How to review account permissions and change your recovery account

0
a few seconds ago
in#hive

image.png
source
All accounts on the HIVE blockchain that existed also before the fork may have posting permissions granted to apps that do not exists on the HIVE blockchain. It is a good idea to remove them for now.

You can use beempy to remove posting permissions to your account. At first,
all account that have posting/active permissions should be printed with

beempy permissions holger80

+------------+-----------+-----------------------------------------------------------+
| Permission | Threshold |                                               Key/Account |
+------------+-----------+-----------------------------------------------------------+
|      owner |         1 | STM5XDYn3NeTqiMd1wczZjF9sPiJqY2uQw9HRwT6LR6rQytAxWNfz (1) |
|     active |         1 | STM7tA7Mh81wJV1J8eW8NyGLc3XCSyXNdFnhAh8F8bYYd8yAcy6Ew (1) |
|    posting |         1 |                                           actifit.app (1) |
|            |           |                                             dpoll.xyz (1) |
|            |           |                                             esteemapp (1) |
|            |           |                                             nc-client (1) |
|            |           |                                            nextcolony (1) |
|            |           |                                             peakd.app (1) |
|            |           |                                             rewarding (1) |
|            |           | STM6t5ExkHZtQL1pdkrRZjCgzbAdnB3YUYCZgrYWDXvdnU5bp57jL (1) |
+------------+-----------+-----------------------------------------------------------+

Remove posting permission

Now, not needed permissions can be removed by

beempy disallow -a holger80 busy.app

where the account name is set with -a.
This command broadcasts a account_update operation and removes the given account name from the account_auths field.
image.png

This can also be done with https://hivesigner.com/revoke/ followed by the account name, e.g. https://hivesigner.com/revoke/busy.app

Changing and reviewing permissions is also possible with peakd:
@holger80/permissions

Recovery account

The recovery account can be check with https://hiveblocks.com/@holger80
image.png
It is set to @steem for my account and as it is most unlikely that @steem will ever sign a Request_account_recovery operation on HIVE, I'm unable to recovery my account, when I would accidentally leak my owner key and someone would change it using my leaked owner key.

This is most unlikely, as I'm not using my owner key but it could happen.

How does account recovery work?

Assuming, my owner key was changed within 30 days, I have the previous owner key and the recover account is signing, I can recover my account:

  1. I need to create a new owner key
  2. the recover account broadcasts a Request_account_recovery operation with the new owner public key signed with its active key
  3. I need then to broadcast a Recover_account operation with the old and the new owner public key and sign it with the old and the new owner private key.
  4. I can change now all keys with an Account_update operation signed with the new owner key.

Currently this will not work for me, as @steem will not broadcast a Request_account_recovery operation on HIVE.

Changing the recover account

I created a new account @recovery.account on HIVE as my new recovery account.
It would be possible to use hivesigner for this:
https://hivesigner.com/sign/change_recovery_account?account_to_recover=holger80&new_recovery_account=recovery.account&extensions=%5B%5D
or peakd: @holger80/permissions

But I do like to use my own script:

from beem.account import Account
from beem.nodelist import NodeList
from beem import Steem
from beem.transactionbuilder import TransactionBuilder
from beemgraphenebase.account import PrivateKey
import beembase
import getpass


if __name__ == "__main__":
    nodes = NodeList()
    nodes.update_nodes()
    key = getpass.getpass(prompt='Owner key: ')
    owner_key = PrivateKey(wif=key)
    print("pub: %s" % str(owner_key.pubkey))
    account_name = input("account name: ")
    new_recovery_account = input("new recovery_account: ")
    hive = Steem(node=nodes.get_nodes(hive=True))
    assert hive.is_hive
    
    account = Account(account_name, steem_instance=hive)
    new_rec_acc = Account(new_recovery_account, steem_instance=hive)
    
    op = beembase.operations.Change_recovery_account(**{
        'account_to_recover': account['name'],
        'new_recovery_account': new_rec_acc['name'],
        'extensions': []
    })
    print(op)
    prompt = input("Broadcast the operation? [y/n]")
    if prompt[0] == "y":
        tb = TransactionBuilder(steem_instance=hive)
        tb.appendOps([op])
        tb.appendWif(str(owner_key))
        #tb.appendSigner(account['name'], 'owner')
        tb.sign()
        trx = tb.broadcast()
        print(trx)

Results in

image.png
This means that in 30 days my recovery account will be changed.

I will keep the keys of @recovery.account in a safe place and will not use them.

Is there a need for a recovery account provider?

Do you want also to change your recovery account? How could this work? Let me know.

a few seconds ago
holger800
$ 52.23
308
7
H2
H3
H4
3 columns
2 columns
1 column
17 Comments
Ecency