My question to the experts about this. Why is it

even possible / necessary to be able to change keys? My suggestion would be to offer a function that I can use to freeze my keys.

Thank you for raising this concern. I will have @foflexity review this matter.

Lots of good reasons… if there was some potential that someone could have seen or accessed them, you can change right away. Also, the owner/active key thing lets you keep owner super safe and active can be changed if there’s any concerns.

I'll also take note of this for future concerns. Thank you Jesse. 🙏

But that's exactly the point, nobody can see or read my private key on the ledger. Unless I am asked to disclose it!

Are you having troubles with entering your private keys? I would also like to ask what is the main reason you raise this concern?

I just don't want to have to enter my private key somewhere. That's why I bought the ledger. Because there is malware that exchanges my keys in no time during such activities

According to what I have shared earlier, we will try to figure out all options possible for the ease you wanted while using your ledger. I have already added this to the list of the concerns coming from community members.

I share these sentiments, I'd like to see a good best practises type of list of things you should do and you should never do with anchor type of wallets. For example what @jestagram says above should be a thing everyone knows

Perfect, thx alot fycee

The way we have things setup with new accounts through our systems in Anchor (not those generated externally) is that we create an "owner key certificate" upon creation, which is essentially an encrypted private key you print out as you're creating the account. It'd be similar to your Ledger backup sheet. We also generate an active key for the device you create on and save it locally for immediate use. This gives your current device access to the account, while giving you an offline copy of the owner key to use in the event the device you set it up on is lost or damaged. The reason key changes in this situation are important is because you can use that owner key certificate on any other device to restore access to your account. It gives you the opportunity to reset all devices (which changes all your keys, except the certificate) or add a brand new device (allowing a 2nd, 3rd, etc device). Both of those operations involve modifying keys to your account, and I think highlight some pretty real benefits to having a system that allows it.

I can understand that, but I find the process to connect anchor with ledger too complicated.

It is. A lot of that baggage comes from the fact that up until really recently you couldn't just create an account that started on your Ledger, which meant you have to jump through hoops with your private keys and changing them to match the Ledger.

I would like to use all functions such as voting, but I don't yet understand the exact process so that I can really feel safe

Thanks. I know how hard it is. The reason I am actually not using my ledger 😆

Seriously, once you've started, you don't use anything else

You can use it for all functions, and make it so the Ledger is your sole key provider. If you ever needed to restore either Anchor or the Ledger itself, you'd be dependent on that Ledger backup word sheet you created during the initial setup of the device. If you've been a holder for a while - I imagine your existing Telos account isn't configured to use your Ledger. You probably have just a long string of characters for your private key. That private key needs to be used in order to modify your account, to set it to use the Ledger's keys instead of that key you have. After you modify the account to use the Ledger, that key you had originally will now be invalid and it doesn't matter what you do with it (unless you have other accounts using it). The guide that was originally linked to you outlines in detail what you need to do to modify your account. It is a pain to go through - I know since I've done it many times. However it's a one-time pain that you need to go through since you didn't create the account to use the Ledger to begin with.

Apreciate your support Aaron, love this community!!

Thank you so much. I am deeply enlightened too.

One thing to add to this for the sake of security - Anchor never has access to the private keys FROM the Ledger at any time. It'll never ask for your Ledger seed words or backup info. It just acts as a client to the Ledger and when you do things, it requests the Ledger to sign things for you.