKING.

Ok, Thanks
I upvoted you as witness
Screenshot_2020_0406_144859.png

Thank you, appreciate :)

Many thanks for advice :)

Thanks a lot. You totally earned my witness vote for spreading the message 😇

You should check in your transfer script if the recovery account is already changed. It takes 30 days to be effective.

Fair point, I'm going to take that into account. Thanks!

yeah guys I just realised 30 day's also that's quite a long time.

30 days? Really?

Thanks for letting me know .... I shall sort and you get my vote for witness!!

I had no clue. Thank you very much. voted @engrave as a witness

When I got that right and I own @welovesteemit too. I should choose @welovesteemit recovery account instead of @steem.
Is that right?
Rehived.

That's correct. Don't lose your keys :)

That is the point. Is there an other way to do that with a 3 party like steemconnect on hive?
I do not like to give my owner key direct away and with steemconnect I had the best peace of mind feeling when doing that.
Thank you.

That's my question exactly. I would like to do it in a safe way with steemconnect or hive keychain, but I am not entering it on any website.

I'm currently working on a beempy update that allows it to change the recoveryaccount without python knowledge :).

I don't know that but I deem it rather likely that it works with vessel as well. Also, if you know a bit of python you could use @holger80's beem to achieve what you want. Using beem probably is the "safest" way if you know what you are doing but also requires the most knowledge and can go horribly wrong if you don't know what you're doing.

hi there, you sent me a message and i am trying to figure this out. Thank you

Thanks for the heads up, I've changed it! Much appreciated, I would have never thought of that one. Can't trust that justin guy.

Thanks for reminding me about this. Done it now on Steem and Hive

Voted for your witness, you've been doing some useful things for the community and I appreciate it :-) Cheers!

Thank you, I appreciate that :)

Great, I'm worried about this since first day of HIVE because my account trustee is Steem. So now what can I do the main problem is that how can I prove my ownership on account this is the Matter of concern if I set you to my account trustee. The second is that how can I contact you in case of an emergency.

Suppose if I set my another account to my account trustee then how can I recover account in case of emergency because I'm not a developer . There is any tool on Hive to do that like steenworld

Yeah, seconded

It would be better to set your second account or a friend/family member rather than me. I will write a tutorial about how to do it on Hive so stay tuned and follow my account ;) There are some tools that allow you to do it.

Can you please write a Tutorial about recovery process on Hive for simple user while font know about developing.

Sure, I will :)

I would love to read that too.

Do you manage any community, which I could subscribe to?

Unfortunately not, but you can follow my account.

definitely include the process if you are the person they want to recover your account, on how to do it..

I right now would have no idea..

also thanks for the rmeinder!

I guess you should do it as described for Hive AND in addition on Steem too if you still have STEEM in your account. For Steem you can use steempeak.com and login via PeakLock.

Hey @engrave,

A great article, thanks for sharing!

Thanks for the follow, I followed you back and voted for you as a witness too! ;)

Great, thank you, I really appreciate it!

We got @blocktrades set as recovery account, is that safe @engrave?

Should be fine but if you have someone you can trust and within direct contact, set him. Or your alter account if you have more than one.

Thanks a lot for your memo and this tutorial!

I'm glad you've read that and responded. Keep your recovery account updated and you will be fine :)

@engrave Thank you for this vital information...
I will really be appreciated if you drop a detailed process on how it is done

Ok, I will write a tutorial soon, follow @engrave and stay tuned :)

Thanks for the information. Much appreciated

No problem :)

Can I use @engrave? I mean everything is better now than @steem, right?

Do you own more than one account? Or maybe your friend or someone you know personally is also on Hive? If so, use them. As I wrote in a post, it's all about trust.

Hi friend, thanks for the helpful info. I will wait for your textbook :)

You can change your recovery account with peakd.com. I hope you will never need to start the recovery process but I suggest doing it as soon as possible.

We say that God protects the one who is protected :)

Exactly :) So we need to take care of ourself :)

Thanks for the memo 😉 I had already changed my recovery and it will be effective in 11 days 😊
Your post is so very useful and will help many, you may want to add that it takes 30 days for the change to be effective, so that people don't freak out if they do not see any change in the meantime..?

