How to review account permissions and change your recovery account

![image.png](https://files.peakd.com/file/peakd-hive/holger80/UScDOcPB-image.png) [source](https://pixabay.com/de/illustrations/schl%C3%BCssel-schlo%C3%9F-sicherheit-metall-3348307/) All accounts on the HIVE blockchain that existed also before the fork may have posting permissions granted to apps that do not exists on the HIVE blockchain. It is a good idea to remove them for now. You can use beempy to remove posting permissions to your account. At first, all account that have posting/active permissions should be printed with ``` beempy permissions holger80 ``` ``` +------------+-----------+-----------------------------------------------------------+ | Permission | Threshold | Key/Account | +------------+-----------+-----------------------------------------------------------+ | owner | 1 | STM5XDYn3NeTqiMd1wczZjF9sPiJqY2uQw9HRwT6LR6rQytAxWNfz (1) | | active | 1 | STM7tA7Mh81wJV1J8eW8NyGLc3XCSyXNdFnhAh8F8bYYd8yAcy6Ew (1) | | posting | 1 | actifit.app (1) | | | | dpoll.xyz (1) | | | | esteemapp (1) | | | | nc-client (1) | | | | nextcolony (1) | | | | peakd.app (1) | | | | rewarding (1) | | | | STM6t5ExkHZtQL1pdkrRZjCgzbAdnB3YUYCZgrYWDXvdnU5bp57jL (1) | +------------+-----------+-----------------------------------------------------------+ ``` ## Remove posting permission Now, not needed permissions can be removed by ``` beempy disallow -a holger80 busy.app ``` where the account name is set with `-a`. This command broadcasts a `account_update` operation and removes the given account name from the `account_auths` field. ![image.png](https://files.peakd.com/file/peakd-hive/holger80/nNzpFYoS-image.png) This can also be done with https://hivesigner.com/revoke/ followed by the account name, e.g. https://hivesigner.com/revoke/busy.app Changing and reviewing permissions is also possible with peakd: https://peakd.com/@holger80/permissions ## Recovery account The recovery account can be check with https://hiveblocks.com/@holger80 ![image.png](https://files.peakd.com/file/peakd-hive/holger80/n5L0jCIN-image.png) It is set to @steem for my account and as it is most unlikely that @steem will ever sign a `Request_account_recovery` operation on HIVE, I'm unable to recovery my account, when I would accidentally leak my owner key and someone would change it using my leaked owner key. This is most unlikely, as I'm not using my owner key but it could happen. ### How does account recovery work? Assuming, my owner key was changed within 30 days, I have the previous owner key and the recover account is signing, I can recover my account: 1. I need to create a new owner key 2. the recover account broadcasts a `Request_account_recovery` operation with the new owner public key signed with its active key 3. I need then to broadcast a `Recover_account` operation with the old and the new owner public key and sign it with the old and the new owner private key. 4. I can change now all keys with an `Account_update` operation signed with the new owner key. Currently this will not work for me, as @steem will not broadcast a `Request_account_recovery` operation on HIVE. ## Changing the recover account I created a new account @recovery.account on HIVE as my new recovery account. It would be possible to use hivesigner for this: https://hivesigner.com/sign/change_recovery_account?account_to_recover=holger80&new_recovery_account=recovery.account&extensions=%5B%5D or peakd: https://peakd.com/@holger80/permissions But I do like to use my own script: ``` from beem.account import Account from beem.nodelist import NodeList from beem import Steem from beem.transactionbuilder import TransactionBuilder from beemgraphenebase.account import PrivateKey import beembase import getpass if __name__ == "__main__": nodes = NodeList() nodes.update_nodes() key = getpass.getpass(prompt='Owner key: ') owner_key = PrivateKey(wif=key) print("pub: %s" % str(owner_key.pubkey)) account_name = input("account name: ") new_recovery_account = input("new recovery_account: ") hive = Steem(node=nodes.get_nodes(hive=True)) assert hive.is_hive account = Account(account_name, steem_instance=hive) new_rec_acc = Account(new_recovery_account, steem_instance=hive) op = beembase.operations.Change_recovery_account(**{ 'account_to_recover': account['name'], 'new_recovery_account': new_rec_acc['name'], 'extensions': [] }) print(op) prompt = input("Broadcast the operation? [y/n]") if prompt[0] == "y": tb = TransactionBuilder(steem_instance=hive) tb.appendOps([op]) tb.appendWif(str(owner_key)) #tb.appendSigner(account['name'], 'owner') tb.sign() trx = tb.broadcast() print(trx) ``` Results in ![image.png](https://files.peakd.com/file/peakd-hive/holger80/N8fWV7bM-image.png) This means that in 30 days my recovery account will be changed. I will keep the keys of @recovery.account in a safe place and will not use them. ## Is there a need for a recovery account provider? Do you want also to change your recovery account? How could this work? Let me know.

See: How to review account permissions and change your recovery account by @holger80

More About Python