#GG
EOS Handbook
Version 1.12.20190615 β. This document is all allegedly.
About
Coinbase is currently allowing users to earn $10 of EOS by completing introductory lessons to start learning about EOSIO and EOS.
coinbase.com/earn/eos
Guide to EOS Account Management & Security.

eoshandbook.com is an offline .html file which works with and without javascript.
This document is constantly updated.
You can get the latest .pdf snapshot here.
To contribute join the telegram group or
the GainGang telegram group.
Contents

📔 About This Handbook


eoshandbook.com aka GG EOS Handbook aka EOS HamBook


Formats

eoshandbook.com is an offline .html file which works with and without javascript.
It provides the same information as a document and dynamically with questions and as an FAQ.

Video guides for each topic will be added as they emerge.

Audience

This critical information is for everyone. We aim to present it in a simple, accessible and non-boring way. Please help us improve this content if you can.

Purpose

To be a constantly updated resource to provide needed basic information on EOS accounts and security.

I saw questions being answered with partial explanations given with a declaration that there is much more to understand that cannot be explained quickly.
This resource was created to help explain basic aspects of EOS to new users. Thanks to the many who have given me positive feedback and support.

There are lots of static articles describing how to manage your EOS.
Unfortunately things change quickly and the information in these can become outdated fast.

A common example is articles telling people to use Scatter Chrome Extension even though it should never be used because it is not supported and has been replaced by Scatter Desktop.

Inspiration

Crypto Feez on youtube
"Cherish your health, love your family and protect that crypto!”

Blue Rock Talk with Connie Willis on youtube
20190206-🖖 CRYPTO CONNIE discusses the recent PASSWORD TRAGEDY!. [56:52]
Crypto Connie: “I would love a little handbook. A little rule book of all this stuff, you know; do this do that, if you have this many, this much crypto if you go over this get a
Cold Wallet
A Cold Wallet allows you to keep your keys cold by signing transactions offline. See more on the sections on Cold Wallets.
if you’re here this is kind of safe to do this That would be a great thing for someone to write up.”

EOS Telegram Channel:
Ralph Lett, [26.02.19 05:24]
“Explain to me then how someone can steal your account if they get your
Owner Key
A key that is set as the owner permission for an EOS account.
?? Why the hell do we even have an
Owner Key
A key that is set as the owner permission for an EOS account.


Experiences

Trybe TV 2019-01-28
Trybe TV - Scam Alert. How my EOS account got hacked and how yours could too...
Matt from trybe shares why we should avoid:
storing private keys on our computer and having our owner key in a hot wallet.

Author

Written by EOS user communitydev
aka Ham aka K aka Block Ham - GG Community Developer

Donate to my account : communitydev
Donate to the GainGang : gaingang.e
Use the MEMO field to say why you are donating or put requests for content or questions.

I am completely independent and received nothing to produce eoshandbook.com. Donations will allow me to work on projects that benefit the EOS community and can be seen on the EOS blockchain here: communitydev.

Contact

To get support and ask questions about this resource:

email: [email protected]

Telegram:
Join the GainGang Telegram channel for EOS news and discussion.
Join the eoshandbook.com Telegram channel .

🛡 Protect that Crypto!
Love your family & cherish your health.
Be safe. Breath and relax. If this document is stressing you out, take a break or seek your answers elsewhere. We all die one day, part of your security should include having a plan for that.

Do not lose your
Keys
Your private keys you hold for your crypto accounts are commonly refered to as your " keys".
The only part of key pairs you NEED is your PRIVATE key because a public key can be regenerated from a private key if lost.
.



If you do NOT want to know about Keys there are alternatives:

Be Bespoke

Bespoke means custom or custom-made.

Managing your own security means you are additionaly protected because no one knows how your security is managed.

For any one specific security solution a flaw could be found. If it is known that you use that solution it is easier for hackers to target you.

Therefore we do not recommend a single solution with a checklist to follow. This handbook aims to make clear the main hazards and potection solutions to choose from.

In all cases we recommend:
Do not loose your keys.
Always keep backups in multiple locations or with multiple people.


Use advanced security with
Permissions
Declare who has access to an account. Permissions can be set to public keys or to EOS usernames.
.

Things are advancing quickly and security solutions will rapidly get better and simpler.
We are all in this together, One Love.

"Every Man Think That His Burden is the Heaviest"
from Running Away by Bob Marley

🔮 Risks
There are 2 conflicting tensions:

LOST KEYS

Protection from yourself.
Prevent yourself form losing your
Keys
Your private keys you hold for your crypto accounts are commonly refered to as your " keys".
The only part of key pairs you NEED is your PRIVATE key because a public key can be regenerated from a private key if lost.
.

STOLEN KEYS

Protection from others.
Stop someone else taking your
Keys
Your private keys you hold for your crypto accounts are commonly refered to as your " keys".
The only part of key pairs you NEED is your PRIVATE key because a public key can be regenerated from a private key if lost.
.

In many cases your risk of losing your password/keys is much greater than the risk of anyone stealing them.

UNWANTED dApp ACTIONS

Authenticator
Authenticators are the programs that allow you to authenticate a transaction. For example to authorize an account to send funds you will need an authenticator with the appropriate private key for the account.
Authenticators are often provided as "wallets".
s like
Scatter
Scatter is a multi-chain wallet. get-scatter.com.
It works on EOS and other chains.
Scatter wallet is the EOS authenticator we recommend.
will ask you to confirm any actions that you perform in
dApps
dApps are Decentralized Applications.
EOS dApps are the Applications that run on the EOS network.
You can see a lists of active dApps at:
dappradar.com
dapp.review
.

Trustworthy dApps will not perform any bad actions and can be whitelisted to skip confirmations.

WARNINGS:
Malicious dApps are safe to use ONLY if you follow this rule:

Always check every contract action before confirming it.


For example if the action you are attempting is to stake a token it should say stake in the confirmation screen and not anything else.

Be espessially carefull of actions that say "updateauth" as this is the action can change your keys and give control of your account away
There is a video on this by Crypto Money Life - How To Spot a Scam When Using Scatter EOS
RISK 1 : Fire / theft / death / loss of keys.
RISK 2 : Compromised computer; local or online.
RISK 3 : Hacks (including phishing attacks)

You can determine the level of RISK and then decide how SAFE to be.
If you set up accounts with small balances you can take on much more risk.
The more important your tokens are to you; the higher the level of security you should use.

All accounts should be GG SECURE using backups, encryption and offline storage.

Consider using additional levels:

GG COLD SECURE: Create and Set Cold Keys.

GG GANG SECURE
Using group permission with multi-sig; the most powerfull method for advanced security..
🔑 What is Crypto?
Crypto
Usually refers to crypto-currency as a topic or your holdings of crypto-currency.
The root word means "hidden".
It can be short for Cryptography, Cryptographic, a Crypto-Currency or Crypto-Asset.
is Short for Crypto-currency.

Digital Assets can include non-cryptographic digital assets.

The only type of digital assets we are concerned with here are assets protected by a public/private
Key Pair
Crypto accounts require a "cryptographic public/private key pair".
Together the public and private key form the "Key Pair".

The private key is the only critical part and can be used to generate the public key.
.
The one way cryptographic algorithm that gives us PRIVATE/PUBLIC key pairs is based on complex mathematics.
Few understand how these alorithms functions but it is important to understand what is achieved by having public/private key pairs.

Crypto accounts require a "cryptographic public/private key pair". The only part you need is the PRIVATE key. Your private keys you hold for your crypto accounts are commonly refered to as "your keys".

The public key allows you to tell people what your password is without telling them your actual password.
This is the main difficult thing for people to understand.

Put simply a public key is a kind of magic thing that allows someone to be able to confirm what your password is without knowing your password.
Even though that may seem impossible.
Cryptographic assets can be said to be owned or "held in a wallet" because the owner has control over the PRIVATE KEYS needed to acess those assets.


FUN FACTS about Cryptography:
• Cryptographic algorithms were developed by the military and not revealed officially to the public until the 90s.
• The RSA encryption algorithm was developed by the military in the 70s.
• A military is just a big gang. So crypto was started by a gang as a gang secret.


https://en.wikipedia.org/wiki/Public-key_cryptography
“Their discovery was not publicly acknowledged for 27 years, until the research was declassified by the British government in 1997”

https://en.wikipedia.org/wiki/RSA_(cryptosystem)
The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978

https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
EOS uses ECC to generate keys.
The Elliptic curve cryptography functions: Private Key, Public Key, Signature, AES, Encryption, Decryption are available at: https://github.com/EOSIO/eosjs-ecc
What is EOS?
EOS is crypto.

eos.io


“The most powerful infrastructure for decentralized applications”

eos.io
github.com/EOSIO is the open source software that runs the eos blockchain.
is the software that EOS uses.