It's already mentioned in a post but I will rewrite it to make it clear :)

Private Owner key, is that one different than active & posting? Thanks so much for putting this reminder out there! Your instructions are really easy to understand. Hopefully, we never need to use this. It would be crazy to have account stolen!! Yeesh. Changing mine, it's set to steem now. Thanks again! ❤☀️

Yes, exactly, you don't use Owner Key on a daily basis. I'm glad it's helpful :)

Another question, from what i understand the recovery account needs to know how to work with blockchain back end. So, it's better to have maybe a witness be back-up. Would @blocktrades be s good choice instead?

Not really, starting the recovery process is as easy as changing the recovery account. You just need to type the keys and broadcast a transaction.

Thanks a lot for your kind reminder! I was going to change that but after your message I am doing this now.

Thanks a lot! Important hint.

!invest_vote

@freiheit50 denkt du hast ein Vote durch @investinthefutur verdient! ----> Wer ist investinthefutur ?
@freiheit50 thinks you have earned a vote of @investinthefutur !----> Who is investinthefutur ?

I completely forgot. Thx for reminding me

You're welcome :)

I just received your memo:

I've noticed you have a recovery account set to @steem, which is not secure anymore. Review your recovery account if you don't want to lose your tokens! Read more: https://peakd.com/witness-update/@engrave/review-your-recovery-account-if-you-dont-want-to-lose-your-assets

Thank you for letting me know. Absolutely appreciate it.

ps. is there any way to DM you? Discord/telegram/linkedin?

Pozdrawiam :)
Piotrek

done it, why it need 30 days?

Security reason. If your master password is compromised, for example, someone could change your keys and your recovery account so you wouldn't be able to recover your account.

Thanks for the tip! I change my recovery account!!!

Haven't been active here in the last few months, this change is new to me.
But either way, thanks for the headsup! Much appreciated.

Thank you very much - I didn't think that it would still be steem on the Hive ;)
!invest_vote

Only you can change that so it's just like before the Hive hard fork.

That's true and I have changed it a minute ago. Thank you very much again, have a great Sunday @engrave :)

And that happens when you have multiple accounts to edit and forget to switch back to your main account before you reply 😂

@johannpiber denkt du hast ein Vote durch @investinthefutur verdient! ----> Wer ist investinthefutur ?
@johannpiber thinks you have earned a vote of @investinthefutur !----> Who is investinthefutur ?

Thank you very much for the memo, and I already been on that path after talking to a friend that I trust and Will have as my recovery person..now I know what key to use as I was told it was my active key or posting and it didn't work.. Now I know.. Thank you 🙏

This is important, thank you for the reminder!

You're welcome :)

I'm trying to change it in peakd but getting this:

Error during 'change recovery account' broadcast:
Missing Owner Authority brianoflondon

Not sure what's wrong, I'm giving it the correct owner password. I'm signed in to PeakD via Keychain. And thanks for the reminder to do this!

Try changing node to anyx.io or api.hive.blog and try again. You can find it under settings tab on peakd.com

I had the wrong key noted in my password manager. Recovered the correct one from peakd and all is good.

Good to hear, cheers!

It takes a full month for it too change?
Thanks for the heads up tho. I just changed mine.

Thank you for the reminder
I have already changed it but it takes a month to take effect
So there's four days before the switch.. :D

Ok, sorry for unnecessary notification.

Oh not at all
No need to apologise
I'm good with it :D

You contacted me. Can you tell me how I get a second account myself to use as my recovery acct. without getting it from someone else?

You can use peakd.com to create a new account if you have 3 HIVE or enough Resource Credits.

Screenshot from 20200405 164149.png

I tried to Claim Account Creation Token, (the only option other than powerdown that shows up), but when I click for it to do it I get this message:

I have 2200 HP

I also have a little over 9 hive so how do I do it with 3 hive? I didn't see that option.

Update: I had a fiend who knows more about doing this stuff than me, and he can't see how to create a second account in peakd with the 3 hive you mentioned either.

