Posts

Audit your authorities

avatar of @themarkymark
25
@themarkymark
·
·
0 views
·
2 min read

Was just talking with someone who asked me about revoking an active authority on their account and was having trouble with Hive Signer.

I don't use Hive Signer, so I showed them another way, an easier way. But before I get to that, I want to say there are very few if any situations you should grant someone your active authority. This is almost always a bad idea unless you really know what you are doing.

Granting your posting authority is fairly common to allow for auto voting on your behalf or scheduled posts, but active authority grants full access to your tokens. This includes NFTs and other assets. I can't think of a legimate use case you would want to do this.

One of the great features in the last hard fork was the ability to do reoccuring payments, this is great feature if you want to pay for a regular (aka monthly) service and not have to worry about forgetting about it.

You can see your current authories on Hiveblocks.com or Peakd.com. Let's look at a more complex one like @theycallmedan.

Here you can see two active authorities have been granted, and a lot of posting authorities.

I don't know what Dan does and needs, so I have no input on what should be here, but it's a good practice to occassionally spend a few seconds and just look through who you granted authorties to. Make sure you still use them and you are comfortable with what you have. I suggest doing this at least every 3-6 months.

There have been cases in the past that posting authorties have been taken advantage of, I remember when Utopian authority was mishanded to use everyone's vote, Busy.org was also compromised at one point, as well as many others.

Make sure you look through your authorties and remove any dApps you no longer use or trust.

You can use Hive Signer, PeakD, CLI, as well as a few other ways to remove authorities you no longer approve. The easiest way and my favorite is to use PeakD #peakd4life which I will show you.

Remove Authorities using PeakD

Go to your profile page, peakd.com/USER so you can get to the settings. You do not want "PeakD Settings", you want the account actions found on your profile page.

Take a moment to enjoy my new profile theme if you like. I am a big fan of Deadpool as well as Firefly.

From here, use the Account Actions dropdown to go to Keys & Permissions.

Click on Authorities.

As you can see, I don't grant authorities often. Here you can see PeakD has my posting authority which gives them the ability to upvote, downvote, send custom json, post, comment, and interact with some dApps, but it is only really used for scheduling posts with PeakD.

That's it! Remember to do this once and a while to make sure you are not putting yourself at risk. In most cases, the only risk is your voting power if you only grant posting authority. I don't ever recommend granting active authority unless you really know what you are doing and have a unique situation and understand the risks involved.

Posted Using LeoFinance Beta