Account Security Best Practices

Use Trusted Wallets

• Use wallets like Anchor, TokenPocket or Vaulta Wallet

• Always review transaction permissions before approving

Use Custom Permissions for dApps

• Avoid giving dApps your full active permission

• Use custom named permissions tied only to specific contracts and actions

• This limits the damage if a contract is compromised

Use Multi-Signature (Multisig) for High-Value Accounts

• For organizations or treasuries, require 2 or more keys to approve actions

• Use the eosio.msig contract for multi-sig governance

Audit Contract Authorizations

• Use block explorers like Unicove to view:

  • Which contracts have eosio.code permission

  • Which keys or contracts can act on your behalf

Keep owner Key Offline

• Generate and store your owner key cold (offline)—preferably on a hardware wallet or air-gapped device

• Only use it to:

  • Rotate keys

  • Recover access if your active key is compromised