The Chestahedron is the symbol for EOS:
It is the first heptahedron of this configuration in the history of geometry.
Created by Frank Chester

In greek mythology EOS is the Goddess of the Dawn.

EOS Accounts

To use EOS you must get an EOS account.


The EOS MAINNET

The main network running the EOS.IO software is called the EOS MAINNET.
The eosio contract is controlled by the elected
BP
A Block Producer. One of the producers of blocks that make up the blockchain of the EOS network.
s.

The EOS Token

The EOS token is a utility token that can be staked for
Resources
In EOS Resources refer to RAM, CPU or NET. RAM is bought and sold. CPU and NET are gained by staking EOS.
Some actions like claiming airdrops use RAM. Transferring tokens use CPU. The amount of CPU taken for a transaction is fixed but the CPU you get for your staked EOS depends on how busy the network is.
.
Anyone can run the software and there are already several other active networks running the same sotware.

These networks can all be accessed now using
Scatter
Scatter is a multi-chain wallet. get-scatter.com.
It works on EOS and other chains.
Scatter wallet is the EOS authenticator we recommend.
:

Sister Chains run the eos.io software:
TELOS
" Telos will have the most even money supply distribution of any blockchain. This token distribution improves governance so the network is more secure and sustainable."
WORBLI
An EOS blockchain that uses KYC.

Side Chains are running modiied version of the software:
EOSFORCE.IO
"EOSForce is dedicated to exploring a more open set of cryptoeconomic infrastructure. Through consistently developing a multichain architecture protocol, EOSForce fulfills needs for diverse consensus and facilitates blockchain applications in all fields."
BOS (Business Operating System)
"The goal of BOS(Business Operating System) is to build an EOSIO ecosystem that supports more DApp and solve real-world problems using blockchain technology..."

There appears to be misinformation going around about sister / side chains.
For example the top link on a search for these terms gets:
https://www.auroraeos.com/blog/sidechains-and-sister-chains-on-eos-an-explainer/
This article is wrong about several things including: "Sidechains are EOSIO blockchains that utilize the EOS mainnet token for resource allocation". This is fake news.
👤Wallets: Accounts, Authenticators and Tools

Wallets, Authenticators, and Toolkits


Wallets are not like physical wallets.
We are going to call all wallets that store your keys AUTHENTICATORS.

Your account on a blockchain is also called a wallet.
Authenticator
Private Key
Account
Public Key


"the term ‘wallet’ is potentially misleading if the user’s intention was to ‘authenticate’ with a service or to ‘sign’ a transaction ... traditional wallets functioned as a place to store tokens, the blockchain community adopted the term ‘wallet’ in the early stages of its development ... we have considered a number of terms that would more accurately describe the purpose of ‘wallets,’ from ‘signature providers’ to ‘authenticators’ to ‘transaction signers’. Ultimately, we have decided that for the purposes of this library and our future literature in the wallet ecosystem, we will be referring to all ‘wallets’ as ‘authenticators’. "
from eos.io
EOSIO Labs™ Release: The Universal Authenticator Library (UAL)
In EOS the "wallet" has 3 different aspects: Authenticators allow you to access your account (wallet) and have tools (often also called a wallet).
  • Account Wallet
    The address or name of your crypto account.
  • Authenticator Wallet
    These store your
    Keys
    Your private keys you hold for your crypto accounts are commonly refered to as your " keys".
    The only part of key pairs you NEED is your PRIVATE key because a public key can be regenerated from a private key if lost.
    .
  • Tools Wallets
    Allows you to manage your account by permforming contract actions.
EOS permissions are a powerfull way to control access to the wallet.
Authenticator
Private Key
Account
Tools (Contract Actions)
Permissions


All actions.
OWNER


All except change owner.
ACTIVE


Custom contract action.
custom


Account "Wallet"

Crypto accounts are called wallets. Your account is the location of your tokens and so conceptually like a physical wallet.

EOS accounts have a simple username, in BTC the address is a public key.

When you look up an account on a
Block Explorer
A Block Explorer is a viewer information on a blockchain. There are many EOS block explorers:
bloks.io is a block explorer that features wallet and DEX functionality.
eosauthority.com is a website that provides a wallet, block explorer and much more.
eosflare.io is just a block explorer.
you see the account contents.
The contents of your account are said to be in your "wallet".
For example communitydev.



Authenticator "Wallet"

There are many "wallets" that act as an
Authenticator
Authenticators are the programs that allow you to authenticate a transaction. For example to authorize an account to send funds you will need an authenticator with the appropriate private key for the account.
Authenticators are often provided as "wallets".
:
These hold your
Keys
Your private keys you hold for your crypto accounts are commonly refered to as your " keys".
The only part of key pairs you NEED is your PRIVATE key because a public key can be regenerated from a private key if lost.
.

Hardware Wallet
Never remember a password again... A "hardware wallet" is a "hardware authenticator". It holds your keys.
Blockchain as the Solution to the Insecurity of Passwords by block.one block.one News : Blockchain solution to the insecurity of passwords
- Tutorial on changing your EOS owner and active keys using Ledger Nano S:
s are authenticators.

Recommended Software Authenticators:
  • Scatter
    Scatter is a multi-chain wallet. get-scatter.com.
    It works on EOS and other chains.
    Scatter wallet is the EOS authenticator we recommend.
Other Authenticators:

Tools "Wallet"

Account Management sections of dApps and web sites are often called "wallets".
bloks.io calls it's services a "wallet", eostoolkit calls itself a "toolkit".

These Account Management "Wallets" currently provide more services than any authenticators.

Some good examples:
  • bloks.io
    bloks.io is a web site that provides a Block Explorer for the EOS Mainnet , "Wallet" account functions and more.
  • EOS Authority
    eosauthority.com is a wbesite that provides a wallet, block explorer and much more.
  • eostoolkit.io
    eostoolkit.io is a wbesite that provid es many tools to administer accounts including dApp staking and airgrabs.

For example in bloks.io/wallet:
In addition to the account "wallet" which shows your balance there is an additional "wallet" section which has a tools menu :
bloks.io/wallet
bloks.io/wallet
EOS account management
EOS accounts can be managed from
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.
apps and web sites.

Some
dApps
dApps are Decentralized Applications.
EOS dApps are the Applications that run on the EOS network.
You can see a lists of active dApps at:
dappradar.com
dapp.review
also have EOS account management.
Here is a picture of an EOS account information on
bloks.io
bloks.io is a web site that provides a Block Explorer for the EOS Mainnet , "Wallet" account functions and more.
:
EOS account information on bloks.io
EOS account information on bloks.io

The EOS tokens can be in several states: Total EOS Balance is your total quantity of EOS tokens.
Available shows your liquid balance; the amount you can move.
Refunding shows EOS currently being un-staked.
Staked shows the amount Staked to CPU NET or Others
REX shows your investment in the Resource Excahnge.
Remember EOS is DPOS. Delegated Proof of STAKE, not Delegated Proof of Token.

In order to have use the network or vote you must have EOS Staked.

1. STAKE You need to have EOS staked to use dApps or vote. Any wallet and most dApps allow you to Stake and Unstkake.


2. VOTE You can vote for up to 30 Block Producers. If you do not renew your vote every 7 days the effect will decay more over time. Recommended: You can use scatter to vote for a proxy and set the vote to be renewed every 7 days.


3. REX You can earn interest on your EOS by putting it in the
REX
REX allows you to lend EOS tokens and maintain ownership and voting rights.
so others can lease it.



Currently we need to manage our own resources; unstaking or staked CPU or NET and buying and selling RAM.

It is likely in the future that management of resources will be abstracted from users to various degrees.
For now you may need to occasionaly adjust your resource allocations if you run out of CPU, NET or RAM.

RAM
RAM is a resource which is purchased with EOS tokens.

You don't need to worry about it unless you max out your RAM. 1k surplus RAM is enough to cover several RAM consuming actions.
When you reach close to 100% RAM usage then actions which require RAM will not work. Buy more RAM in 1k increments.
You can see what is using up RAM using the RAM Usage tool from labs.dfuse.io on with the RAM Explorer in
bloks.io
bloks.io is a web site that provides a Block Explorer for the EOS Mainnet , "Wallet" account functions and more.

