Some tips and tricks for user account security

Marcus the Mad

Senior Forum General
Speed Admin
Reaction score
152
A little birdie whispered in my ear that some people have little to no experience with keeping their accounts secure and how to check if they are.

Let's start out by stating that this is just a few tips you can use. This is not a "follow this and you will never get any issue" kind of guide.
There are always possibilities for people to gain access to your accounts, the trick is making it as difficult for them as possible.

First and foremost: the physical barrier.

Once anyone gets on your personal computer/phone, you can pretty much consider everything hacked. Keeping the physical thing on which you store login data (auto log on, a lot of you probably use it) away from others should always be your first concern.

Following the above, you should keep in mind to have a lock on your PC/phone (in case of a phone, fingerprint is pretty neat to have) and a short auto-lock time that requires authentication whenever you leave it alone.

A rather large part of our players seem to also play from work (from what I hear), I'm not sure if this is always the same pc or not, but it should be noted that trying to minimize the amount of devices you log in from is something to strive for as well. You never know if a random device is compromised with a keylogger or something in the like.

Passwords

They're important, but not perfect, far from it actually. You can not rely on them being 100% secure ever. Not even with the longest, most intricate password you can imagine. Nevertheless, you better make use of a good password. You often see websites suggesting to use a password with at least one number and a capital letter etc. There's still a lot of disagreement over what is best, passwords or passphrases, intricate stuff or easy to remember ones. There is a couple of things everyone should agree on though.

Don't - and I can't stress this enough - use passwords that can be found on these lists:
- https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
- https://nordpass.com/most-common-passwords-list/
- https://en.wikipedia.org/wiki/Wikipedia:10,000_most_common_passwords (this one has an extra of common things people use for passwords at the bottom)
If there was ever a list of bad examples, these are it. Is your password on this list? Change it

Don't use the same password for more than one account. If one of them ever gets hacked, all the rest is still secure.

After these two points I already hear a lot of people sighing "OMG you turd, I can't remember 6,02214076x10²³ different passwords" and you would be correct. Most people probably can't. Here is where password managers come in play. They are pretty darn useful programs that store passwords for you on your device, safely. You only need to remember one - preferably quite complex - password/passphrase and keep that one safe in your head. Only YOUR head.
Here are a couple websites giving information on a few of them, including their pro's and cons, free and paid:
- https://www.pcmag.com/picks/the-best-password-managers
- https://www.techradar.com/best/password-manager
- https://www.tomsguide.com/us/best-password-managers,review-3785.html
I recommend reading at least one of these and trying to figure out which suits your needs best.
These are generally also very easy when you want to change/update your password since it is a save and forget type of deal. Except your "master" key, you lose that, you generally lose everything.

In case anyone was wondering when this exotic tip may come along: do not share your password with others. I know, weird how that could impact account security huh?

E-mail address

If at all possible, keep your personal e-mail account separate from the one you use for game registration and/or other random sites. It may be annoying, but at least that way the more personal logins are less likely to be impacted when one of those random sites decides your account details shouldn't be held securely.

As said before, do not use the password for your e-mail address(es) anywhere else. More often than not, access to the e-mail equals access to the accounts.

E-mail addresses are almost always linked to your login details and are one part of the key to log in next to your password. You may or may not have heard of large companies getting hacked and "data being stolen". These data breaches often include a lot of account login details, this stuff gets shared and is also publicly available in a lot of cases. Luckily, someone decided that people should be able to check whether their account details were leaked and see if they are still safe. Nowadays google's security systems in chrome also do this, as well as some password managers, but you can also manually check for yourself.
Got to https://haveibeenpwned.com/ and run the check. If your e-mail account was part of a data leak, it will tell you what breach, what data (e-mail address, password, username etc.) was exposed and that you need to check your security.

Two-factor authentication (2FA)

Whenever available, do try to use this. It can be very intrusive, obnoxious and might get in the way of quickly logging in, but it is an extra layer of defense against the dark arts. A lot of these 2FA services use text messages, e-mails or authenticators (like google authenticator) and prevent unrecognised devices from logging in. Oftentimes this system will ask you whether you want to trust "this device" for a longer period of time or not, it should go without saying that you need to pick appropriately.

VPN

Contrary to popular belief, a VPN will not protect your account details whenever you log in. These are a tool for privacy, not really security.

YOU!

Yes. You! You are a security layer. No matter how many tools available, your account security - on any account - is your responsibility and there is no way to ignore that without tossing all the tips above in the bin. I advise you to do your best.
 
Top