Account Security, the stuff we MUST all learn
Account security is something that everyone who uses crypto needs to learn about and probably hasn’t learned enough about, yet. One of the groups of people who know a lot about account security are the scammers, closely followed by their victims who have learned the hard way!
Please make sure you learn the following best practices for keeping your Telos accounts secure, ahead of time, so you do not become a victim and learn the hard way too!
Some Simple Rules
The following best practices can apply to most blockchain accounts. As Telos is an ‘eosio’ based blockchain the concepts apply to its sisters chains too like EOS, MEET.ONE, Worbli, WAX and BOS, but please double check with those chains directly as they may work slightly differently and we are focussing here specifically on Telos.
Here are some very simple rules to follow that will help keep your Telos accounts secure
- Never enter your private key into a website – Never. You will almost certainly lose your funds if you do, and probably from any sister chain accounts which share the same keys too
- Make sure your Active Key is different from your Owner Key and use only your Active Key on a day to day basis
- Store your keys offline on a USB stick, external hard drive or piece of paper not normally connected to your computer (“air gapped”)
- Devise a key storage strategy – such as splitting your private keys between two different locations.
- Change your keys from when your account was created (always keep your old keys though, you might need them for future air drops)
- Keep your tokens locked(staked) to force a 3 day unlocking period before they can be transferred
- Don’t store all your tokens in a single account, use multiple accounts to reduce your risk
- Monitor your accounts regularly to check for changes and consider using an alerting system
Accepting Reality, in Advance
Unfortunately, if you have lost control of your account or your tokens then it is unlikely that you will ever get them back again, accept this reality before you create any crypto accounts or move a significant amount of real-world funds into an account.
There is no undo, or forgotten password link, like with ‘conventional’ online accounts. This is for security reasons, if someone could reset your password for you they would have to be trusted not to steal from you either.
There is an arbitration system on Telos which victims of fraud can use to make a claim, but the process will take a few weeks and scammers will almost certainly have transferred and sold your tokens before an arbitration ruling can be actioned. Each user is 100% responsible for keeping their own accounts secure.
Recently, Douglas Horn, the author of the Telos Whitepaper, designed a system called ‘ProveAccount’ which although is rather involved for a new user, it enables you to create a provable connection to an account on the Ethereum Blockchain. So in the event your Telos account got compromised you could send a proof of ownership code from the linked account, which would enable the keys to be changed for you.
You do have to opt-in to this system in advance of needing to use it though, so although it’s advanced learning, it’s worth trying to complete the process as soon as you have created your account.
We will cover this in more depth in future but for now you can read more about it here https://medium.com/goodblock-io/proveaccount-7e0f4aeacef4
Monitor Your Accounts Regularly
Get yourself up to speed with these account security best practices and monitor your accounts regularly using a Block Explorer so you know what they look like under normal circumstances. If you do this, you will more easily be able to notice if any unauthorised changes have been made. Monitor your Telos accounts in the same way you monitor your traditional (fiat) bank accounts.
Rights and Responsibilities
The freedom that crypto provides from banks, governing institutions and intermediaries also comes with the responsibility of holding your own keys and keeping them safe and secure. It’s not possible to have one without the other so invest the time to learn how keys work, and how to keep them safe. Some things in life you have to learn to do for yourself, this is one of them, but don’t worry help is at hand with our useful guides to help you learn Telos.
Now you have read this important message on account security best practices, you can return to the Learn Telos page and continue your learning.
If you have lost control of your keys or tokens then you can contact us or connect with the Telos Community Telegram channel where there are always people around who will be able to suggest what to do. Prevention is better than cure though, so keep investing your time wisely to learn all about your Telos accounts and how to keep them secure.