How to change your BitShares keys for local wallet and cloud login

in #bitshares2 years ago (edited)

If your keys become compromised and your need to change it use this guide as an outline. Please be careful in every step as you might lose access to your account otherwise. This guide comes with no warranty.

Hint: If you don't care about your existing account, or are unsure about switching keys, you can create a new account on a secure wallet and transfer all funds from the old account.

If you have Cloud login:

https://github.com/bitshares/bitshares-ui/wiki/Cloud-Wallet-Login-and-changing-password

If you have local wallet:

  1. Import your existing bin file into bitshares.org, or any other secure wallet. If you do not have a backup, download one from your old compromised wallet (you should not be prompted to enter your password). Alternatively, create a new local wallet and import all the keys that you would like to switch (in default setting that would be the active, owner and memo key)

  2. To create a new set of keys, enter your account name and any random password (it is just used to generate the keys) at
    https://paperwallet.bitshares.eu/

  3. Switch the active key

    1. Store public and corresponding private active keys showing in the paperwallet securely

    2. Add the public active key to your accounts active permission at
      https://wallet.bitshares.org/#/account/youraccountname/permissions
      To do that, enter the public active key and Weight "1" under "Enter account name/key and weight", then click add and then click Save. If you have non-default setup of permissions (e.g. multi-sig) with multiple keys and a threshold that is not 1, please do the proper adjustment.

    3. Add the private active key to your local wallet
      https://wallet.bitshares.org/#/settings/restore
      Select "Import a private key" and follow the instructions

    4. Confirm that the active key now appears in blue font at
      https://wallet.bitshares.org/#/account/youraccountname/permissions
      and that you can see the private active key when clicking on it.

    5. Remove the old active key from the active permissions and click Save

    6. Reload and confirm that only the new active owner key is listed in the active permissions

  4. If your compromised wallet also contained the owner key, repeat step 3) for the owner key. The same holds for the memo key, although not critical as it only allows to sign messages in your. Beware that switching the memo key means that you wont be able to read your old memo messages.

  5. After you are done switching your keys I would recommend doing a backup of the new local wallet. Additionally, I would recommend creating another local wallet that will be used for everyday activities and only put in the private active key and the private memo key, and not the owner key. Use the wallet with the owner keys only for account recovery.

Sort:  

👍 👍👍

You have a minor misspelling in the following sentence:

multi-sig) with multiple keys and a threshhold that is not 1, please do the proper adjustment.
It should be threshold instead of threshhold.

An easy method is open new BTS account with local wallet and transfer everything into new account.

Thank you! Will add that as well

  1. My active and memo keys are the same but owner is different..is that ok?
  2. in my main acct I am an LTM..if I choose the easy way to create a new acct what happens then? Plus all the folks I referred does my credit go away opening a new acct???

Same here, can someone answer?

  1. Yes, in the default setting the UI creates your account with the same key for active and memo. I would not recomment this setup and have three distinct keys for active owner and memo. But please be aware that changing the memo key means that you wont be able to read any old transfer memos, only the ones you receive or send after the key switch

  2. If you create a new account and transfer funds you are giving up the old compromised account. That means that the referral rewards still go to the compromised account and there is no way to switch that, also the LTM is not tranferrable. I would recommend changing the acive and owner key if you logged into OpenLedger in the last 48 hours.

ok thanks for the clarity. I have not been in Openledger for a week. I cannot believe the default was setup this way and why it was in the first place.

I prefer to back up to brainkey only. Is there a way for me to change my active key without a bin file backup? I have created a new account (local wallet) in the bitshares client, but when I get to step 3.2 above, and click save, it asks me to log in with my password and a bin file back up.

The only other option is for it to create a bin file back up as I save, but I do not want to do that.

Any other option for me?

It would be easier to just change the memo key, but that does not appear to be an option either...

Do you have any idea how to generate keys using the brainkey of your wallet?