Managing your EOS Owner & Active Permissions
EOS Account Security 101
Ledger Guide:
This guide is for managing permissions without a hardware device. If you are using a Ledger Nano S, please see our Ultimate Ledger guide to manage your EOS permissions with the Ledger Nano S.
Custom Permissions:
For advanced users that wish to create custom permissions that are only authorized to interact with specific smart contracts/actions to further increase your security, please see our custom permission guide here.
Permissions are Powerful
The permissions feature of EOS is one of the most powerful and robust tools available to an EOS token-holder. A well-structured and secure permission system can be the difference between a slight inconvenience and losing access to your EOS account completely. In this guide, we will show you how to take the first step in taking control of your own security by ensuring that your Owner key and Active key are different from one another.
Right now, your private key may be identical for your Owner and Active permissions. To check whether or not they are, visit bloks.io, search for your account name, and check the “permissions” tab.
Your Owner key and Active key can execute the same functions save for one, the Owner key can change the Active key. This means that if your Active key is exposed or changed without your consent you can reset your Active key using your Owner key to do it. This means that your Owner key is the single most sensitive thing you have and should be kept safe. If you are ever required to use your Owner key then it should be immediately reset. Consider it a one-time-use key.
Private keys of Genesis accounts are special. They are listed in the genesis snapshot which means that future EOSIO chains may launch and provide you with a token balance and account based on that original key registration you made during the Block One token generation event. These Genesis keys should be kept in cold storage and removed from existing account permissions entirely.
Here we will walk you through the process of securely generating new key pairs to and assigning them to your account permissions. To change both Owner and Active at the same time, simply complete each step listed below twice by generating two unique key pairs and labeling each according to which permission you will assign the key to.
STEP ONE: Generating EOS keys safely offline with EOSkey.io
1A.
To create new EOS public and private key pairs visit EOSkey.io created by EOS Cafe.
- Download their local application to your device
- Locate the “generate & validate keys” tab on the left side of the application
- Click “generate” for a new key pair.
NOTE: If you have malware on your computer that is looking for data that matches a private key string it will not matter whether or not you have turned wi-fi off. Please be sure your computer is clean.
1B.
Copy and paste your new public key in the pair to a temporary file for easy pasting later and label it Owner or Active public key.
1C.
Hand-write the new private key. Label it either Owner or Active. Hand-write it again and double check it is correct
1D.
- Type your private key into the validation field in eoskey.
- Paste the public key into the public key field.
- Click “validate” button.
You should see the words “valid key pair” appear if everything was entered correctly. If it shows “invalid key pair,” something was entered incorrectly or your hand-written copy of your private key was written down inaccurately. After confirming the key pair is valid, close the application.
NOTE: All EOS private keys start with the number 5 and contain 51 characters in total. All public keys start with the letters “EOS” and contain 53 characters in total.
Never leave your private keys on a device capable of being connected to WIFI.
STEP TWO: Using Bloks.io — Change Permissions
2A.
Visit Bloks.io and log in with Scatter. We are assuming you have already set up Scatter and have imported either your Owner or Active permission. This is required to make the changes.
- To change only the Active permission use Scatter identity {youraccount@active.}
- To change only the Owner permission or both Owner and Active at the same time log in with {youraccount@owner} identity.
2B.
Select the wallet tab and locate the “change permissions” tab on the left side of the page.
2C.
WARNING: YOU MUST BE SURE YOUR KEYS ARE RECORDED CORRECTLY. THIS IS A POINT OF NO RETURN.
Input the new public keys you generated from step 1A into the desired field(s) and click “change permissions” when done. If everything was done properly you should see a green success message appear when finished.
STEP THREE: Confirm The Change
3A.
On bloks.io view your account by selecting your account name in the upper right and click “view account.”
3B.
Click the “permissions” tab to view the new public keys are set on your account permissions successfully.
You’re done!
It is recommended to go back to your previously setup tools such as Scatter and delete any old identities and Owner keys that may have been previously imported and are no longer being used. Simply re-import your new Active private key to set up a new Scatter identity and use {youraccount@active} to log in from now on.
The EOS Echo
The EOS Echo is our weekly digest of all things EOS. EOS is the fastest evolving blockchain on earth and it can be difficult to keep up with all of the exciting innovation happening. Sign up for the EOS Echo to be delivered to your inbox and don’t miss a beat.
