You are viewing a single comment's thread from:

RE: Steal my EOS -- An experiment on the EOS.IO Mainnet

in #eos7 years ago (edited)

Great idea and a fun little game that will teach people about account security features of EOS! :)
btw,
Active key can and should be different from owner. Initially all accounts come with same owner and active key. For better security before starting to use EOS account people should update their active accounts and use them when logging into wallets. Owner key should be left offline in storage and only be used to update active key and serve as a "recovery" key.
Generate new key with:
cleos create key

Here is a cleos command that can be used to update active key for an account

cleos -u https://eos.greymass.com:443 set account permission < accountname > active '{"threshold": 1, "keys": [{"key": "< new active public key >", "weight": 1}],"weight":1}]}' owner