Those of us that had EOS prior to launch of main-net and registered for the conversion from Ethereum based tokens to EOS tokens were given key pairs with the same active and owner keys for simplicity. This means if your Active Key was compromised you could not make the necessary adjustments to secure your tokens because the Owner Key is the same. Having separate keys for both is extremely important to ensure total control of your account.

Each EOS account has two permissions; an Active Key and an Owner Key.

The Active Key is utilized for everyday use. Think about having the ability to access your car on a daily basis, as you please. Only you have the physical key to access your car. However, if the physical key gets into the hands of someone else, they can now gain access to your vehicle.

The Owner Key allows you the ability to be your own locksmith. If your Active Key (for purposes of our example; the car key) is compromised then you have the ability to change the locks to your vehicle so that the compromised key that someone else has gained access to no longer works with the car.

This is a very nice feature to have. It provides an extra layer of security for keeping your EOS tokens safe. However, it has proved extremely perplexing to many on how exactly to do this. It’s a touchy subject, one that needs specific details to ensure accuracy of actions taken because you do not want your tokens trapped in crypto purgatory, the ECAF process, or be one of those sad lost token story tellers as a result of improper setup of the active and owner keys.

Sole One (@Investah on Twitter – please follow) provided me with amazing scatter support via Telegram and was instrumental in assisting my understanding of this process. As a blockchain and EOS enthusiast this felt like the perfect tutorial to provide to fill a void in the EOS community and provide benefit to many others that I know are having the same issue.

The following print-screens and information contain the steps needed to successfully complete this task. I will be using Scatter (v. 10.0.3) to walk through as it is currently the most used tool to interact with EOS based applications.

We will be Generating Two New Key-Pairs in Scatter (Note: Be sure to write them down (offline) and store somewhere safe) and associating them to our genesis account and as a result removing the original key pair.

A. Open Scatter (assuming you’ve already downloaded, installed, and associated your genesis account to it) Bottom Left Corner in Scatter Select “Add Keys” .

Note: If your Genesis account is currently not in Scatter, you’ll have to import into scatter first. Please leave me a comment if you need instructions on how to do that as well.

Note: I have removed scatter account information in print-screens for security reasons

B. Then “Create Key”

C. Write Down the Private Key Just Generated

• First Select “Key”

• Then click “Reveal” to toggle between your public and private EOSIO key. Here you can write your keys down and/or copy and paste to store online or on your computer (which I don’t recommend).  Note: For the sake of clarity, no need to be concerned with Ethereum or Tron keys for this guide.

Note: The EOS prefix key is your public key. The one displayed once you hit “Reveal”is your private key.

• After you have written and stored your private key, select “Back”

D. Change the “Key Name” or note it down so that it’s clear to you what the key is for (which is to be your new Active Key Pair). I’m going to remove the randomly created name and change it to “NewGenAcctActiveKey”

E. Select “Back”, now you will have a new Key shown on your home page in Scatter

F. Repeat Steps A through E and create another Key, this time it will be for your new Owner Key. Name it whatever you want or for consistency sake, “NewGenAcctOwnerKey”.

G. Now you should have two new keys displayed as follows:

H. Next, go to and search for your genesis account name. Scroll down and click the “Permissions (2)” tab


This way you can confirm your current Public Active and Owner keys. After making the changes in Scatter to create new Key-Pairs you be able to confirm here that it worked.

As you can see, both owner and active Key-Pairs are the same. This is what we want to change.

I. Now, go back to Scatter and select your current Genesis Key which is in Scatter. The one that you’ve been using.

Note: My “Key-OG Account” which use to be my Genesis Account which I used to interact with the blockchain, now says “0 Linked accounts” because I have updated my keys and removed them from that key-pair. Which is what you are doing by following this guide.

J. This is where we are going to change the permissions to your Genesis Account.


Notice, your Genesis account as we’ve been saying is linked to same Active and Owner Key-Pairs currently.

• Select “Change Permissions”.

K. We are going to change the Active Key first for our Genesis Account. You want to select “NewGenAcctActiveKey” from the dropdown (since the key-pair was created in Scatter). Remember, that’s what we named it above (see Step D), unless you chose a different name which you would then want to be the same here for your Active Key selection.

L. Select “Change Permissions”.

• You will now see Human Readable drop-down with code displayed asking you to Allow or Deny the transaction. Selecting “Allow” means you are accepting the changing of your Genesis Account Active Key.

• Select “Allow”

M. Go to, repeat Step H above and ensure that your Active Key is now different than your Owner Key.

• You’ll also notice that if you go to that account in Scatter, the Owner Key is now only associated to your Old Genesis Account in Scatter.

Now, to ensure it’s working you can do a test transaction in Scatter and assign a proxy voter to your New Genesis Account Active Key (NewGenAcctActiveKey). Once completed, checks to confirm the transaction.

N. Repeat steps “I” through “M” and do the exact same thing accept this time for the OWNER KEY PAIR (“NewGenAcctOwnerKey”)

O. When you select your Old Genesis Account in Scatter, once you have switched the Owner Key Pair it will look like the following. No longer associated to any keys (owner or active).

However, you want to make sure you keep your old Genesis account keys in your notes because this is how sidechains are currently making it accessible for you to claim their tokens (i.e. Worbli, Telos).

You will need to remove your Old Genesis account from any other wallets as it will no longer work. Your “NewGenAcctActiveKey” is the key you want to utilize on Scatter, Greymass, any mobile wallets etc.

The “NewGenAcctOwnerKey” you want to remove from Scatter and keep offline in case your newly created Active Key for your account is compromised. This way you can use it to update your Active Key again.

I’m really hope this is helpful and if so, please leave a like and/or comments. Any feedback is much appreciated.

Please Follow me Trybe and Twitter @UptownAlchemist where you can also recommend any other guides you would like to be provided possibly.


Your Remaining Votes (within 24hrs) : 4000 of 4000
7 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 5 (7 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
(1151 total tokens earned)


  1. Smed

    Thank you. I have used my genesis account name as my EOS account for KARMA, HorusPay, and EDNA staking as well as for my wallet staking here at Trybe. Are any actions needed to insure staking is associated with the new keys or does the account name (which has not changed) take care of that? Appreciate the article.

    1. UptownAlchemist Post author

      Hey @smed! Glad you got around to checking out the guide. Great question. The tokens will always be associated to your account (i.e. GenAccntName) and only passively to the key that controls the account. Tokens are associated to the Account, and the Account is associated to the Keys if that makes sense. Whoever controls the keys, then controls the account and has access to the tokens.

      So the new Active Key (since your Owner Key will be removed from scatter and stored offline in Cold storage right??) would be the key that you would use to unstake/stake tokens etc. Your old key, you’ll notice, if you try will no longer work because it’s no longer associated to your Account Name.

      Let me know if that helps.