Because we’ve organized our permissions this way we can interact with the EOS blockchain in many ways relatively risk-free.

Creating Custom Permissions is Not Good UX

Creating a custom permission is relatively easy to do and is a great way to keep your account secure. If the custom permission’s private key is compromised, the attacker can only do whatever it is that the permission itself is authorized to do. While the benefits are great for an organization, this is a pain for the normal user because they can no longer seamlessly switch between applications without switching permissions as well. Who would want to do this for every dApp they interact with? No one, because it breaks UX.

This is not to mention the fact that many dApps hardcode the Active permission as the required permission to use their dApp. So, even if one creates a custom permission, the dApp will only accept Active anyway.

With the creation of a single permission, you will make your account safer and exponentially more difficult to become a victim.

Your EOS Account in Safe Mode

WARNING: Before you begin please understand that modifying permissions on your EOS account can have irreversibly negative results if done incorrectly. Please pay attention, write down keys, double-check everything.

We now understand that creating a custom permission to whitelist every action you want to do is not a good UX. What if, instead of creating a new permission that whitelists, we create a new permission that blacklists instead?

Synopsis

In short, we are going to create a sibling permission to Active using the owner permission and call it safemode . Then, we will linkauth undelegatebw to this new permission. This will make it impossible for your Active key to unstake your EOS. So long as your Owner and Active keys are different, even if you were to give away your Active key to an attacker they will not be able to unstake your EOS tokens and liquidate them. You can continue to add actions to this permission that you wish to blacklist from your Active key. This permission should then be stored in the same way that your Owner permission is stored, safely offline.

Steps:

Ensure Active and Owner keys are different from one another Use Owner Permission to create new child permission called safemode Reset Owner Permission and store offline (consider Owner key a single-use key for security reasons) linkauth undelegatebw to safemode Stake the amount of EOS you want “kept safe”, leaving some liquid in your account to enjoy as you see fit. Enjoy your new account in Safe Mode

Step 1: Ensure Active & Owner Keys Are Different

Please see this guide we created in order to safely manage your Owner and Active Keys. If your keys are already different then you’re all set to move on.

Step 2: Create Safemode Permission