Audit your authorities

in LeoFinance3 months ago

image.png

Was just talking with someone who asked me about revoking an active authority on their account and was having trouble with Hive Signer.

I don't use Hive Signer, so I showed them another way, an easier way. But before I get to that, I want to say there are very few if any situations you should grant someone your active authority. This is almost always a bad idea unless you really know what you are doing.

Granting your posting authority is fairly common to allow for auto voting on your behalf or scheduled posts, but active authority grants full access to your tokens. This includes NFTs and other assets. I can't think of a legimate use case you would want to do this.

One of the great features in the last hard fork was the ability to do reoccuring payments, this is great feature if you want to pay for a regular (aka monthly) service and not have to worry about forgetting about it.

You can see your current authories on Hiveblocks.com or Peakd.com. Let's look at a more complex one like @theycallmedan.

image.png

Here you can see two active authorities have been granted, and a lot of posting authorities.

I don't know what Dan does and needs, so I have no input on what should be here, but it's a good practice to occassionally spend a few seconds and just look through who you granted authorties to. Make sure you still use them and you are comfortable with what you have. I suggest doing this at least every 3-6 months.

There have been cases in the past that posting authorties have been taken advantage of, I remember when Utopian authority was mishanded to use everyone's vote, Busy.org was also compromised at one point, as well as many others.

Make sure you look through your authorties and remove any dApps you no longer use or trust.

You can use Hive Signer, PeakD, CLI, as well as a few other ways to remove authorities you no longer approve. The easiest way and my favorite is to use PeakD #peakd4life which I will show you.

Remove Authorities using PeakD

Go to your profile page, peakd.com/USER so you can get to the settings. You do not want "PeakD Settings", you want the account actions found on your profile page.

image.png

Take a moment to enjoy my new profile theme if you like. I am a big fan of Deadpool as well as Firefly.

From here, use the Account Actions dropdown to go to Keys & Permissions.

image.png

Click on Authorities.

image.png

As you can see, I don't grant authorities often. Here you can see PeakD has my posting authority which gives them the ability to upvote, downvote, send custom json, post, comment, and interact with some dApps, but it is only really used for scheduling posts with PeakD.

image.png

That's it! Remember to do this once and a while to make sure you are not putting yourself at risk. In most cases, the only risk is your voting power if you only grant posting authority. I don't ever recommend granting active authority unless you really know what you are doing and have a unique situation and understand the risks involved.

Posted Using LeoFinance Beta

Sort:  

How about Keychain? Is it safe to enter an active key there, for managing the Hive wallet?

This post has been manually curated by the VYB curation project

That's up to you, it is largely considered safe by most.

Unless it gets compromised, the way Keychain works is it stores your keys locally in an encrypted format, when you request to do something, it decrypts your keys (with your master password) and signs a transaction and sends the signed transaction over to an RPC node (not including any of your keys).

This means your keys are never sent anywhere and only signed transactions are broadcasted. These signed transactions do not exposure your keys.

Posted Using LeoFinance Beta

That sounds pretty safe. You said so long as Keychain isn't compromised, has this ever happened?

!PIZZA

Not that I know of, but there are no audits.

Posted Using LeoFinance Beta

ScreenshotPeakD.png

#peakd4life is largely my credo as well, but I still occasionally log in via hive.blog, and I am experimenting with threespeak.

That’s great information, especially for newbies like me. Didn’t know where we can revoke them.
Thanks. Will for sure have a look once in a while what’s there and what I still use. If not I remove it.

Posted Using LeoFinance Beta

At some point you become not a new user anymore 😜

Does that start with 6 months? I’m 5 months and 10 days old. Lol

I know… hahaha 🤣 I see people on here a year and they call themselves still a newbie.
I’ll stop soon… I think. Maybe I’m promoted to the next level already hahaha

Posted Using LeoFinance Beta

I dont know, the actuall criteria xD
but I know a person ( will not finger at him) who is 2+ yrs and still calls himself 'a new user'

Ok hahaha 2+ that’s a bit long I think 🤣😂

Maybe up until 1 year… that gives a person a long time to figure things out, learn and move around here with confidence.

Posted Using LeoFinance Beta

exactly! prepare to become a red herring soon... and I am sure you are not an 'invisible' plankton any more 😉 😜

!BEER

What is a red herring? Which level is that? @qwerrie

I made it to minnow a while back already. Under 3 months in.
The next level is a long way away… dolphin, but working on it. 😉

!PIZZA

Posted Using LeoFinance Beta

actually, mentioning a herring I was referring to a minnow status. one may entitle that status in several different ways, 'red herring' is the one I find a bit funny, in same way as a 'minnow'. tnks for the !PIZZA ☺️☺️

That's pretty fast.

It took me FOREVER to get out of minnow status.

Posted Using LeoFinance Beta


Hey @littlebee4, here is a little bit of BEER from @qwerrie for you. Enjoy it!

Learn how to earn FREE BEER each day by staking your BEER.

hahahah.

When you have kids do you say they are 38 months old?

IDK why this conversation reminded me of that.

Posted Using LeoFinance Beta

Some do… some don’t hahaha

Funny this conversation reminded you of that.

