Skip to main content
All CollectionsNew to EOS? Start HereSet an EOS wallet
How to configure your EOS Account with maximum protection
How to configure your EOS Account with maximum protection

Best Practice how you can protect your self against hacks and scams

Dario Cesaro avatar
Written by Dario Cesaro
Updated over 3 months ago

The keys of an EOS account differ from other blockchains, such as Bitcoin. An EOS account has two public-private key pairs corresponding to the Owner's and the manager's authority. However, for simplicity, many EOS account registration services set the two public-private key pairs to the same public-private key pair for users. Hence, users only need to secure one private key. The disadvantage is that some of the account's security is lost.

Active and Owner keypair/permission

What is an active and Owner keypair? Why is it a best practice to have two different private keys?

EOS accounts have an owner and active permission. Both keys have a public and a private key. With the Owner's permission, you are allowed to change all keypairs. With active permission, you are only allowed to change the active keypairs. You are not allowed to change the Owner permissions keypair. Having two different private keys increase security. Therefore, the best practice is to change your active key if both keypairs are the same. This allows users to generate a new active keypair since they can access their owner key.

Your EOS Account has

  • Account name (This is your deposit address, where you receive EOS-related tokens)

  • Active public key

  • Active private key (Use with your EOS wallet. Allows a user to change only the active keypair)

  • owner public key

  • Owner's private key (This allows a user to change Owner and active keypairs. Keep your Owner's private key on a cold storage and not your computer.)

Set up eMail and Telegram alerts for your EOS account.

To prevent hackers or scammers from transferring your tokens when your active private key is exposed, stake your EOS to a service that provides an unstaking period. For example, the REX savings account has an unstaking period of 21 days.

Scenario: If your active private key got compromised (you got hacked or scammed), the first thing the scammer or hacker has to do is to unstake your tokens. You will get an account alert from EOS Authority when a hacker unstakes your tokens. Due to the 21-day delay, users have time to change their keys. Use your Owner's private key and change your EOS account's active keypair.

Read more about how you can protect your EOS account even better in the article "How to configure your EOS Account in Safemode."


Author: Dario Cesaro

Editor: Randall Roland

Translator: -

Sources & References:

Did this answer your question?