# Why activate the device atSign on the client? The first time you activate, this set of keys that gets generated is a set of management keys. These keys have full permissions to your atServer, the personalized service which powers your atSign. We recommend cutting the management keys on the client for a few reasons: 1. It's extremely important that you don't lose these keys: 1. They are less likely to get lost on your client machine than on your device. 2. If a device is stolen you still have your management keys to recover from the theft. 2. For each device we can issue it's own set of cryptographic keys which has a few perks: 1. This allows us to limit the permissions of those keys to the bare minimum required for NoPorts. 2. If a device gets compromised, we can safely revoke the set of cryptographic keys associated with that device, without affecting the other devices using the same atSign. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.noports.com/installation-faq/why-activate-the-device-atsign-on-the-client.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.