If your active key and your memo keys are the same and you have shared your private memo key, then your account is still vulnerable.
Say for instance, I created a website and asked you to enter your private memo key, I could then transfer your funds. That’s because your memo private key is the same as your private active key. Active keys give you the right to buy/sell/deposit/withdraw funds.
The owner keys provides this same access in addition to changing your password.
My owner, active, and memo keys were the same, so I changed my owner and active keys. Afterwards I can continue to read my memos on previous transactions.
As an alternative changing your keys, you could just create a new account and then transfer your assets from the old account to the new account.
Thanks for your follow up, it is appreciated. I am fairly confident I am okay since I have n ver knowingly given anyone access to any of my private keys, but I wonder if there is a way one could do so unknowingly.
You have highlighted the memo function as a potential vulnerability. The only times I have never included any memo is when making a deposit to Openledger and entering my account name in the memo field. I don’t expect this would create a vulnerability but I would love to be corrected if I’m wrong! Thanks again!
If your active key and your memo keys are the same and you have shared your private memo key, then your account is still vulnerable.
Say for instance, I created a website and asked you to enter your private memo key, I could then transfer your funds. That’s because your memo private key is the same as your private active key. Active keys give you the right to buy/sell/deposit/withdraw funds.
The owner keys provides this same access in addition to changing your password.
My owner, active, and memo keys were the same, so I changed my owner and active keys. Afterwards I can continue to read my memos on previous transactions.
As an alternative changing your keys, you could just create a new account and then transfer your assets from the old account to the new account.
Thanks for your follow up, it is appreciated. I am fairly confident I am okay since I have n ver knowingly given anyone access to any of my private keys, but I wonder if there is a way one could do so unknowingly.
You have highlighted the memo function as a potential vulnerability. The only times I have never included any memo is when making a deposit to Openledger and entering my account name in the memo field. I don’t expect this would create a vulnerability but I would love to be corrected if I’m wrong! Thanks again!
The memo key is a vulnerability if it matches one of your other two keys. If all 3 keys are different, then your account is secure.
Mike, my owner and active keys are the same but memo is different...is this secure in your opinion? Thanks for any feedback