Last week, I deployed an update to the Hive Recovery service. Hive Recovery is a service that runs continuously and on its own to help you secure and recover your account if it were to be compromised.
The latest wave of phishing currently raging and the growing number of accounts that have been hacked recently make the recovery process more than topical.
I recently had to provide assistance to users who wanted to change their recovery account. It allowed me to realize how the recovery procedure can seem complex for some. On the other hand, it's always a good thing to review your basics, the things that you (think you) have mastered and that seem obvious to you but not to others.
This previous update allowed me to dive back into the code and the associated process of recovering accounts and I realized that I was not fully satisfied with the proposed solution and that it could still be greatly improved, mainly at the user interface level. It also needed better edge cases and error handling and better feedback to users.
Therefore, I decided to go back to the drawing board and redesign it to transform what may seem complex for users to achieve into something simple and intuitive.
Introducing Hive Recovery v2.0
The new Hive Recovery web page has been radically simplified and now clearly reflects the 3 steps associated with the Hive account recovery process:
- You set @hive.recovery as your trusted account recovery partner.
- Should your account be compromised, you request @hive.recovery to initiate the recovery process
- Once @hive.recovery has done so, you confirm and finalize the process.
I will not provide you here with all the details regarding the use of this brand new recovery UI. It is available in the updated Hive Recovery User Guide. Better to avoid turning this post into a wall of text and pictures. Anyway, here are a few screenshots of the new user interface.
A quick overview of the recovery process
Navigate to https://tools.hivechain.app/recovery
The first thing to do is to enter your username (without the @) and hit enter or click on the account check button. If the account name is valid, the change recovery account button will light up and allow you to click on it.
Note: If you have already set @hive.recovery as your recovery account, the button will turn green. You can go to the next step or perform this step again if you want to change your recovery settings.
1. Changing your recovery account
After clicking on the "Change Recovery Account" button, the following form will be displayed:
Refer to the Hive Recovery User Guide for more information on how to fill the form and perform this step.
Once you have completed the first step, you will have to wait for 30 days before @hive.recovery actually becomes your recovery account.
2. Requesting for your recovery account
Should your account be compromised, head back to the Hive Recovery website and request @hive.recovery to initiate the recovery process. After validating your username, the first button should have turned to green (meaning @hive.recovery is now your recovery account) and the Request Recovery button should the page should be enabled
Once again, refer to the Hive Recovery User Guide for more information on how to fill the form and what will happen when you perform this step.
@hive.recovery will initiate the recovery process. If all of the information you provided is correct, it should automatically take place within a few minutes.
You now then have 24 hours to confirm the recovery of your account.
3. Confirming the recovery of your account.
This is the very last step. You are now in control to finalize the recovery process
After entering the required information and clicking on the confirmation button, the page will send a recovery confirmation to the blockchain, update your account keys and confirm that everything has gone well.
Hooray, you are done and you have recovered your account!
Please read the guide!
Check out the Hive Recovery User Guide for a complete and detailed description of the entire account recovery process.
The Hive Recovery User Guide also covers any questions you might have about security, privacy and how trusted it can be.
Check your Recovery Account before it's too late
As mentioned at the beginning of this post, I have been led on several occasions to assist users who have their accounts hacked and who wanted to recover them.
Unfortunately, some of them still had @steem as their recovery account or had chosen an account that is no longer active or that does not respond to their request. What a pity that we can no longer help them
Therefore, check your recovery account and change it if the current one is inappropriate.
It's been a lot of work to create and improve this service and make the recovery process as easy as possible for all non-tech-savvy users. It would be a shame not to take advantage of it.
Take care of your account!