RAM Explorer on bloks.io
RAM Explorer on bloks.io

WARNINGS:
The RAM price can go up and down but speculation on RAM prices in not recommended.
The network will try to keep prices low so buying RAM with the goal of selling it at a high price is likely to fail.

Solutions will probably emerge assist with RAM management and to let you manage your RAM usage.

CPU and NET:
These are resources on the network. EOS is a utility token.
It is used to gain access to the EOS network.
This is done by STAKING EOS to get CPU and NET. How much CPU or NET you need depends on your actions. In general 0.1 NET seems to be fine for everything and 1 EOS on CPU sill allow you to perform basic actions.
In the image gaingang.e has 4.2 EOS staked as CPU and this gets us 557.3ms of CPU usage. The amount of CPU time you get changes depending on the use of the EOS network.

View a live and historic graph of CPU available on the netowrk using EOS Titan Labs
🏭 STAKE

EOS is a DPoS system

DPoS = Delegated Proof of Stake


There are around a billion EOS tokens. These EOS tokens are only being used when they are STAKED on the network.

You can "STAKE" EOS from any
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.
s and most
dApps
dApps are Decentralized Applications.
EOS dApps are the Applications that run on the EOS network.
You can see a lists of active dApps at:
dappradar.com
dapp.review
.
When you stake you get
Resources
In EOS Resources refer to RAM, CPU or NET. RAM is bought and sold. CPU and NET are gained by staking EOS.
Some actions like claiming airdrops use RAM. Transferring tokens use CPU. The amount of CPU taken for a transaction is fixed but the CPU you get for your staked EOS depends on how busy the network is.
as CPU or NET.

Your voting power is how much you have staked.
It takes 72 hours to unstake EOS.

EOS can be staked to any any account.
This means you can stake EOS to someone else and still maintain ownership.

"Staking is the new Mining"


The
REX
REX allows you to lend EOS tokens and maintain ownership and voting rights.
allows you to profit by a small percentage lending out your staked EOS.

If you need staked resources someone with a lot of more staked resources than they need can easily stake some of there resources to you.

There are other staking or staking-like resources:

stakemine.io allow you to get dividends for staking CPU or NET to a project.

chintai.io is a loaning platform so you give out your EOS and get it back after some time.
Here is a video on using stakemine from March 19th 2019. Earn EOS Tokens From Staking EOS by Hodl EOS.
If you are just holding EOS and not using it you will only need to stake about 2 EOS as CPU and 0.2 EOS as NET. If you are doing many transactions in a short space of time or the network is very busy you may need more resources.
🗳 VOTE
You must have EOS tokens
Stake
Stake tokens to lock them up. When staked they cannot be moved. To move the tokens they will need to be unstaked.
Often staked tokens receive dividends, aka passive income.
There are often wait periods like 24 hours or 3 days to unstake tokens this can help protect tokens from being stolen if an account is compromised.
d to vote.
Votes count for Block Producers and Referendums:

Block Producers
Votes decide which 21
BP
A Block Producer. One of the producers of blocks that make up the blockchain of the EOS network.
s run the EOS network. You can choose up to 30 to vote for yourself.

Referendum
Referendums are proposals for changes to the network. Anyone can propose a change.
If a referendum proposal receives enough votes the Block Producers will enact the approved changes.

Researching and keeping up to date with BPs and referendums can be complicated and time consuming.

Voter Proxies

You can vote for a proxy that will select 30 BPs and referendums for you.

You can research BPs and proxies at alohaeos.com
Smart proxies can assign votes to more than 30 BPs using a contract to periodicaly changing their vote allocations.

Vote for ggvoterproxy using any number of
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.
s.

If you do not renew your vote every 7 days the effect will start to decay slightly over time.

RECOMMENDED - Use a proxy like ggvoterproxy to avoid vote decay!
You can use Scatter to vote for any proxy and set the vote to be automaticaly renewed every 7 days to avoid vote decay.
Using Scatter to Vote for ggvoterproxy.
Using Scatter to Vote for ggvoterproxy.
🦕 REX
Accounts require only a small amount of
Stake
Stake tokens to lock them up. When staked they cannot be moved. To move the tokens they will need to be unstaked.
Often staked tokens receive dividends, aka passive income.
There are often wait periods like 24 hours or 3 days to unstake tokens this can help protect tokens from being stolen if an account is compromised.
d EOS to perform actions the remainder can be lent out because you are not using it.

REX is the EOS Resource EXchange.

The
REX
REX allows you to lend EOS tokens and maintain ownership and voting rights.
allows you to profit by a small percentage for allowing others to use your staked EOS.
Others can lease these resources from REX at 30 day intervals.

REX allows you to lend staked EOS and maintain ownership and voting rights.
The EOS value of your REX balance is included in your account balance along with liquid and staked EOS.

The REX token:

When you put EOS into REX you buy REX token with EOS value.


How to use REX:

Use any
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.
to move EOS into REX.
These sites explain and allow you to buy REX:
eosauthority.com has a good interface. eosrex.io was set up by the community. and newdex.io is a
DEX
Decentralized EXchanges like BitShares are much more secure than regular exchanges. BitShares, for example, has never been hacked.
that allows you to buy REX.


To put EOS into REX it must be staked and you must vote.
Some wallets may stake and vote for their own proxy when you buy REX.

Please make sure you choose the proxy to vote for.

  1. Stake your EOS and Vote for a proxy.
  2. Buy REX and receive REX tokens.
  3. REX tokens will be locked up for 5 days to "mature".
  4. When your REX is matured you can sell it back into EOS or put it into SAVINGS.

(Optional) Stake your REX in SAVINGS.

To protect your REX tokens from being moved if your account is compromised you can
Stake
Stake tokens to lock them up. When staked they cannot be moved. To move the tokens they will need to be unstaked.
Often staked tokens receive dividends, aka passive income.
There are often wait periods like 24 hours or 3 days to unstake tokens this can help protect tokens from being stolen if an account is compromised.
your REX tokens into a savings account.
It takes 4 days to unstake the REX. This allows time to regain control over an account using an owner key.

The value of the REX in EOS can only go up. You cannot lose your EOS.

You can see the value in any EOS
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.
.
Sell REX tokens back for EOS at any time when they are matured and unstaked.

chintai.io allows you to do a lend or borrow at a fixed percentage for 7, 14 or 28 days.
$ TOKENS
You can find a list of EOS tokens and their related contracts at:
eosgo.io
bloks.io/tokens


You can trade EOS tokens at:
newdex.io
dexeos.io

The important token info is Market Cap, Volume (24h), Circulating Supply, Max Supply and Top Holders. Some tokens can be
Stake
Stake tokens to lock them up. When staked they cannot be moved. To move the tokens they will need to be unstaked.
Often staked tokens receive dividends, aka passive income.
There are often wait periods like 24 hours or 3 days to unstake tokens this can help protect tokens from being stolen if an account is compromised.
d.
Some tokens use the eosio.token contract and are as reliable as the main EOS token.



The EOS Token

The EOS token is a utility token that can be staked for
Resources
In EOS Resources refer to RAM, CPU or NET. RAM is bought and sold. CPU and NET are gained by staking EOS.
Some actions like claiming airdrops use RAM. Transferring tokens use CPU. The amount of CPU taken for a transaction is fixed but the CPU you get for your staked EOS depends on how busy the network is.
.
The EOS token also used for account creation on the EOS platform which runs the eos.io software.

Resources
In EOS Resources refer to RAM, CPU or NET. RAM is bought and sold. CPU and NET are gained by staking EOS.
Some actions like claiming airdrops use RAM. Transferring tokens use CPU. The amount of CPU taken for a transaction is fixed but the CPU you get for your staked EOS depends on how busy the network is.
are used to run
dApps
dApps are Decentralized Applications.
EOS dApps are the Applications that run on the EOS network.
You can see a lists of active dApps at:
dappradar.com
dapp.review
and to vote.
The EOS token is used to
Stake
Stake tokens to lock them up. When staked they cannot be moved. To move the tokens they will need to be unstaked.
Often staked tokens receive dividends, aka passive income.
There are often wait periods like 24 hours or 3 days to unstake tokens this can help protect tokens from being stolen if an account is compromised.
and vote.

The main EOS token uses the eosio.token contract.

Other Tokens and Contracts

Anyone can issue a token with their own contract.

