Audit your authorities

image.png

Was just talking with someone who asked me about revoking an active authority on their account and was having trouble with Hive Signer.

I don't use Hive Signer, so I showed them another way, an easier way. But before I get to that, I want to say there are very few if any situations you should grant someone your active authority. This is almost always a bad idea unless you really know what you are doing.

Granting your posting authority is fairly common to allow for auto voting on your behalf or scheduled posts, but active authority grants full access to your tokens. This includes NFTs and other assets. I can't think of a legimate use case you would want to do this.

One of the great features in the last hard fork was the ability to do reoccuring payments, this is great feature if you want to pay for a regular (aka monthly) service and not have to worry about forgetting about it.

You can see your current authories on Hiveblocks.com or Peakd.com. Let's look at a more complex one like @theycallmedan.

image.png

Here you can see two active authorities have been granted, and a lot of posting authorities.

I don't know what Dan does and needs, so I have no input on what should be here, but it's a good practice to occassionally spend a few seconds and just look through who you granted authorties to. Make sure you still use them and you are comfortable with what you have. I suggest doing this at least every 3-6 months.

There have been cases in the past that posting authorties have been taken advantage of, I remember when Utopian authority was mishanded to use everyone's vote, Busy.org was also compromised at one point, as well as many others.

Make sure you look through your authorties and remove any dApps you no longer use or trust.

You can use Hive Signer, PeakD, CLI, as well as a few other ways to remove authorities you no longer approve. The easiest way and my favorite is to use PeakD #peakd4life which I will show you.

Remove Authorities using PeakD

Go to your profile page, peakd.com/USER so you can get to the settings. You do not want "PeakD Settings", you want the account actions found on your profile page.

image.png

Take a moment to enjoy my new profile theme if you like. I am a big fan of Deadpool as well as Firefly.

From here, use the Account Actions dropdown to go to Keys & Permissions.

image.png

Click on Authorities.

image.png

As you can see, I don't grant authorities often. Here you can see PeakD has my posting authority which gives them the ability to upvote, downvote, send custom json, post, comment, and interact with some dApps, but it is only really used for scheduling posts with PeakD.

image.png

That's it! Remember to do this once and a while to make sure you are not putting yourself at risk. In most cases, the only risk is your voting power if you only grant posting authority. I don't ever recommend granting active authority unless you really know what you are doing and have a unique situation and understand the risks involved.

Posted Using LeoFinance Beta

4.63447027 BEE
20 comments

How about Keychain? Is it safe to enter an active key there, for managing the Hive wallet?

This post has been manually curated by the VYB curation project

0.00000250 BEE

That's up to you, it is largely considered safe by most.

Unless it gets compromised, the way Keychain works is it stores your keys locally in an encrypted format, when you request to do something, it decrypts your keys (with your master password) and signs a transaction and sends the signed transaction over to an RPC node (not including any of your keys).

This means your keys are never sent anywhere and only signed transactions are broadcasted. These signed transactions do not exposure your keys.

Posted Using LeoFinance Beta

0.00008196 BEE

That sounds pretty safe. You said so long as Keychain isn't compromised, has this ever happened?

!PIZZA

0E-8 BEE
(edited)

ScreenshotPeakD.png

#peakd4life is largely my credo as well, but I still occasionally log in via hive.blog, and I am experimenting with threespeak.

0E-8 BEE

That’s great information, especially for newbies like me. Didn’t know where we can revoke them.
Thanks. Will for sure have a look once in a while what’s there and what I still use. If not I remove it.

Posted Using LeoFinance Beta

0E-8 BEE

At some point you become not a new user anymore 😜

0E-8 BEE

Does that start with 6 months? I’m 5 months and 10 days old. Lol

I know… hahaha 🤣 I see people on here a year and they call themselves still a newbie.
I’ll stop soon… I think. Maybe I’m promoted to the next level already hahaha

Posted Using LeoFinance Beta

0E-8 BEE

Hahaha you're a newbie? What should we call the below 50 reputation Hivers then? 😂

Posted using LeoFinance Mobile

0E-8 BEE

Not on here for 6 months yet… 😁💃🏻 So think I still am 😇

Rep doesn’t say anything, as somebody told me. Because in the early days, before my time on hive, apparently they could fool the system with bots to add to the rep score.

