About 'owner' and 'active' keys

EOS accounts in comparison to other current blockchains can be controlled by more than just one key, each with different permissions. Imagine a house that has one master key (the owner permission) which can open every door in the house, and another key for one or two very specific doors (the active permission).

The active key can do everything the owner key can, e.g. transferring tokens, staking, voting, etc, apart from one crucial difference: Only the owner key is allowed to overwrite itself (or the active key) with another key to control it instead.

In the case that anyone ever gets your active key you can just import the owner key into a clean machine and prevent any further malicious transactions by overwriting your active key.

You should keep your active key inside of Scatter for easy access.

But your owner key should be removed from Scatter and kept in a safe place which only you have access to. If you lose this key you will lose access to your EOS account entirely. If someone else gets access to this key, they will have total access to your EOS account and can lock you out.