Tokens other than the main EOS token can use the eosio contract.

Most tokens use their own custom contract.
The contract name is always listed with the token name in every
Block Explorer
A Block Explorer is a viewer information on a blockchain. There are many EOS block explorers:
bloks.io is a block explorer that features wallet and DEX functionality.
eosauthority.com is a website that provides a wallet, block explorer and much more.
eosflare.io is just a block explorer.


WARNINGS:
  • Many tokens can have the same name. Always check the contract name for the token is correct.
  • The contract owner can change, move or destory your tokens.
  • You can only trust tokens as much as you trust the owners of the token contract.

Cryptolions is creating a simple assets multi-sig to solve the problem of token trust.

Video describing Token Contracts from EOS Weekly :
Token Contract Security Risks (13:32)
CONTRACTS

dApps & Smart Contract

Contract actions (a.k.a. Smart Contract) are the code that run on EOS.

dApps
dApps are Decentralized Applications.
EOS dApps are the Applications that run on the EOS network.
You can see a lists of active dApps at:
dappradar.com
dapp.review
are applications that use contract actions.

Resources
In EOS Resources refer to RAM, CPU or NET. RAM is bought and sold. CPU and NET are gained by staking EOS.
Some actions like claiming airdrops use RAM. Transferring tokens use CPU. The amount of CPU taken for a transaction is fixed but the CPU you get for your staked EOS depends on how busy the network is.
are used to run
dApps
dApps are Decentralized Applications.
EOS dApps are the Applications that run on the EOS network.
You can see a lists of active dApps at:
dappradar.com
dapp.review
and to vote.

EOS uses the eosio contract.
The EOSIO contract is controlled by the elected
BP
A Block Producer. One of the producers of blocks that make up the blockchain of the EOS network.
.

Contracts

Any EOS account can set up it's own contracts.
Contracts provide actions and can issue custom tokens.


Contract Actions are listed on accounts in every
Block Explorer
A Block Explorer is a viewer information on a blockchain. There are many EOS block explorers:
bloks.io is a block explorer that features wallet and DEX functionality.
eosauthority.com is a website that provides a wallet, block explorer and much more.
eosflare.io is just a block explorer.



When you use a contract action you will perform a transaction.
The eosio Contract

eosio Contracts

The eosio contracts control the EOS mainnet.

Instead of having one manager there are 21 elected
BP
A Block Producer. One of the producers of blocks that make up the blockchain of the EOS network.
s voted for by EOS token holders.

The voting determines which BP accounts are given authority to administer the main eosio contracts. The EOS token contract is called eosio.token. The permissions for this account are set to the BPs listed on eosio.prods.

The permissions show us that:
  • 15 BPs must sign for an active permission action.
  • 11 BPs must sign to run a major permission action.
  • 8 BPs must sign to run a minor permission action.
The 21 BPs on the eosio.prods account are listed on every
Block Explorer
A Block Explorer is a viewer information on a blockchain. There are many EOS block explorers:
bloks.io is a block explorer that features wallet and DEX functionality.
eosauthority.com is a website that provides a wallet, block explorer and much more.
eosflare.io is just a block explorer.
:
The active EOS BPs listed on bloks.io
The active EOS BPs listed on bloks.io

The number 15 next to the lock symbol for active permission indicates that 15 out of 21 BPs listed must sign a transaction in order to complete it.

🔓KEYS or NO KEYS?

The Importance of Keys:

Crypto is said to be owned by you only if you have your own damn keys.

People talking about "having coins in a wallet" or owning a wallet. In reality all you have is your keys.

Keys are the highest.

An analogy with physical gold:
Having physical gold in your hands is like having your own
Private Key
The private key is a type of “password” that matches the public key.
The only part of the PUBLIC / PRIVATE key pair you need to keep safe is the PRIVATE key.
s.
In the same way that when you hold physical gold only you can touch it. Keeping the keys safe means only you can access your
Crypto
Usually refers to crypto-currency as a topic or your holdings of crypto-currency.
The root word means "hidden".
It can be short for Cryptography, Cryptographic, a Crypto-Currency or Crypto-Asset.
.

Owning gold on an exchange, is like owning crypto on an exchange. The exchange is saying they are holding your crypto or gold.

EOS is a token of ownership in a shared de-centralized computer system; it is ownership of a utlity .

It is important to understand that EOS is a utility token that can be
Stake
Stake tokens to lock them up. When staked they cannot be moved. To move the tokens they will need to be unstaked.
Often staked tokens receive dividends, aka passive income.
There are often wait periods like 24 hours or 3 days to unstake tokens this can help protect tokens from being stolen if an account is compromised.
d.


Having the keys to your a utility means you can use it or say who can use it.


Not using Keys:


You can hold EOS without managing keys by :
  • Hold EOS on an exchange.
    Downsides to keeping EOS on an exchanges:
    • You may miss out on airdrops.
    • You will miss out on passive income from
      REX
      REX allows you to lend EOS tokens and maintain ownership and voting rights.
      .
    • The EOS cannot be used in
      dApps
      dApps are Decentralized Applications.
      EOS dApps are the Applications that run on the EOS network.
      You can see a lists of active dApps at:
      dappradar.com
      dapp.review
      .
    • Centralized exchanges get hacked or otherwise loose funds.
    Centralized Exchanges are often not secure, use a
    DEX
    Decentralized EXchanges like BitShares are much more secure than regular exchanges. BitShares, for example, has never been hacked.
    (De-Centralized Exchange) like BitShares that has never been hacked.

  • Let a wallet solution handle it.
    A software
    Authenticator
    Authenticators are the programs that allow you to authenticate a transaction. For example to authorize an account to send funds you will need an authenticator with the appropriate private key for the account.
    Authenticators are often provided as "wallets".
    wallet will store your keys, encrypt them and allow you to take backups.

    You will need a
    Cold Wallet
    A Cold Wallet allows you to keep your keys cold by signing transactions offline. See more on the sections on Cold Wallets.
    to get the extra protection of
    Cold Owner Keys
    Cold Keys that are set to a users owner permission.
    if you want to avoid managing your own keys.


  • Use a multi-sig group security solution.
    Multi-sig can offer incredible protection and convenience.
    There are too many ways this can be used so here is just one:
    A user can have keys in a wallet set up by a dApp and if they lose them a multi-signature group can simple reasign new keys and asign them to the user through a dApp.


In the future more solutions will emerge that will allow you to have secure EOS accounts without ever learning about PUBLIC/PRIVATE KEY PAIRS.


🔑 PUBLIC/PRIVATE KEYS
Many don’t know, and it is relatively complicated to fully explain.

A password is a key.
A normal 1 key password uses
Symmetric-Key Cryptography
Symmetric-Key Cryptography uses the same password to encrypt and decrypt data.
:

[orignal data] ---> PASSWORD 🔑 encrypt ---> [encrypted data] ---> PASSWORD 🔑 decrypt ---> [orignal data]


Asymmetric Cryptography
Asymmetric Cryptography is another name for Public-key cryptography. more info and descriptive images @ wikipedia : Public-key_cryptography
uses 2 keys to encrypt and decrypt:

[orignal data] ---> PUBLIC 🔑 ---> [encrypted data] ---> PRIVATE 🔑 ---> [orignal data]


Private Key:
The PRIVATE KEY is your “password”.

Public Key:
The PUBLIC KEY allows you to set the password (private key) without ever revealing your password.
The PUBLIC KEY is not secret.

The existing public keys are visible to everyone on the blockchain. They are listed under permissions on
bloks.io
bloks.io is a web site that provides a Block Explorer for the EOS Mainnet , "Wallet" account functions and more.


Example of a real EOS key pair


Below are keys i generated using an EOS Key Generator to use as an example:

Private key: 5JS7FAreLxFxCV5qLMHMJCqYGFPJznM2xJJPiHGLxNPu2rRWHMb
Public key: EOS88Y6zYLd7a5eRy3YPrekRtMbbsdYwPRDChQYHD41U4usHXT28w

Let’s take a look at each part of the key pair:

PRIVATE KEY


Private key: 5JS7FAreLxFxCV5qLMHMJCqYGFPJznM2xJJPiHGLxNPu2rRWHMb
The ONLY ONE of the pair you NEED is the PRIVATE KEY.
The PRIVATE KEY is your PASSWORD and needs to be kept secret.

PUBLIC KEY

Always begins with EOS
Public key: EOS88Y6zYLd7a5eRy3YPrekRtMbbsdYwPRDChQYHD41U4usHXT28w

The PUBLIC KEY part allows anyone (including the block chain) to validate the private key part ( the password part ).
The PUBLIC KEY is NOT a PASSWORD, it is more like a lock than a key to be honest.

Many blockchains like BTC, ETH and LTC use the public address as the account name.

On these chains there is no way to change the private key.
Therefore in the event that the private key (password) is stolen or lost it cannot be changed.


EOS allows you to change your keys.

EOS also has an advanced permission system. Permissions can allow users to be protected again lost or stollen keys and even avoid dealing with keys altogether.



EOS keys use Elliptic-curve_cryptography (ECC)
https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
the Elliptic curve cryptography functions: Private Key, Public Key, Signature, AES, Encryption, Decryption are available at: https://github.com/EOSIO/eosjs-ecc
🧮 How to Generate Keys
There are many key generator available some are listed here:
eosauthority Blog : How to generate EOS private and public key pairs

The official eosio generator code for keys is here: https://github.com/EOSIO/eosjs-ecc

Video Guides:
Video describing Changing Your Keys from Cypherglass :
How to Change Your EOS Keys (EOS Security Tutorial) (3:53)

Scatter
Scatter is a multi-chain wallet. get-scatter.com.
It works on EOS and other chains.
Scatter wallet is the EOS authenticator we recommend.

Any wallet will generate keys that are fine for use as
Hot Keys
Keys that have ever been on any computer which is then connected to the internet.
.
Scatter will guide you through the process. It has a button called "Add Keys". The Scatter vault keeps your private keys and you can recover them by selecting EXPORT.
Scatter provides key generation and management.
Scatter provides key generation and management.

Cold Key
Cold Keys are a key pair where the private key has not been used online.
If the private key is used and the account is accessed the keys are “HOT”.
To make an account use cold keys change the keys to the newly generated offline keys using the PUBLIC key of the new key pair. This method has most of the same advantages as a cold wallet system.
s

eospaperwallet.org is a web page you can download and run offline.

eospaperwallet is the simplest to run an any device that can run a web browser.
make sure you have the correct web site and then download
1. Download / Save the web page as an html file : e.g. "EOS Paper Wallet.html".
2. Copy that file onto an offline computer.
3. Run the file in a web browser on the offline computer and generate your offline keys.
A picture of the eospaperwallet.org web page.
A picture of the eospaperwallet.org web page.

More examples of key generation here:
eosauthority.com blog : How to generate EOS private and public key pairs

Validate Keys

eoskey.io provides a GUI for offline key generation on mac/windows/linux

eoskeyio has the advantage that is will validate the public private key pair. This means you can confirm the keys will work before using them.
You can also input a private key and it will generate the matching public key.
eoskeyio provides offline key validation.
eoskeyio provides offline key validation.


❄️ Cold Keys
These keys are created on an offline computer and then deleted before it is put online again.

This provides some level of security, however if spyware is on the machine while it creates keys then it can still steal your data.
The private key could have been recorded before it was deleted and then sent to an attacker when online.

You can either:
  • Use a computer you keep permanently offline.
  • Connect a drive with an OS that will never be used online after key generation.


This means you can use an old phone or laptop, you can use almost any computer or bootable drive.
A Raspberry Pi works well with the OS on an SD card. After the key is created the SD card, USB drive or HDD can be removed or wiped.

Recommended:


Download eospaperwallet.org and eoshandbook.org. These are both web pages you can download and run offline on any computer than can run a web broswer.

1. Use on offline computer to make as many key pairs as you need.
Create backups and keep the copies safe.

2. Copy only the
Public Key
The PUBLIC KEY is visible to everyone on the blockchain. It is not secret.
It does not matter if you lose the PUBLIC KEY. It can be generated again from the PRIVATE key if you lose it.
The PUBLIC KEY validates the PRIVATE KEY.
The PUBLIC key is used to set a new key as a permission on an EOS account.
on to your online computer.

3. Set your Owner Permission to the newly created public key.
RECOMMENDED:
Create many keys at one time and keep the list of public keys on your computer.

This is so you can apply a new public key anytime without generaing more keys.

Remember to keep the PRIVATE KEYS safe.
e.g. backed up, offline and encrypted. When the
Cold Key
Cold Keys are a key pair where the private key has not been used online.
If the private key is used and the account is accessed the keys are “HOT”.
To make an account use cold keys change the keys to the newly generated offline keys using the PUBLIC key of the new key pair. This method has most of the same advantages as a cold wallet system.
s are used online they become a
Hot Keys
Keys that have ever been on any computer which is then connected to the internet.
.
A
Cold Wallet
A Cold Wallet allows you to keep your keys cold by signing transactions offline. See more on the sections on Cold Wallets.
allows you to use cold keys and for them to remain cold.
Instead of a cold wallet you could assign new cold keys each time you use them.

Correct use of multi-sig may alleviate the need for a cold wallet or cold keys:
❄️ Cold Wallet
Using a Cold Wallet means An offline computer signs your transactions with an offline/cold key.

Setting up and using a cold wallet can be complicated.

One simple solution called Ducatur ColdCrypto Wallet is being developed for iOS by Ducatur

How does a Cold Wallet work?
First an online computer creates an unsigned transaction that will expire after a period if not signed. The unsigned transaction file is passed to the offline ( or AIR GAPPED ) cold wallet computer. This wallet can sign transaction. The signed file is then passed back to the online computer, keeping the cold wallet offline.
Why bother?
Cold wallets are needed when using systems like BTC where the key can never be changed and is used as your account name.
EOS allows new cold keys to be applied at any time and has an advanced permissions system so you do not have just one unchangable key.


Example of voting with a cold wallet by eoscanada :
eoscanada : how to use eosc as a cold wallet with offline signing

Video of setting up a cold wallet with Greymass EOS Voter by eosDAC :
2019-03-15 Change your EOS account owner permission key using an offline computer
🛡 GG SECURE

Backup 🔑🔑🔑


To avoid loss:
Keep multiple backup copies of your keys in multiple locations in case of fire or theft or other loss.

Provide other people with a way to get access to your accounts if you cannot. This group should never all be present in one place. If all the key holders are lost then the account can still be lost forever.

Multi-Sig
Multiple-Signature Permissions: Multiple accounts must agree/sign to confirm a transaction. For example. With multi-sig we could make an account where 5 users must agree in order to make any change. Or we could have system where if 3 out of 5 agree, then they can perform a transaction. helpdesk.eostoolkit articles : Multisig-Tutorial
allows for decentralized backup security to be implemented by adding EOS account names to permissons. Eliminating the need to exchange and store many keys.

Encrypt ⚿


To avoid theft:
Hardware Wallet
Never remember a password again... A "hardware wallet" is a "hardware authenticator". It holds your keys.
Blockchain as the Solution to the Insecurity of Passwords by block.one block.one News : Blockchain solution to the insecurity of passwords
- Tutorial on changing your EOS owner and active keys using Ledger Nano S:
s,
Scatter
Scatter is a multi-chain wallet. get-scatter.com.
It works on EOS and other chains.
Scatter wallet is the EOS authenticator we recommend.
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.
and other
Authenticator
Authenticators are the programs that allow you to authenticate a transaction. For example to authorize an account to send funds you will need an authenticator with the appropriate private key for the account.
Authenticators are often provided as "wallets".
s will keep your private keys encrypted.

If you are managing your own keys get them encrypted.
Encrypting the keys protects them from anyone who hacks your computer or gains local access to the machine.

Either use a long password that you keep very safe or use a long brain key. When using a brain key share it with someone you trust as a backup.
“Have a long pass key … “

“don’t make that shit easy like 123 ...”

crypto feez - crypto demons- feat eos san diego

Permissions, Staking and Alerts 🔐


For protection against hacked hot wallets:
EOS Authority
eosauthority.com is a wbesite that provides a wallet, block explorer and much more.
has a checklist that is can show you for your account at eosauthority.com/dashboard:
Show Security Level on an account:
Show Security Level on an account:

  • Use seperate Owner and Active keys.
  • Stake your EOS.
  • Set up an alert on your accounts using eosauthority
    eosauthority.com/alerts

Set your permissions and alerts correctly and your staked tokens will be protected if your computer is hacked and someone gains access to your account.
🗂 PERMISSIONS
Use permissions to hold an offline owner key:

So if any un-authorized activity occurs using the active permission we can use the owner permission authority to regain control before any tokens are unstaked and taken.


It is easy to make new accounts with different levels of security using permissions.



🏭 STAKE

Stake your tokens to lock them up. This gives a cooldown period allowing you to regain control of your account.
GG COLD SECURE :

COLD KEYS or COLD WALLET are recommended for large account.
To use an account with only offline keys you would need to use a
Cold Wallet
A Cold Wallet allows you to keep your keys cold by signing transactions offline. See more on the sections on Cold Wallets.
.
You can create keys offline to create Cold Keys.

Cold keys are by their nature are safe from online attacks.
Owner keys (keys used for owner permission on an account) do not need to be in a wallet and should always be kept cold (offline).


GG GANG SECURE : using MULTI-SIG PERMISSIONS
The awesome power of a decentralized network can be realized.
Create group permissions that make accounts resistant to lost/stolen keys as long as some of a group still have their keys.



🗂 What are Permissions?

Permissions
Declare who has access to an account. Permissions can be set to public keys or to EOS usernames.
can be set to
Public Key
The PUBLIC KEY is visible to everyone on the blockchain. It is not secret.
It does not matter if you lose the PUBLIC KEY. It can be generated again from the PRIVATE key if you lose it.
The PUBLIC KEY validates the PRIVATE KEY.
The PUBLIC key is used to set a new key as a permission on an EOS account.
s or
EOS Usernames
Anyone on the EOS network can make a new 12 letter EOS Usernames made up of letter a-z and numbers 1-5.
Use eosnameservice.io to create a short accont name.
EOS runs a Name Bids auction for short account names.


OWNER PERMISSION – allows anything INCLUDING changing owner permissions.

ACTIVE PERMISSION – allows anything EXCEPT change the owner permissions.


The permissions on an EOS account are shown in any block explorer like bloks.io:
bloks.io showing owner and active permissions
bloks.io showing owner and active permissions

Genesis Account
An EOS account that was created on the EOS Mainnet at launch in June 2018.
s start with only ONE key for both OWNER and ACTIVE permissions.

BTC, ETH & LTC use
Public Key
The PUBLIC KEY is visible to everyone on the blockchain. It is not secret.
It does not matter if you lose the PUBLIC KEY. It can be generated again from the PRIVATE key if you lose it.
The PUBLIC KEY validates the PRIVATE KEY.
The PUBLIC key is used to set a new key as a permission on an EOS account.
s as the account name.

With BTC, ETH & LTC you only have one permanent
Private Key
The private key is a type of “password” that matches the public key.
The only part of the PUBLIC / PRIVATE key pair you need to keep safe is the PRIVATE key.
that can never be changed.
This unfortunate situation forces a user to chose either:
  • Run the high risk of using
    Hot Keys
    Keys that have ever been on any computer which is then connected to the internet.
    in a
    Hot Wallet
    A crypto-currency wallet that is connected to the internet.
    .
  • Buy a popular
    Hardware Wallet
    Never remember a password again... A "hardware wallet" is a "hardware authenticator". It holds your keys.
    Blockchain as the Solution to the Insecurity of Passwords by block.one block.one News : Blockchain solution to the insecurity of passwords
    - Tutorial on changing your EOS owner and active keys using Ledger Nano S:
    Solution and run the risk of exploits being discovered in that specific security solution.
  • Use a complicated, expensive and cumbersome
    Cold Wallet
    A Cold Wallet allows you to keep your keys cold by signing transactions offline. See more on the sections on Cold Wallets.
    solution.
EOS Usernames
Anyone on the EOS network can make a new 12 letter EOS Usernames made up of letter a-z and numbers 1-5.
Use eosnameservice.io to create a short accont name.
EOS runs a Name Bids auction for short account names.
allow for a permanent address to exist irrespective of the associated public key.

Having
Cold Owner Keys
Cold Keys that are set to a users owner permission.
in combination with
Stake
Stake tokens to lock them up. When staked they cannot be moved. To move the tokens they will need to be unstaked.
Often staked tokens receive dividends, aka passive income.
There are often wait periods like 24 hours or 3 days to unstake tokens this can help protect tokens from being stolen if an account is compromised.
d tokens is a free solution allows for similar advantages to a
Cold Wallet
A Cold Wallet allows you to keep your keys cold by signing transactions offline. See more on the sections on Cold Wallets.
.

If the
Active Key
A key that is set as the active permission on an EOS account.
is compromised we can use the secure owner key to change the keys and take back control over an account.



Other levels of permissions can be added in addition to active and owner seen above.
🔏 Set Permissions

Permissions
Declare who has access to an account. Permissions can be set to public keys or to EOS usernames.
can be set to
Public Key
The PUBLIC KEY is visible to everyone on the blockchain. It is not secret.
It does not matter if you lose the PUBLIC KEY. It can be generated again from the PRIVATE key if you lose it.
The PUBLIC KEY validates the PRIVATE KEY.
The PUBLIC key is used to set a new key as a permission on an EOS account.
s or
EOS Usernames
Anyone on the EOS network can make a new 12 letter EOS Usernames made up of letter a-z and numbers 1-5.
Use eosnameservice.io to create a short accont name.
EOS runs a Name Bids auction for short account names.


Cold Key
Cold Keys are a key pair where the private key has not been used online.
If the private key is used and the account is accessed the keys are “HOT”.
To make an account use cold keys change the keys to the newly generated offline keys using the PUBLIC key of the new key pair. This method has most of the same advantages as a cold wallet system.
s must be generated using an offline computer and kept offline.
HOT keys can be generated on any machine.



Scatter
Scatter is a multi-chain wallet. get-scatter.com.
It works on EOS and other chains.
Scatter wallet is the EOS authenticator we recommend.
or
bloks.io
bloks.io is a web site that provides a Block Explorer for the EOS Mainnet , "Wallet" account functions and more.
can set the permissions to an existing eos username or a
Public Key
The PUBLIC KEY is visible to everyone on the blockchain. It is not secret.
It does not matter if you lose the PUBLIC KEY. It can be generated again from the PRIVATE key if you lose it.
The PUBLIC KEY validates the PRIVATE KEY.
The PUBLIC key is used to set a new key as a permission on an EOS account.
.
Change permissions using Scatter
Change permissions using Scatter
Scatter has documentaiton online on how to set a new key here:
https://support.get-scatter.com/article/80-updating-keys-for-permissions-using-scatter.

If using bloks.io or
eostoolkit.io
eostoolkit.io is a wbesite that provid es many tools to administer accounts including dApp staking and airgrabs.
make sure you have the correct permission selected for your account when you log in with scatter.
When changing the owner permission you must select the @owner account:
After changing the
Public Key
The PUBLIC KEY is visible to everyone on the blockchain. It is not secret.
It does not matter if you lose the PUBLIC KEY. It can be generated again from the PRIVATE key if you lose it.
The PUBLIC KEY validates the PRIVATE KEY.
The PUBLIC key is used to set a new key as a permission on an EOS account.
in permissions, the matching
Private Key
The private key is a type of “password” that matches the public key.
The only part of the PUBLIC / PRIVATE key pair you need to keep safe is the PRIVATE key.
can be used to access the account.



🔐 OWNER and ACTIVE Keys
Owner and Active Keys are keys set to Owner and Active
Permissions
Declare who has access to an account. Permissions can be set to public keys or to EOS usernames.
.

There are many reasons why it can be usefull to have 2 key pairs.
An effective use of seperate OWNER and ACTIVE
Permissions
Declare who has access to an account. Permissions can be set to public keys or to EOS usernames.
is to use
Cold Owner Keys
Cold Keys that are set to a users owner permission.
:


COLD OWNER KEY

A
Cold Key
Cold Keys are a key pair where the private key has not been used online.
If the private key is used and the account is accessed the keys are “HOT”.
To make an account use cold keys change the keys to the newly generated offline keys using the PUBLIC key of the new key pair. This method has most of the same advantages as a cold wallet system.
used as
Owner Permission
The Owner Permission declares who has permission to change the owner permissions on an account.
.
A backup key created offline that should not be used.

HOT ACTIVE KEY

The key you use in your wallet.


Genesis Account
An EOS account that was created on the EOS Mainnet at launch in June 2018.
s and most newly created accounts use only one key for both owner and active permissions.

We can keep this existing key as the active key and create one new key pair to use as the new owner permission.

To benefit from a seperate cold owner key:
  1. Generate a new cold
    Key Pair
    Crypto accounts require a "cryptographic public/private key pair".
    Together the public and private key form the "Key Pair".

