You are viewing a single comment's thread from:
RE: Attention Bitshares DEX Users! READ THIS - Your accounts may be vulnerable!
My active and memo keys are the same but my owner key is different. Does that mean I’m okay?
Are accounts impacted differently if they have a local wallet rather than a web-based account?
I was under the impression that having a local wallet meant I was pretty safe: that someone would need my password and be using my computer to access my wallet. True or false?
Thanks
Same here too.
From OpenLedger’s knowledge base, defining the difference between wallet and account (cloud-based) models at https://openledger.freshdesk.com/support/solutions/articles/33000202644-what-are-the-differences-between-account-and-wallet-model-
“Being more secure than the account model, the wallet model is restricted to your current browser and device. To use the wallet in another browser or device, you need to import the wallet backup file or brainkey.”
This seems to confirm my earlier statement on security of the local wallet. I have not found anything else out yet.
Same here, should we do something?
same here, too. I have the same question as @cannonball6
10 steem tip for the one who can answer ;)
If your active key and your memo keys are the same and you have shared your private memo key, then your account is still vulnerable.
Say for instance, I created a website and asked you to enter your private memo key, I could then transfer your funds. That’s because your memo private key is the same as your private active key. Active keys give you the right to buy/sell/deposit/withdraw funds.
The owner keys provides this same access in addition to changing your password.
My owner, active, and memo keys were the same, so I changed my owner and active keys. Afterwards I can continue to read my memos on previous transactions.
As an alternative changing your keys, you could just create a new account and then transfer your assets from the old account to the new account.
Thanks for your follow up, it is appreciated. I am fairly confident I am okay since I have n ver knowingly given anyone access to any of my private keys, but I wonder if there is a way one could do so unknowingly.
You have highlighted the memo function as a potential vulnerability. The only times I have never included any memo is when making a deposit to Openledger and entering my account name in the memo field. I don’t expect this would create a vulnerability but I would love to be corrected if I’m wrong! Thanks again!
The memo key is a vulnerability if it matches one of your other two keys. If all 3 keys are different, then your account is secure.
Mike, my owner and active keys are the same but memo is different...is this secure in your opinion? Thanks for any feedback
Take a look at my answer below.