Wait?! My account could be hacked :0

in #whaleshares6 years ago

When you first sign up on Whaleshares and are verified, you get a link from your email to a link that gives you your master password. You then somehow save it. You then use that and your username to login. Yay, you're now on Whaleshares! But then you start to think about security. What would happen in x happened? How does y work? Where do you go? Here.

Basics

So I want to start of giving some vocab. Yay, kinda like school right? Well school helps you prepare for life. This vocab will help you to prepare to secure your account.

  • Master Password - This is where you're private keys come from. All private keys use this in generation. Some blockchains also consider this a brainwallet.
  • Owner Key - This key has to do anything with your account, including changing private keys, except viewing private memos.
  • Active Key - This key has to do with your funds. Like transfers, powering up or down, etc.
  • Posting Key - This key has to do with posting, commenting, voting, and following.
  • Memo Key - This key has to do with encrypting and decrypting private messages used in transfer memos.
  • Private Key - This is what you use to sign into different services. Do not give these away. There are owner, active posting, and memo private keys.
  • Public Key - This is stored on the blockchain, and are made from your private keys. These verify signatures which we'll get to.
  • ECC - Stands for elliptic curve cryptography. It's used to generate the private keys, public keys, and to sign transactions. Used in most if not all cryptocurrencies.
  • Signing - This is the process of mathematically proving that you own the account you want to use to do certain operations.

Tips On Security

  • Keep your owner key and master password offline. Meaning don't copy or paste it anywhere. Write it down somewhere and store it where you can retrieve it anywhere. I would suggest multiple backups as well. If you loose the owner key or master password, you loose your account. But if someone get's a hold of it, you also could loose your account :(
  • When interacting on Whaleshares.io or any other site/app/service never use your owner key or master password. Only use posting/active key depending on what your doing. So when your commenting use your posting key to sign in. When your wanting to transfer WLS for example use your active key.
  • In the future there will be the choice of use multi-sig. This is where you can add multiple private keys to your account for each role. For example you can change it where you have 2 keys that needs to used before you can send WLS. That way you have to enter both to be able to send. You could use one only on a laptop or pc, and one only on a mobile device, keeping them separate. Again this will be available in the future.
  • Use common sense. Usually if it sounds too good to be true, then it is. For example an ad saying you have an extra airdrop reward, just give me your private keys so I can send it to you, is a red flag. Never input your private keys into a site you do not trust.

How Do Private Keys Work

With ECC you input the operation metdata you are trying to do, and your private key. It then uses some mathematical formulas to "sign" it. This produces a hash which is called a signature. Then it's sent to the blockchain to be verified, which uses another formula to verify if the private key used in the signing process corresponds with the public key on the blockchain. If the public key goes with the private key it's added to the chain in a block. If it doesn't it creates an error, and does not get included in a block. With Whaleshares you never have to send your private key over the internet. Using Whaleshares.io you can sign directly on the site using the JavaScript library. It then sends it to the data with the signature (no private key) and is added to the chain.

Resources

Here's a video that gives a simple explanation about the signing process. Here's a video about key security, it's based on bitcoin, but most could be ported to Whaleshares. Here's the code that generates private keys.

If you have questions please ask in the comments below, and always be smart about your account.

This is also posted on Steem. This is meant for Whaleshares, but some applies to Steem as well.

Thanks, @kennybll

Sort:  

Congratulations @kennybll! You have received a personal award!

1 Year on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard:

SteemFest3 and SteemitBoard - Meet the Steemians Contest

You can upvote this notification to help all Steemit users. Learn why here!