Posted Using LeoFinance Beta

Hahaha you're a newbie? What should we call the below 50 reputation Hivers then? 😂

Posted using LeoFinance Mobile

Not on here for 6 months yet… 😁💃🏻 So think I still am 😇

Rep doesn’t say anything, as somebody told me. Because in the early days, before my time on hive, apparently they could fool the system with bots to add to the rep score.

My score is true… though😎

Posted Using LeoFinance Beta

Hahahaha you're so funny... Okay, so I guess we are both newbies then. My score is true too 😅

Posted using LeoFinance Mobile

Maybe it’s ok to call yourself a newbie until 1 year… let’s see if more will comment with their views. 😁
As it is not clear really… hahaha

Posted Using LeoFinance Beta

Hahaha I guess I'm not a newbie, it's been more than one year for me here 🙈

Posted using LeoFinance Mobile

O is it 😁 that’s cool 😎 over a year already.
Way to go 🤩

Still writing my post and editing photos for today hahaha again loads of multitasking today 🤓

Posted Using LeoFinance Beta

hahaha.

A year in and you will already be a pro.

And you hang out in leofinance - for sure you know a lot more than "regular" newbies who spend their first three months blogging about their food with no tags and wondering why no one pays attention to them.

Posted Using LeoFinance Beta

Hahaha thank you so much 😁 @metzli
Hope so 😎

I read a lot my first week here, so I gathered a vast amount of info. And saw how I should be doing things.
I also moved around to get familiar with communities. And found Leofinance in February.
Never was on a blockchain before… but I do learn fast 😉
My first posts where no food posts hahaha 🤣 that’s funny.
But yes, I do see those too.

Posted Using LeoFinance Beta

Well that's a great idea for every user to do to make sure the account is save. I do check my too.

Thanks, it great advice to keep secure our account from been hacked cause without that non of the active key is safe.

Posted Using LeoFinance Beta

I honestly didn't know about all this, I think I need to run go check mine to be sure I'm in the safe... Don't think I gave my authorities to anyone though.

So having PeakD own your posting authority is cool right?

Thanks for the exposure.. I appreciate it and by the way, like your profile theme (Dead pool - One funny guy 😅)

Posted using LeoFinance Mobile

It depends what you mean by "good"

Currently, the peakd team is one we trust and work for, and they make the HIVE experience great for most users.

What you have to watch out for is the changes that inevitably come with time.

You want to check in with peakd every once in a while and make sure that they are staying true to their mission.

Posted Using LeoFinance Beta

Yep thanks for being there.
I didn't know that your voting power could also be used by the dApp with your Posting authority.

Posted using LeoFinance Mobile

Great reminder for newbies and oldies. I've seen some accounts who has still granted authorities to some very old dapps from the previous world.... Better go check mine now

PIZZA! PIZZA! PIZZA!

PIZZA Holders sent $PIZZA tips in this post's comments:
@qwerrie(3/5) tipped @littlebee4 (x1)
littlebee4 tipped qwerrie (x1)
wrestlingdesires tipped themarkymark (x1)

You can now send $PIZZA tips in Discord via tip.cc!

Thanks for sharing, I'll check mine right away

Posted Using LeoFinance Beta

This reminds me some months ago when one of the app I have used in the past was using my posting To auto curate someone, I have to do research before I was able to stop it

Posted Using LeoFinance Beta

I do that from time to time and did a post as well some time ago. Thanks for the reminder, it's time for another checkup.

What I can't make to work is log into punks.usehive.com from mobile. I've set up keychain and does nothing. Can't figure out what's the problem.

What I can't make to work is log into punks.usehive.com from mobile.

You are using the Keychain mobile app?

If so, you should be able to add your account then go to the browser inside of the app to https://punks.usehive.com.

Yes, I'm using Keychain on mobile. I need to see the setups and follow your instructions. Thanks

It's working now, thanks again.

Great advice. I didn't realize how many authorities I had given access to. A few don't even exist anymore. Lol

A few don't even exist anymore.

These are the most dangerous, someone decides to reactivate a project just to take advantage of user base.

Yeah that's what I was thinking as well. If nothing else it's another access point against your security.

Great tip. Thanks again 👍

Good advice; I'll go do it now. Thanks for the reminder!

Thanks for the advice, checked mine out!!
!WINE

Posted Using LeoFinance Beta


Congratulations, @rynow You Successfully Shared 0.100 WINEX With @themarkymark.
You Earned 0.100 WINEX As Curation Reward.
You Utilized 1/1 Successful Calls.

wine_logo


Contact Us : WINEX Token Discord Channel
WINEX Current Market Price : 0.251


Swap Your Hive <=> Swap.Hive With Industry Lowest Fee (0.1%) : Click This Link
Read Latest Updates Or Contact Us

I had to go check my own authorities and it looks like I only delegate out posting authorities. So at least that gives me some peace of mind and I saw the comments about Keychain so I feel safer.

Posted Using LeoFinance Beta

thanks for the reminder. made the review.

It is interesting to see that authorities can be managed through peakd, and that we are not enforced to solely use HiveSigner anymore. I learned something today ;)

Cheers Marky!

Thanks! I wonder why I allowed so many authorities? I removed six of them. Curious about the outcome of such removal.

Posted Using LeoFinance Beta

That's a great reminder, which I shared. Just checked my accounts and removed a couple of posting authorities (I don't grant active authorities).