The blockchain is a promise of security, but history teaches that it is not something guaranteed and the danger to user funds can come from several sources, including one of the major weaknesses for the security of an account: private keys.
While Ethereum and Bitcoin don’t offer many possibilities, here’s how EOS aims to increase account security on their blockchain.
EOS and Ethereum are both smart contract platforms, but the first one has been advertised from the beginning as a blockchain focused on account safety which has a set of security measures that other blockchains do not possess.
Despite this, users are still exposed to risks, and with the arrival of new forks account security should be the real priority for every crypto holder.
Unlike EOS, Ethereum has only one private key and no additional security: once the private key is compromised, the funds are at risk.
If you have a key, you can consider yourself the owner of an account and therefore of what is contained in it.
Possession of an entry key should not automatically guarantee ownership of a house, which is why EOS implements a series of countermeasures to protect users’ property.
The security of EOS with multi-sig
Multi-sig is a well-known term in the blockchain world and it allows signing a transaction by multiple parties, which is often required with certain wallets, accounts and smart contracts. EOS allows assigning permissions to accounts that have a public and private key pair. Users also have an account name that consists of 12 characters.
Each EOS account, therefore, has two authorities: owner and active, where the first can give or take away permissions to other underlying authorities as if it were a parent-child relationship.
What EOS does differently is that an account name can be managed by a person or a group of people with a different permission level. Multi-sig, therefore, is very useful when you have to sign a large transaction for example.
So it is not only one person who does this, instead the action must be approved by several parties who have the same account.
This feature is very useful in escrow accounts where an account is used as an escrow deposit where the sender and recipient each have one of the public keys and a third party also has access to the account. This setting is useful, for example, in disputes or commercial contracts.
EOS has a staking system, which is a sort of deposit of tokens that cannot be moved and in order to use them you must first make them liquid.
To do so, you must first unstake them and this will make the EOS tokens liquid after 72 hours, so any hacker who gets access to an account will not be able to move the funds before that period. The owner, therefore, has the ability to change the permissions of his account by changing the active and owner private key.
The EOS Authority Block Producer has created a system of email and Telegram notifications for every account movement related to this service.
Many token owners have never logged in to their accounts and, even if they have, they have never changed the genesis keys, which is an identical pair of active and owner keys.
Sometimes it may be necessary to enter the private key to participate in the various token claims of the forks and to make sure that no one steals the funds it would be better to change the keys and preserve the original ones to be used during the claims. In this way, if you run into a scam, the hacker will have access to an empty account.
With the arrival of so many EOS sister chains, users will have the opportunity to get many free tokens, but account security remains a priority and each user should change the keys before making any claim.
In pursuit of the security of user ownership, Daniel Larimer, CTO of EOS, is working on a hardware wallet that will use Apple’s secure enclave, which involves biometric recognition and approval of transactions to make the funds hacker-proof.