Open in app

Sign in

Write

Sign in

How to Setup a Secure EOS Account Using Permissions (Updated 3/12/2019)

eosiob
4 min readOct 16, 2018

This is the best way to setup an EOS account to be secure and usable.

You also might want to check out my post about EOS multisig transactions.

This is a great solution if you are a 🐋 or if you manage a large sum of EOS that you want to protect, but also be able to vote (and even use dApps).

The secure method here is better because it is designed so you can actually use the features of EOS and keep your tokens safe…

This is the safest way to actually setup your EOS account:

  1. Owner Permission — Key generated in a Ledger hardware wallet.
  2. Active Permission — I highly recommend the desktop apps eos-voter by Greymass and SimplEOS by EOS Rio. If you want to use mobile, get EOS Lynx.
  3. Setup account alerts with EOS Authority’s tool.
  4. Stake all of your tokens 80% to CPU, 20% to NET.

If you have your EOS staked, then an unstake action will take 72 hours to complete before the tokens are liquid again. Once your tokens are staked, you should vote. I recommend voting for a proxy such as brockpierce1 — which is the proxy that Brock and I setup for choosing Block Producers who provide a lot of value to the network.

Better than air-gapped cold storage?

Most people will say that keeping your keys in an air-gapped cold storage is safer since it never touches the internet. There are risks in that too because your hard drive could have an issue or die. It’s also much slower to get to your EOS when you need it.

Better than storing on an exchange?

Far, far better than storing any crypto on an exchange. Exchanges are centralized attack targets. Even if your account has 2FA and secure passwords, you can still get hacked by other means — or the exchange itself can be infiltrated. Every year there is another huge hack of an exchange.

About EOS Permissions

I have previously written about how to change EOS account keys, if you don’t already know how to do that, you should read that first.

Every EOS account has 2 permissions by default: active and owner. It is also possible to create permissions with keys for other purposes — for example, I wrote about how you can create a key that can only vote or only interact with a single contract.

Active Permission

The active permission can transfer, vote, sign actions, buy ram… The only thing it cannot do is change any permissions on the account.

Owner Permission

The owner permission is meant to be rarely used. It’s has full access to do everything that the active key has, but it can also change the permissions. For example, to change the active key, you can use the owner key.

6 Steps to Create A Secure EOS Account using Permissions

Here are the step by step instructions (skip steps 1 and 2 if you already have an account you want to use). I recommend creating a new account instead of changing keys if you are new to EOS because changing owner keys can be stressful.

  1. Create Account — Install the fairy wallet app for your Ledger hardware wallet and follow the steps to create a new account.

2. Change the key for Active Permission — Generate a new key for your active permission and set it using your owner key. If you have a Mac you can safely and quickly generate fresh EOS keypairs using 2 commands:

brew tap eosio/eosio && brew install eosio
cleos create key --to-console

3. Special Permissions — Set up a special permissions for voting or interacting with other contracts you commonly use.

If you do not have a hardware wallet, here is how to create a multisig Owner Permission on EOS requiring 2/3 partner accounts:

cleos set account permission <12LetterAccountName> owner '{"threshold":2,"keys":[],"accounts":[{"permission":{"actor":"<12LetterPartner1>","permission":"owner"},"weight":1},{"permission":{"actor":"<12LetterPartner2>","permission":"owner"},"weight":1},{"permission":{"actor":"<12LetterPartner3>","permission":"owner"},"weight":1}],"waits":[]}' -p <12LetterAccountName>@owner

4. Consolidate — Transfer your EOS from other accounts and exchanges.

5. Setup a free monitor for your account activity using the EOSAuthority alert tool via email or Telegram.

6. “ Safe Mode” Your Account — final and most important step — stake all of your tokens and set up alerts to monitor the account. When you stake your tokens on EOS — it’s like setting a “Safe Mode” on your tokens. Since it takes 3 days to unstake, you can detect any changes using the Authority tool and immediately change your owner key and then restake the tokens without losing anything.

Extra credit if you transfer all of your airdrops out to another account and use that for trading/using specific dApps.

Don’t forget to vote for Block Producers!! I recommend voting for a proxy so you don’t have to think much about the decisions.

I recommend voting with my our proxy brockpierce1.

That’s all! If you have any comments, questions, or ideas — hit me up here or on Twitter.

Eos
Security
Keys
Eos Voting
Eos Proxy

--

--

eosiob

Written by eosiob

1.2K Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams