Tutorial: Changing Your Recovery Account
Phishing is Real
Recently, one of my followers accounts was hijacked through a phishing scheme. I suddenly became very interested in what preparations I have made for myself to recover my account if it were ever hijacked. If I managed to get to it in time, I could quickly change the password. What if the hijacker changes my password though? Then what can I do?
When you first create an account, @steem is the main recovery account.

This puts you in a precarious situation if your account is hijacked and/or you lose your master password. @steem is the only account that can recover your account. Without any way to prove you actually own the account, recovery is impossible. The best thing you can do is get ahead of this. You can change your recovery account.
Audience
This tutorial is intended for anyone with nodejs experience.
The Project
I'll use my daughter's account in this example since I am concerned that if anything happens, I can recover her account for her.
My examples can be found in my github repository. The recovery.ts is where the majority of the source code exists for this example.
Usage
This project is written with Typescript. The only requirement really is nodejs. The project can be built with
npm install ; npm run build
Before running recovery, the following environment variables need to be set
| variable | description |
|---|---|
| STEEM_NAME | name of the account to change recovery for |
| STEEM_WIF | master password |
The project can then be run with
npm run recovery <new recovery account>
New Recovery Account
We use the steem-js api to change the recovery account.
First, we need to create a private key from the master password
const pk = steem.auth.toWif(user, masterpassword, "owner");
Once the private key is set, we can now use changeRecoveryAccountAsync.
steem.broadcast.changeRecoveryAccountAsync(pk, user, new_recovery_account, [])
.then((results: any) => {
console.log(JSON.stringify(results));
});
The result will look something like:
> npm run recovery r351574nc3
{"id":"cad03816d7c5e2e3f3f65defb9d1157cc2e2a743","block_num":20257686,"trx_num":56,"expired":false,"ref_block_num":7045,"ref_block_prefix":1559991723,"expiration":"2018-02-28T06:22:24","operations":[["change_recovery_account",{"account_to_recover":"salty-mcgriddles","new_recovery_account":"r351574nc3","extensions":[]}]],"extensions":[],"signatures":["1f30ff0d6cb698d1c3542a649527b46e81b119ed9830c6b83d8cc52cd7348fc99c4620cf49d089b160fb57fd2fb63aebfb53341a474bae23beed8b66f268f4b191"]}
You can verify the change on steemd
That's it. Now the recovery account has been changed, and if your account becomes hijacked, you can recover using your recovery account.
Thank you
I hope you enjoyed this and that it was helpful to you.
Other Tutorials in this Series
- Tutorial: Getting Started with git-steem-bot
- Tutorial: Weekly Digest Steembot in a Docker Container
- Tutorial: Viewing Steemit Account History
Posted on Utopian.io - Rewarding Open Source Contributors

Moar like this!
Feel so much safer now.
@r351574nc3, Contribution to open source project, I like you and upvote.
this looks really useful! thanks for sharing :)
Thank you for the contribution. It has been approved.
You can contact us on Discord.
[utopian-moderator]
Hey @r351574nc3 I am @utopian-io. I have just upvoted you!
Achievements
Suggestions
Get Noticed!
Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!
Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x