When you first sign up on Whaleshares and are verified, you get a link from your email to a link that gives you your master password. You then somehow save it. You then use that and your username to login. Yay, you're now on Whaleshares! But then you start to think about security. What would happen in x happened? How does y work? Where do you go? Here.
So I want to start of giving some vocab. Yay, kinda like school right? Well school helps you prepare for life. This vocab will help you to prepare to secure your account.
- Master Password - This is where you're private keys come from. All private keys use this in generation. Some blockchains also consider this a brainwallet.
- Owner Key - This key has to do anything with your account, including changing private keys, except viewing private memos.
- Active Key - This key has to do with your funds. Like transfers, powering up or down, etc.
- Posting Key - This key has to do with posting, commenting, voting, and following.
- Memo Key - This key has to do with encrypting and decrypting private messages used in transfer memos.
- Private Key - This is what you use to sign into different services. Do not give these away. There are owner, active posting, and memo private keys.
- Public Key - This is stored on the blockchain, and are made from your private keys. These verify signatures which we'll get to.
- ECC - Stands for elliptic curve cryptography. It's used to generate the private keys, public keys, and to sign transactions. Used in most if not all cryptocurrencies.
- Signing - This is the process of mathematically proving that you own the account you want to use to do certain operations.
Tips On Security
- Keep your owner key and master password offline. Meaning don't copy or paste it anywhere. Write it down somewhere and store it where you can retrieve it anywhere. I would suggest multiple backups as well. If you loose the owner key or master password, you loose your account. But if someone get's a hold of it, you also could loose your account :(
- When interacting on Whaleshares.io or any other site/app/service never use your owner key or master password. Only use posting/active key depending on what your doing. So when your commenting use your posting key to sign in. When your wanting to transfer WLS for example use your active key.
- In the future there will be the choice of use multi-sig. This is where you can add multiple private keys to your account for each role. For example you can change it where you have 2 keys that needs to used before you can send WLS. That way you have to enter both to be able to send. You could use one only on a laptop or pc, and one only on a mobile device, keeping them separate. Again this will be available in the future.
- Use common sense. Usually if it sounds too good to be true, then it is. For example an ad saying you have an extra airdrop reward, just give me your private keys so I can send it to you, is a red flag. Never input your private keys into a site you do not trust.
How Do Private Keys Work
Here's a video that gives a simple explanation about the signing process. Here's a video about key security, it's based on bitcoin, but most could be ported to Whaleshares. Here's the code that generates private keys.
If you have questions please ask in the comments below, and always be smart about your account.
This is also posted on Steem. This is meant for Whaleshares, but some applies to Steem as well.