Even basement cat is stunned.
Just weeks after the breach in Sony's PlayStation Network, a bunch of websites and game services have followed suit: Epic Games, Codemasters, Minecraft and BioWare. These string of hacks and compromises are becoming very alarming and that a lot of personal data is now out there right in the open for exploit. All these have happened within weeks apart-- which most certainly tell us how majority of the gaming industry is taking this issue at hand. This is really something that calls for concern. But we'll leave that discussion for later.
While we are kneeling down and praying to whoever can provide divine intervention to protect our credit card, personal data and financial information from hackers, there is something that we could do at least, to protect ourselves. It is better to be prepared and to be overly-protective of our data rather than be lenient about it and regret it later on (along with a huge unauthorized charge to your credit card). At least, there is something that we can do on our end.
Aside from the usual scan your computer for keyloggers, making use of the on-screen keyboard for entering passwords, there are some stuff that I've begun using to try and safeguard my online identities. These steps are kind of… hard to do and adapt immediately on a personal level. Take your time in getting used to them, and then adapt the next.
So here I've outlined some of the simple but helpful stuff you can do for your account's protection.
Using the same password for everything is the same as using the same key for your office, your car, your house and your safe.
1.) Use different passwords for different accounts. This one will probably knock you off your socks. Using different passwords for each and every online account and identity you have not only makes your password less guessable by wannabee hackers (especially those who love social engineering), but will also ensure that if one account is compromised, chances are the others aren't. This will add to your sense of security and will protect your other identities from attack.
So uhh… what was that again?
2.) Use complex passwords. We are all guilty of not doing this. Surely, it is hard for everyone to try and memorize a string of random letters and numbers (much less symbols!), with the occasional mix of uppercase and lowercase letters. But in doing so, you'll give the hacker a hard time in trying to crack your password via brute-force attack, or by simply guessing what it is (yes, there are people who DO know you and your crush's birthday!). Also, this prevents people from guessing your password from over-the-shoulder snooping. You could make use of a password generator for this, but you should be able to store and keep track of your passwords in a safe place. I'd recommend Bitmill password generator for creating passwords, and KeePass for storing them.
Yes, it is a hassle. But at least, you get to separate emails from friends and from mailing lists and site registration.
3.) Use different e-mail accounts for different uses. Let's face it: majority of users stick to one or two email addresses for their entire online lives. Well, it important to keep in touch with people, and to keep one known address for everyone to send messages to, right? Yes it is important, but what I rather suggest is that you use different e-mail addresses for different uses. For example, email1 will be for communicating with other people, email2 will be for game registrations, email3 will be for Facebook, email4 will be for banking, and so on. Doing so will help limit and compartmentalize the damage done by hackers if ever they do compromise an account falling under one of those categories. Google Mail (GMail) has implemented something related to this that could help recently, and that is by enabling multiple logins.
SSL helps by encrypting the connection between the server and the computer. Also tells you that the identity of the site being shown is verified and true.
4.) If there's SSL, use it. SSL is short for Secure Socket Layer, which encrypts the page and the information going to and from your browser to the server. Many of the sites that we go to and send data to (for instance, leave a comment on) transfer data transparently to improve performance and rely on cookies for authentication. The problem here is that sometimes (or most of the time) some of the information is sent via cleartext or plaintext, which gives anyone listening over the air or over the network access to your most vital data. To make sure that you are using or check that the site has SSL, try placing https:// instead of http:// at the beginning of the URL.
Authenticators are like physical keys-- only the true ones are able to open the lock.
5.) Use two-factor authentication. Two-factor authentication simply means a second key for you to access the account. The first factor of this authentication is your usual username and password. The second one is a physical key that generates a OTP or One-Time Password for you to use and verify that it is indeed you logging in. This actually cuts down a lot on hacker issues. The only problem here is that you should not lose the key while it is bound to your account, or else you cannot login. Blizzard has implemented this with their Battle.NET Authenticator, as well as Google has implemented this with their Google Authenticator (as an Android App). You can also read more on two-factor authentication here.
Never, ever trust anyone who approaches you with too much goodwill and urgency. Stuff like this is usually announced as calmly as possible, and usually is echoed via official channels.
6.) Never give away access to your accounts to anyone. Ever. From complex schemes such as phishing sites and scams to the simplest sharing or whispering your account information to your close friend, this is the one thing that is caused by human error. Oftentimes we share our account information with someone whom we trust, only to realize later that that person used it for something else or your exchange was overheard. Or maybe that the promise of instant
noodles riches to your in-game account was too good to pass up. Or the GM said that there was a secret event and he can over-upgrade your equipment just by giving him your account password. A lot of players fall for this, and usually with devastating results. A lot of gaming companies, communities and players have always warned against such alluring promises, and by far a lot still do not know any better than this. Always remember, there is no elevator to success, you'll always have to take the stairs.
So, there you have it. These are some of the tips that I could outline for us users to have done something on our side to at least minimize the effects of any one of our identities being compromised. At least we tried. And now, to try to ask our game publishers to beef up security…
Are there other ways to secure your accounts that should be in this list? Share with us! It will greatly be of help.