algorand
Add key management best practices documentation
The current state
A lot of our examples/discussion revolve around kmd/goal for account creation:
https://developer.algorand.org/docs/features/accounts/create/
This is probably not best practice for key management; we should maybe make a separate section to discuss ways to manage wallets/accounts/keys in a secure manner targeted at end users.
The proposed state
A clearer discussion of best practices/recommendations around key management. From an end user standpoint, we should guide people to safe handling of keys with an emphasis on personal security.
Could include things like:
- how to create/manage wallets/accounts
- how to regenerate accounts from wallets (and that imported accounts won't regenerate)
- algokey
- offline PC management
- multisigs
- key storage
- ledger devices (can just link out to mobile wallet doc?)
Provide any additional context
It's kind of confusing to figure out how to properly manage keys right now; using goal/kmd seems like the main way to do it based on the site, and I don't think we want to recommend key management on a hot machine.
Trying to import my Algorand account on my node using goal account import -m and my 25 words memonic seed phrase a receive and error indicating i'm not using a 25 words string; do you know the correct syntax?
@icespawn can you share the code you used WITHOUT your actual mnemonic seed phrase? (maybe with some random words)
@onetechnical
Now we describe different account creation methods and have pros and cons of using each method. Do you still think we need to improve this page? If not, will close the issue