Is there another way to make a second acct. for 3 hive without using peakd, since apparently peakd isn't working?

Update 2: I got help with creating a new acct. (used blocktrades) and used your instructions then to complete changing my recovery account. Thank you for posting this because I doubt I would have known otherwise that I even had to do this!

I'm glad I could help :) Consider voting on my witness!

I'd like to give you a witness vote, but it looks like most, if not all of your projects are for steem. I think that, for me, would present a conflict of interest for also being a hive witness. I don't think it's right to vote for a witness who has interests in steem. I do appreciate the info though.

Well, I do not support Steem at all, as you can read here: Moving all ENGRAVE projects to Hive. Steem Pruner was aimed to delete Steem posts, not to support it ;)

Thanks, I have now voted for your witness, and will do so with my recovery acct. too.

Thanks for the note and a good idea. I have my recovery count already in progress should move in the next 4 days. Started it right after the shenanigans started to happen. It's going to an account that I created... Good Idea to let everyone else know.

Thanks for your warning..! Greetings from Venezuela..! Firma Fermionico11 post.png

An error pops up.
image.png

You're trying to use a wrong key for sure.

I'm using the owner key too and I'm getting that same error.

So you are using wrong key or master password. You can try with hivesigner.

I thought the Owners Key was the Master Password....

RIGHT, so this is all very confusing, and was never well presented in steemit user interface:

Master Key: IS MASTER and opens up all keys to be viewed in the wallet
OWNER KEY: is really not used that much usually... and I had to use my master key on steemit.com to find my owner key revealed FIRST, THEN i went to peakd.com and got the rest of my account changes done. I was really hung up on how peakd.com and hivesigner want things, owner key vs master password, but this route really helped me get all my keys changed on both sites!

Ya i figured it all out eventually lol. Initiate 1 account so far, gona attempt to change the password and then initiate an account recovery and see how that goes. I've never done it before so this will be my test ;)

Same here. I have several accounts I used for communities, and they were all "@blocktrades" which I was able to change ALL the keys, password and recovery account.
BUT: The two original accounts I used on steem, have recovery accounts of "@steem" and my Owner Keys do not work for them on peakd.com, as user above NOTES!
Active key works, Posting key works, Owner key does not work. I believe I created these accounts before I knew what a Master Key was, or before that even existed, not sure. Assumed I was fine if I had my Owner key, now they don't seem to work on Hive?

I went to steem, entered my master pass and it revealed my owner key.
I guess I could have done same on peakd.com but it was not clear to me at first, how to do it..

Hey, hope to see you back on Hive soon! :)

Thank you very much for your reminder, I just changed it. So, its safe now until next 30 days? Waiting for your tutorial to recover account for non dev user.

You will be able to start the recovery process after the change takes place (after 30 days). But even if someone will change your keys now, you will have at least a few hours at the end of this period to recover it ;) Make sure you follow me as I won't send another memos to not spam people.

Thank you, this is indeed very important and useful! You have my vote and witness approval now, cheers!

Thank you, I really appreciate :)

Hi @engrave

Thanks for the memo. and also thanks for this post.

I followed the steps indicated but at the end of the process of placing my key to authorize it did not do any other function.

I look forward to your next tutorial and memo to indicate that you did it.

Saludos.

Follow @engrave account if you don't want to miss the post as I won't send another memo. I don't want to be a spammer :)

Hi @engrave

I'm already following him.

When I finished doing the process, I got a popup with this message.

Error during 'change recovery account' broadcast:
Missing Owner Authority lanzjoseg

It means you entered an invalid key.

I wasn't aware of this. Thank you so much for the notification!

I wish I understood this plus I do not understand the difference between a Steem or Hive account. Peakd.com does not show me what you see underneath "settings".

I tried to explain as well as possible. If you still don't get it, just ask a specific question and I will try answering it.

I think I found it. I could not see the options on my phone. Sorry for the confusion. A lot of words make it all chaotic and hard for me to understand. Btw I had @partiko instead of @steem. Thank you. 💕

There are 4 pages
Pages