How do you look when you use your private keys, in places you should not?

avatar

Because of the latest shenanigans of seeing people's accounts being obliterated by who knows how to deceive others, I thought I would throw some visual representations of how people are doing when they are using their private keys, and try to educate a bit if I can.

Before I start, what should you use instead? Use the Hive Keychain (@keychain), for example. It's open source, and the code can be reviewed here: https://github.com/hive-keychain

The place where you insert your private keys must be an auditable place, otherwise you are incurring unnecessary risks that others may be exploiting. And this is why I am trying to stress that entering your keys in apps or websites that you don't know anything about, is a big big RED 🚩 FLAG!

I am trying to convey this message in a funny way, if I can... but I am serious too!

So, let's start! (and comment below if you have more questions about any of this)

How many keys does Hive Blockchain have?

The answer is a minimum of 4 (default) with one thing extra that is not really a key, but let's call it a key for now... and I will not complicate this with how many more it can have, just because it's already complex with this many. So let's talk about these 5 "secrets".

1. This is the least harmful key to use...

You MEMO key, can be used to decrypt encrypted MEMOs, sent by other users to you. Without this key, you can't see what they sent you.

So, if you leak this key, nothing really important might be lost (given you didn't receive any important encrypted information in your account that you don't want to be public).

Otherwise... I am sorry... but, mana mana, whatever that means!

2. The fourth most important key that can cause some pain... if you leak it, is...

...the POSTING key. This key can do a LOT of stuff, so if the attacker gets hold of it, they can make your account miserable for a while. Let me explain!

The POSTING key can, for example, vote, comment, claim rewards, and validate some other actions on the chain, but it can't be used to steal your money (aka making a transaction to send HIVE/HBD to another account).

Although if the attacker takes control of it, it might start changing your posts, voting on accounts of their own, or simply impersonating you to their benefit. And in a sense, if you don't prevent this from happening, the impersonator will be "stealing" some of the rewards from the power of your voting.

In my view, when you use your POSTING key, you should be responsible for being able to know how to quickly change your keys. Otherwise, don't use your posting key in places you don't know.

If you naively do it, then this might happen to you!

3. The third most important key, is your MONEY key!

Sorry, it's not called that, but that might help understand what it does... It's called the ACTIVE key, and it can do "funds" related things, among some other important actions that change the way "financial" things happen around your account. For example, if you want to transfer HIVE or HBD to another account, or if you want to Power up or down some HIVE.

It's also a key that allows you to do "governance" things... such as voting for proposals or witnesses, or enabling other types of permissions.

If the attacker takes this key, then you will likely see your funds stolen if you don't act quickly to change your keys. This is why you should have most of your HIVE, staked (powered up), because even if an attacker gets your keys, you have a week to react. This is because powering down takes 13 weeks, and the first deposit into liquid HIVE happens a week after you submit that request with your ACTIVE key.

How does it look when you are using your ACTIVE key in places you should not?

(source)

From the epic pre-COVID days, where everyone was trying to demonstrate their wealth, and then things went wrong... in many cases.

4. The second most important key, aka the most important one too!

The OWNER key. This private key can only be used to perform specific tasks that help secure your account. Such as initiating the account recovery process, changing ALL your keys (including the OWNER key), and changing the account recovery person, which should be someone you trust to allow you to recover control of your account in case an impostor changes your keys, for example.

BUT YOU STILL NEED TO KNOW YOUR OWNER PRIVATE KEY - so keep it in a safe/private place.

This key can't sign broadcasts for commenting or transacting HIVE anymore. So, if someone asks you to enter this key for those things, that's a big RED 🚩 FLAG!

Don't use this key on a daily basis, and have a backup of it somewhere else. If you lose this key, you lose access to your account ownership. Hence why it's called the OWNER key.

How does it look when you are using this key for things you should not?

The "piranhas" are the attackers wanting to get your keys if you didn't get the idea.