    The private key is the only critical part and can be used to generate the public key.
    .
  2. Change the
    Owner Permission
    The Owner Permission declares who has permission to change the owner permissions on an account.
    on your account to the newly generated
    Public Key
    The PUBLIC KEY is visible to everyone on the blockchain. It is not secret.
    It does not matter if you lose the PUBLIC KEY. It can be generated again from the PRIVATE key if you lose it.
    The PUBLIC KEY validates the PRIVATE KEY.
    The PUBLIC key is used to set a new key as a permission on an EOS account.
    .
  3. Stake all or most of your tokens. Only the liquid (un-staked) balance can be taken if the account is hacked.
  4. Set up an alert on your accounts using eosauthority:
    eosauthority.com/alerts
If any un-authorized activity occurs we will be notified by the alerts. We can use the owner key to take back control over the account.

A system like
MFA / 2FA
Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two (2FA = 2 Factor Authentication) or more pieces of evidence. wikipedia : Multi-factor_authentication
, where you get sent a confirmation to another device before it is allowed to proceed, is possible with multi-signature permissons.
There is awesome power in EOS multi-sig permissions. It allows you to still be protected in the event of lost or stolen keys.


The Pairs of Pairs Name Problem
"Seperate owner and active keys" is not a good description.
Simply telling users to make 2 key pairs in not useful if they do not know what to do with them.
It must be explained that the second key is a backup key that should not be used.

Users have been confused by 2 key pairs:
  • Describing and understand having a pair of pairs.
  • The difference between owner and active keys
  • The difference between keys and permissions.
Easier language may emerge to describe this in the future.

I call a these "PAIR of PAIRS of Seperate owner and active key with a cold owner key" a pawapaw.
Short for:
" a PAir active keys With a seperate PAir of oWner keys"
which is itself short for:
" a PAir of a pair of active public and private keys With a seperate PAir of oWner public and private keys"


if "prickly pear" = a risky single key pair and
big "pawpaw" = a safe advanced permission solution with owner/active keys (pawapw). and
"claw" = hardware wallet
then this classic song makes perfect sense to explain things:
lyrics from "The Bare Necessities" song from "The Jungle Book"
*/ ?>
🧩 SECURITY using multi-sig.
MULTI-SIGNATURE group permissions are the most powerful solution to security.

Using multi-sig permissions allows you to apply several accounts or keys and apply a weighting. When implemented it can provide:
  • A complete solution to protect against lost or stolen keys.
  • MFA / 2FA
    Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two (2FA = 2 Factor Authentication) or more pieces of evidence. wikipedia : Multi-factor_authentication
    functionality.
  • much much more...
The permissions system that allows for multi-sig is integral to the way EOS works.

Video describing multi-sig from EOS Weekly :
The Cathedral & the EOS Bazaar (20:02)


Please first see how permissions work and the main eos.io contract before you continue.

BP
A Block Producer. One of the producers of blocks that make up the blockchain of the EOS network.
s that run the network are assigned using this multi-signature permissions system.
The votes of staked EOS decides the top 21 BPs which you can see on the eosio contract permissions.
multi-sig allows 15 of 21 to approve changes to the network.



"Can I have my cake? yeah I'm gonna eat it too, me and the ... crew" crypto feez - crypto demons- feat eos san diego
Here is an example of a very basic group security solution we use in our DAG (DECENTRALIZED AUTONOMOUS GANG).

An Example of multi-sig with ggvoterproxy:
ggvoterproxy EOS account permissions:
ggvoterproxy EOS account permissions:

  • A cold owner key with a weight of 2 out of 2 required.
  • 3 users with a weight of 1 so any 2 can make a change if they agree.
We are protected from :
  • Loss of the owner key OR Loss of access to all 3 user accounts.
  • Theft of 1 user account.
With this setup we can handle loss of a key or theft of one user account.
The active permissions are set to allow any admin memebrs to make changes on their own.
We will not be storing EOS in this account and if a change is made we will be alerted by eosauthority and can fix it Our main goal is to protect keep ownership of the account. To increase security we can add more users or improve the security of each of the user accounts used (gainang.e, cryptofeezgg, communitydev) can each have advanced multi-sig security solutions.

The current permissions do not protect us against theft of the owner key. Or theft of two EOS accounts.
An alternative beta setup could be :
  • A cold key with a weight of 2 out of 3 required.
  • 3 users with a weight of 1 so they can make changes even if the key is lost.
We would be protected from :
  • Theft or loss of the owner key.
  • Theft of 2 accounts as 3 are now required to make a change.
This setup has same protection against a lost keys or 2 lost user accounts as the setup above. The advantage of the beta is it protects against changes from anyone gaining access to the owner key or two accounts. The minor advantage of the alpha method is that we can still change permissions even if we lose access to all 3 user accounts listed.


The power of @eosio.code: contracts allow even more to be done.
Contracts will allow for extra authentication to take place on transactions of specific types.
For example you could link an account to a contract that checks the amount of a transaction and insists on a 2FA check before allowing the transaction.

These functions are essential for many people to effectively use a crypto account.
Most people want to be able to lose keys, endure thefts and still have a good level of protection.
Correct use of permission, multi-signatures and contracts on EOS can acheive this.

These systems require a number of people ( over 50% ? ) to be vigilant and protect there keys and passwords well.
The previous systems have required either 100% ( in the case of crypto or holding cash or holding gold ) or 0.01% ( in the case of banking ). Please do your part :)
Get on telegram to ask us your quesitons and we will update this section.
As autonomous individuals we can form Groups that allow us to provide solutions.

MORE COMING SOON....

The benefits of this system will be passed on to the users of EOS as time goes on.

Currently multi-signature permissions are not well supported. You can use them now with:
🚪How to get an EOS account.

To access your account you will need a
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.
:


+How to Create another EOS account.
Default EOS name creation is currently limited to 12 characters long.

eos-account-creator.com

has a very easy to use interface to create a new account.

eosnameservice.io can create accounts with a short name.

eosnameservice.io will create a new account with the same permissions as the account that created it.
After creation you can change the
Permissions
Declare who has access to an account. Permissions can be set to public keys or to EOS usernames.
.
There are instrucitons here if you would like to generate your own keys:

If you already have an EOS account you can create more accounts and transfer ownership easily to anyone.
You can use use many
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.
s such as
Scatter
Scatter is a multi-chain wallet. get-scatter.com.
It works on EOS and other chains.
Scatter wallet is the EOS authenticator we recommend.
to generate keys and create a new account.

Scatter can make the account and give permissions to an existing account or create new keys:
Making a new account with Scatter
Making a new account with Scatter

Scatter has documentaiton online on how to make a new account here:
scatter support article : 33-creating-an-eos-account.
⚿ Transferring ownership of an EOS account:
To transfer ownership of an account you need to change the permissions.

The new owner needs an EOS account or provide PUBLIC KEYS to set as the OWNER/ACTIVE permission.

If you do not have an EOS account you can create a new PUBLIC KEY to easily gain ownership of an account.

Use the PUBLIC keys to set the permission.
OR you can
Use an EOS account name if the new owner already has an account.

Example - Getting a friend an EOS account:
Bob has an EOS account and Sue does not.
Sue has no EOS and wants to purchase EOS or is being gifted some EOS from Bob.
Sue creates an owner and active key pair.
She gives Bob the two PUBLIC KEYS. The ACTIVE and OWNER public keys are safe to transmit anywhere.
Bob makes a new account or changes an existing account to have the new ACTIVE and OWNER public keys Sue has provided.


Example – Getting EOS off an exchange with the help of an existing EOS user:
Bob has an EOS account. Sue has some EOS on an exchange but no account.
Bob agrees to make Sue an account.
Sue makes a public/private key pair with https://eospaperwallet.org/ .
Sue sends Bob a telegram message with the PUBLIC KEY.
Then in either order:

Sue: transfers some EOS to Bob’s EOS account from an exchange to pay for the account creation.
Bob: sets the OWNER key for the account to the new key.
If both parties trust then either way is fine.
If Sue trusts Bob: she acts first, if Bob trusts Sue he can act first,
If there is no trust between Bob and Sue a third trusted party (Dave) can be used.

