First of all, I'd like to mention that the first three screenshots were shot some months ago. The account creation looks a bit different nowadays but works almost the same way. The main difference is there is no “advanced” option when in cloud login-mode. To make a local account, you have to switch login mode in in preferences.
Second, do not ever do like I have done here and publish your login credentials on the internet! I have done it here using a special purpose account that it is strictly meant for educational and testing purposes.
Third, I use a cloud account. The same thing can be done with local login-mode, but I have little experience with that account type. I prefer cloud account and for most users it is enough. The raging debate of what is better is somewhat over proportioned. And I like to put it this way: If you have less than a months house rent on the account, cloud is your choice. It's easier and you can access it everywhere without carrying a storage device with your private keys.
So why change password?
In short, to be more flexible, human recognisable IS more convenient. It is sort of contradicting to keep the 45-character string when what you really want is the flexibility to log in where and when you want. It is important to keep it long and complicated for any brute-force attack attempts. Because Brute-force IS a vulnerability with this account type. And like everything else in crypto, you are responsible for the security.
I have seen so many different opinions on this, and while well meaning, following the steps I'm about to show here is secure and you will not lose access to your coins. But there is potential to do just that. So pay attention. I have taken every possible precaution to be able to reverse to the bitshares-generated password.
Back to where I started
As I mentioned, I made this account some months ago. Things looked a bit different then. And that is very often the situation users are faced: They make an account, store some coins to return later. Remembering the login details is crucial. So I made sure to SAVE the details.
mynewaccount22 -Snazzy name! Take note that I stored the information in a text file. You can encrypt it or write it on paper, it's up to you. I prefer to keep it in text files on an encrypted disk image.
And for everyone that has LOST their password, you have not paid attention:
Lets change that password, shall we?
Take note that I focus on your ability to REVERT to your original login details if you so wish.
1. Backup your keys
Strictly not a necessary step if you know what you are doing. But there is a good reason for backing up the keys. We are going to erase them later on. And then it is good to know which was the old one and which is new. To do so, I use the same text file.
Go to: Main menu (in the upper right corner) → Permissions
You will find four tabs here: Active permissions, Owner permissions, Memo key and Cloud wallet
In Active permissions,click the blue public key. In the resulting window, click “show”. Copy both the public and private key to the text file.
Repeat this in Owner permissions.
Save the text file.
2. Making a new password
First of all, put some thought into what your new pass should be. And write it down in the old text-file and remember to save it before preceding.
Copy your new pass into the two fields as seen on the image under the Cloud wallet tab
At this point, you will see the new keys being generated. It's kind of fun to watch if you are of the curious nature. It is also possible to fuck up, so keep it to the password you decided on. It's safer that way. Use copy-paste for consistency.
Then you can hit “USE” on all the three buttons:
Click save and confirm the transaction:
Right! You have just made a new password for your account! Take note: You have made a new one. The old is still active. But we can fix that.
Test your new password by locking the account and unlocking it using the new password..
3. Cleaning up
As I said: You have made a new password. You have also made a completely new set of keys. In the process, the old one is also active. To me it makes sense to clean the old away to eradicate any confusion at a later stage.
This is a two-step process. Both the Active and Owner keys get duplicated. And since we backed up the old keys earlier on, it is easy to determine which is one to many:
In the Active permissions tab, click delete on the old key set, repeat in the Owner permissions tab and click save. Pay the fee and then it's time for the moment of truth:
Will it work? Yes, it will. If you manage to delete the right one. I have still not managed to lock myself out. But it is possible!
To manage accounts is not something you do the five minutes before you go on vacation. Nor is it when your girlfriend decides to raise hell. Be calm and be careful. Save information that is crucial. Evaluate as you go along, make sure shit works.
And to make a few things 100% clear:
- DO NOT POST PRIVATE KEYS ON THE INTERNET LIKE I JUST DID!
- THIS IS INTENDED FOR EDUCATIONAL PURPOSES! YOU ARE IN CHARGE OF YOUR KEYS!
- IF YOU FEEL IT IS TOO MUCH, CONSIDER ASKING FOR HELP FROM SOMEONE!
Thanks to @libertydan for a nice conversation and for funding my test account. And to those who want to steal the remaining 9.96 bts in the account: Try. It's yours if you manage.