5. The most important one, which you should never use ANYWHERE!

The "seed phrase" is referred to as "Backup Password" or Master password in some places. It's a backup thing... store it somewhere safe, and never use it again!

This is not really a key, but more like a "password" that is able to derive ALL your keys. And apps that used this one in the past would do was to get all your keys, and then use the key that was appropriate for each action. And that's why you should not use it. It's a "last resort" thing.

How does it look when you use this one everywhere? Well, you look like this...

Watch the video if the picture does not ring a bell...

Luckily, there are not many places left where you can use it, but just so you know, if someone is asking you to put this somewhere for something very normal, like logging in, or posting a comment, or even broadcasting a transaction, then that's a big RED 🚩 FLAG!

Hope you learned something!

Thanks for reading.

keys private hive howto guide advice callout memes
0
0
0.000
20 comments
avatar

Congratulations @forkyishere! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

You got more than 8500 replies.
Your next target is to reach 8750 replies.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Check out our last posts:

Our Hive Power Delegations to the March PUM Winners
Feedback from the April Hive Power Up Day
Hive Power Up Month Challenge - March 2026 Winners List
0
0
0.000
Reply
avatar

I was clickbaited by the Manah Manah 😂
But it's a very important lesson you're spreading here!
Not your keys, not your coins!

People don't give away your credit card number or pincode in real life. Giving away your active key is kind of the same.

0
0
0.000
Reply
avatar

Thanks for sharing about key...
!PIZZA
!LOLZ

0
0
0.000
Reply
avatar

Did you learn anything new? What if so.. just for my own understanding of what is more common.

0
0
0.000
Reply
avatar

Hahaha, I get it now... I'll check if I have all that... ooh! The seed phrase? What if the seed phrase is lost? What should be done in that case?

via Apps from

0
0
0.000
Reply
avatar

As long as you have your OWNER key, there is no problem. You can change keys eventually if you have the OWNER, and therefore you can generate a new "seed phrase".

So keep that OWNER key safe!

0
0
0.000
Reply
avatar

I once thought I'd lost my account, and for some reason I put a key in the wallet and it was the only one that worked, and that key then gave me the others. It must be the seed key you mentioned. That's how I was able to get the other keys that I had somehow lost. I only had the public ones. I don't know much about this information; you've made me think about my safety.

0
0
0.000
Reply
avatar

That's correct. And make sure to keep it safe.

Also, be aware that Keychain does not save your OWNER key (for security reasons, obviously). So, make sure you know the OWNER private key and have it saved somewhere safe/private. Because if you lose the seedphrase and you don't know the OWNER private key, you don't own your account anymore. You might still be able to do things with the active key and other keys... but if one day someone finds your active key and starts depleting your account, you can't change keys and stop the process.

0
0
0.000
Reply
avatar

Hahaha, it seems we're still very innocent, but we need to be on our guard and protect our wallets.

0
0
0.000
Reply
avatar

Humans tend to relax over time in terms of security if they don't feel threatened. It's designed by nature that way.

So, one needs to keep refreshing the reality to train the brain to be "up to speed".

0
0
0.000
Reply
avatar

Tengo que revisar esto I need to be more aware of this... thanks for this post... reading it worries me about the security we need to implement. Wow! As soon as I can, I'll get started on this with my daughter.

via Apps from

0
0
0.000
Reply
avatar

We need to be cautious with our keys. Anywhere outside of Hive approved sign in options isn't advisable. And no sharing keys with another person.

----


via Apps from

0
0
0.000
Reply
avatar

Yep, and there is a secure way to do that if one really wants. Which is to give "authority" of a key, into another account. The other account does not know the key, but can broadcast with that key. It's useful for some things, and can be revoked at any time.

0
0
0.000
Reply
avatar

Good! We should worry a bit. It means we need to know more to be comfortable.

Anything needed, you know you can always tag me and ask.

0
0
0.000
Reply