Dave can confirm he is holding the EOS before the account is created by Bob and then confirm Bob has transferred ownership to Sue before handing over the EOS cost for account creation.
📖 Glossary

Active Key
A key that is set as the active permission on an EOS account.
Active Permission
Declares who has permission to use the account. Restricted to performing actions and changing active permissions.
Only users with OWNER PERMISSION can change the owner permissions.
Air-Grab
An Air-Grab is a token distribution model where account holders must initiate a "claim" contract action in order to receive a share of the token distribution.
Air-Drop
An Air-Drop is a distribution of new tokens to existing EOS token holders. For example some tokens like BEAN were distributed 1:1 for EOS tokens held in genesis accounts.
Allegedly
Allegedly means none of this is true, it has only been alleged. None of it has been alleged by me, It has all been alleged by someone else. K and The Gain Gang take no responsibility for the accuracy of any alleged statements. Everything here is allegedly.
Asymmetric Cryptography
Asymmetric Cryptography is another name for Public-key cryptography. more info and descriptive images @ wikipedia : Public-key_cryptography
Authenticator
Authenticators are the programs that allow you to authenticate a transaction. For example to authorize an account to send funds you will need an authenticator with the appropriate private key for the account.
Authenticators are often provided as "wallets".
bloks.io
bloks.io is a web site that provides a Block Explorer for the EOS Mainnet , "Wallet" account functions and more.
Block Explorer
A Block Explorer is a viewer information on a blockchain. There are many EOS block explorers:
bloks.io is a block explorer that features wallet and DEX functionality.
eosauthority.com is a website that provides a wallet, block explorer and much more.
eosflare.io is just a block explorer.
BP
A Block Producer. One of the producers of blocks that make up the blockchain of the EOS network.
Brain key
Another name for a password you remember and so do not need to keep written down.
Chestahedron
The Chestahedron is the symbol for EOS:
It is the first heptahedron of this configuration in the history of geometry.
Created by Frank Chester
Claim
A Claim is a contract actions. It is used to get dividends or new tokens being dropped.
CLEOS
CLEOS stands for Command Line EOS. It is a command line wallet for use with EOS. It allows for the most advanced functionality or creating precise transaction commands. Also because it is a command line interface it can be used for running scheduled events , e.g. voting every 7 days to avoide vote decay.
eos.io cleos docs
Cold Key
Cold Keys are a key pair where the private key has not been used online.
If the private key is used and the account is accessed the keys are “HOT”.
To make an account use cold keys change the keys to the newly generated offline keys using the PUBLIC key of the new key pair. This method has most of the same advantages as a cold wallet system.
Cold Owner Keys
Cold Keys that are set to a users owner permission.
Cold Wallet
A Cold Wallet allows you to keep your keys cold by signing transactions offline. See more on the sections on Cold Wallets.
Crypto
Usually refers to crypto-currency as a topic or your holdings of crypto-currency.
The root word means "hidden".
It can be short for Cryptography, Cryptographic, a Crypto-Currency or Crypto-Asset.
Cryptography
There are many kinds of cryptography.
wikipedia : Cryptography: "the practice and study of techniques for secure communication in the presence of third parties"
The Cryptography we are concerned with here is one that uses PUBLIC/PRIVATE KEY PAIRS.
Cryptographic Algorithms
The one way cryptographic algorithms are mathematical functions that gives us different types of PRIVATE/PUBLIC key pairs. They are based on complex mathematics few understand.
crypto-currency
Short for Cryptographic Currency.
The kind of Cryptography we are concerned with is one that uses PRIVATE KEYS.
The one way cryptographic algorithms that gives us PRIVATE/PUBLIC key pairs are based on complex mathematics few understand.
DAC
Decentralized Autonomous Collective or Decentralized Autonomous Community or Decentralized Autonomous Corporation
DAG
Decentralized Autonomous Governments or Decentralized Autonomous Gangs like the GainGang.
dApps
dApps are Decentralized Applications.
EOS dApps are the Applications that run on the EOS network.
You can see a lists of active dApps at:
dappradar.com
dapp.review
Decentralized
One central point of authority in a system makes it 100% centralized. Two centers of authorities in a system makes it twice as decentralized.
DEX
Decentralized EXchanges like BitShares are much more secure than regular exchanges. BitShares, for example, has never been hacked.
eos.io
github.com/EOSIO is the open source software that runs the eos blockchain.
EOS Authority
eosauthority.com is a wbesite that provides a wallet, block explorer and much more.
EOS Usernames
Anyone on the EOS network can make a new 12 letter EOS Usernames made up of letter a-z and numbers 1-5.
Use eosnameservice.io to create a short accont name.
EOS runs a Name Bids auction for short account names.
eostoolkit.io
eostoolkit.io is a wbesite that provid es many tools to administer accounts including dApp staking and airgrabs.
Gang
A gang is a group of people, the same as a community. Corporations, countries and companies are all gangs.
Genesis Account
An EOS account that was created on the EOS Mainnet at launch in June 2018.
Google Play credit
A lucrative scam where google makes 30% of all transactions. Google play is one of the worst ways to pay for anything and the most popular service in the world for money laundering. Allegedly.
Hardware Wallet
Never remember a password again... A "hardware wallet" is a "hardware authenticator". It holds your keys.
Blockchain as the Solution to the Insecurity of Passwords by block.one block.one News : Blockchain solution to the insecurity of passwords
- Tutorial on changing your EOS owner and active keys using Ledger Nano S:
Hot Keys
Keys that have ever been on any computer which is then connected to the internet.
Hot Wallet
A crypto-currency wallet that is connected to the internet.
Key Pair
Crypto accounts require a "cryptographic public/private key pair".
Together the public and private key form the "Key Pair".

The private key is the only critical part and can be used to generate the public key.
Keys
Your private keys you hold for your crypto accounts are commonly refered to as your " keys".
The only part of key pairs you NEED is your PRIVATE key because a public key can be regenerated from a private key if lost.
KYC
KYC = Know Your Customer
It means having confirmation of the identity of an account holder. Accounts on networks that require KYC are not anonymous.
MFA / 2FA
Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two (2FA = 2 Factor Authentication) or more pieces of evidence. wikipedia : Multi-factor_authentication
Multi-Sig
Multiple-Signature Permissions: Multiple accounts must agree/sign to confirm a transaction. For example. With multi-sig we could make an account where 5 users must agree in order to make any change. Or we could have system where if 3 out of 5 agree, then they can perform a transaction. helpdesk.eostoolkit articles : Multisig-Tutorial
Owner Key
A key that is set as the owner permission for an EOS account.
Owner Permission
The Owner Permission declares who has permission to change the owner permissions on an account.
Permissions
Declare who has access to an account. Permissions can be set to public keys or to EOS usernames.
Public Key
The PUBLIC KEY is visible to everyone on the blockchain. It is not secret.
It does not matter if you lose the PUBLIC KEY. It can be generated again from the PRIVATE key if you lose it.
The PUBLIC KEY validates the PRIVATE KEY.
The PUBLIC key is used to set a new key as a permission on an EOS account.
Private Key
The private key is a type of “password” that matches the public key.
The only part of the PUBLIC / PRIVATE key pair you need to keep safe is the PRIVATE key.
Resources
In EOS Resources refer to RAM, CPU or NET. RAM is bought and sold. CPU and NET are gained by staking EOS.
Some actions like claiming airdrops use RAM. Transferring tokens use CPU. The amount of CPU taken for a transaction is fixed but the CPU you get for your staked EOS depends on how busy the network is.
REX
REX allows you to lend EOS tokens and maintain ownership and voting rights.
Scatter
Scatter is a multi-chain wallet. get-scatter.com.
It works on EOS and other chains.
Scatter wallet is the EOS authenticator we recommend.
Side Chain
Side Chains are blockchains that run modiied version of the eos.io software
Sister Chain
Sister Chains are chains other than the EOS MAINNET that run the eos.io software.
Stake
Stake tokens to lock them up. When staked they cannot be moved. To move the tokens they will need to be unstaked.
Often staked tokens receive dividends, aka passive income.
There are often wait periods like 24 hours or 3 days to unstake tokens this can help protect tokens from being stolen if an account is compromised.
Symmetric-Key Cryptography
Symmetric-Key Cryptography uses the same password to encrypt and decrypt data.
Wallet
Crypto Wallets are not like physical wallets.
The term "Wallet" can have several different meanings. Things will be less confusing if we have different names for them.

1. Wallets that store your keys are called AUTHENTICATORS instead of wallets. e.g. hardware wallets.
2. Wallet that provide EOS account management in the form of apps and web sites.

For now EOS account managers appear to be called "wallets".
These account managers are not like the authenticator kind of wallet. For example a Hardware Wallet that acts as an "authenticator" and does not provide account management functions.