My score is true… though😎

Posted Using LeoFinance Beta

1.4E-7 BEE

Well that's a great idea for every user to do to make sure the account is save. I do check my too.

0E-8 BEE

Thanks, it great advice to keep secure our account from been hacked cause without that non of the active key is safe.

Posted Using LeoFinance Beta

0E-8 BEE

I honestly didn't know about all this, I think I need to run go check mine to be sure I'm in the safe... Don't think I gave my authorities to anyone though.

So having PeakD own your posting authority is cool right?

Thanks for the exposure.. I appreciate it and by the way, like your profile theme (Dead pool - One funny guy 😅)

Posted using LeoFinance Mobile

0E-8 BEE

It depends what you mean by "good"

Currently, the peakd team is one we trust and work for, and they make the HIVE experience great for most users.

What you have to watch out for is the changes that inevitably come with time.

You want to check in with peakd every once in a while and make sure that they are staying true to their mission.

Posted Using LeoFinance Beta

0E-8 BEE

Yep thanks for being there.
I didn't know that your voting power could also be used by the dApp with your Posting authority.

Posted using LeoFinance Mobile

0E-8 BEE

Great reminder for newbies and oldies. I've seen some accounts who has still granted authorities to some very old dapps from the previous world.... Better go check mine now

0E-8 BEE
(edited)

PIZZA! PIZZA! PIZZA!

PIZZA Holders sent $PIZZA tips in this post's comments:
@qwerrie(3/5) tipped @littlebee4 (x1)
littlebee4 tipped qwerrie (x1)
wrestlingdesires tipped themarkymark (x1)

You can now send $PIZZA tips in Discord via tip.cc!

0E-8 BEE

Thanks for sharing, I'll check mine right away

Posted Using LeoFinance Beta

0E-8 BEE

This reminds me some months ago when one of the app I have used in the past was using my posting To auto curate someone, I have to do research before I was able to stop it

Posted Using LeoFinance Beta

0E-8 BEE

I do that from time to time and did a post as well some time ago. Thanks for the reminder, it's time for another checkup.

What I can't make to work is log into punks.usehive.com from mobile. I've set up keychain and does nothing. Can't figure out what's the problem.

0E-8 BEE

What I can't make to work is log into punks.usehive.com from mobile.

You are using the Keychain mobile app?

If so, you should be able to add your account then go to the browser inside of the app to https://punks.usehive.com.

0E-8 BEE

Yes, I'm using Keychain on mobile. I need to see the setups and follow your instructions. Thanks

0E-8 BEE

It's working now, thanks again.

0E-8 BEE

Great advice. I didn't realize how many authorities I had given access to. A few don't even exist anymore. Lol

0E-8 BEE

A few don't even exist anymore.

These are the most dangerous, someone decides to reactivate a project just to take advantage of user base.

0E-8 BEE

Yeah that's what I was thinking as well. If nothing else it's another access point against your security.

Great tip. Thanks again 👍

0E-8 BEE

Good advice; I'll go do it now. Thanks for the reminder!

0E-8 BEE

Thanks for the advice, checked mine out!!
!WINE

Posted Using LeoFinance Beta

0E-8 BEE


Congratulations, @rynow You Successfully Shared 0.100 WINEX With @themarkymark.
You Earned 0.100 WINEX As Curation Reward.
You Utilized 1/1 Successful Calls.

wine_logo


Contact Us : WINEX Token Discord Channel
WINEX Current Market Price : 0.251


Swap Your Hive <=> Swap.Hive With Industry Lowest Fee (0.1%) : Click This Link
Read Latest Updates Or Contact Us

0E-8 BEE

I had to go check my own authorities and it looks like I only delegate out posting authorities. So at least that gives me some peace of mind and I saw the comments about Keychain so I feel safer.

Posted Using LeoFinance Beta

0E-8 BEE

thanks for the reminder. made the review.

0E-8 BEE

It is interesting to see that authorities can be managed through peakd, and that we are not enforced to solely use HiveSigner anymore. I learned something today ;)

Cheers Marky!

0E-8 BEE

Thanks! I wonder why I allowed so many authorities? I removed six of them. Curious about the outcome of such removal.

Posted Using LeoFinance Beta

0E-8 BEE

That's a great reminder, which I shared. Just checked my accounts and removed a couple of posting authorities (I don't grant active authorities).

0E-8 BEE