Let's talk #Hive security.
Am I the only one concerned about my posting key being compromised?
Posting key is all you need to transfer Hive-Engine tokens.
What about posting authorities? A bunch of app request posting authority. What if the app is compromised?
Posted via D.Buzz
Very worried about that too. That's why I use sub-account for everything that doesn't have Keychain or Hivesinger.
One idea to protect Hive-engine tokens is to send all of the important ones to an account with posting key used only on Hive-Engine, send it back when needed.
Posted via D.Buzz
Great suggestion. Sub-accounts is a good solution. Delegation comes in handy if you want to have a semi-cold storage account, but use another account for voting with your stake.
Users on Twitter corrected me. Hive-Engine transfers require Active Key. Splinterlands also has a setting to require Active key.
Oh... Yes, HE transfers require Hivesinger. Should have remembered that!
Anyway, using Hivesinger or Keychain means the website you're using won't access your private keys so as long as they're not compromised you're safe whatever service you use.
Posted via D.Buzz
Keychain is great. I use key chain everywhere possible.
Unfortunately some apps don't support keychain and ask to enter posting key.
Don't use your main account for those unless you totally trust them. (Even then, be cautions.)
Posted via D.Buzz
I hadn't thought about it, I thought I needed the active key to transfer lol.
Posted via D.Buzz
That's correct. My assumptions were wrong and I was quickly corrected by other users.
Splinterlands allows transfers with posting key, but you can toggle a setting to require active key.
Posted via D.Buzz