search

Account Security Best Practices

hashtag
Use Trusted Wallets

  • Use wallets like Anchor, TokenPocket or Vaulta Wallet

  • Always review transaction permissions before approving

hashtag
Use Custom Permissions for dApps

  • Avoid giving dApps your full active permission

  • Use custom named permissions tied only to specific contracts and actions

  • This limits the damage if a contract is compromised

hashtag
Use Multi-Signature (Multisig) for High-Value Accounts

  • For organizations or treasuries, require 2 or more keys to approve actions

  • Use the eosio.msig contract for multi-sig governance

hashtag
Audit Contract Authorizations

  • Use block explorers like Unicovearrow-up-right to view:

    • Which contracts have eosio.code permission

    • Which keys or contracts can act on your behalf

hashtag
Keep owner Key Offline

  • Generate and store your owner key cold (offline)—preferably on a hardware wallet or air-gapped device

  • Only use it to:

    • Rotate keys

    • Recover access if your active key is compromised

PreviousCommon Scams to AvoidNextDisclaimer

Last updated