Post by kas on Jul 28, 2015 21:56:10 GMT -5
Using the game GuildWars 2 as an example I will be linking to their latest security blog telling players how stolen accounts are used by hackers and why they steal them in the first place and how.
www.guildwars2.com/en/news/a-new-way-to-protect-your-account/
THIS is why it is imperative to use a different password for each and every site, email login and account we make even if in a game and not on a website. However it is hard to remember different passwords so people use programs to remember those passwords and those have been known to get breached as well so then you have to also change your master password as well used for those programs and all the passwords in there that may have been obtained by that breach. This is why passwords are not enough and many games have gone with additional security such as an extra passkey after you already put in the password as well as tracking where you are logging in from and sending to your email a notification incase it was not you who logged in. But sometimes the hackers get into your email too and well the rest is explained by the GW2 people (Anet) on that as well in their latest news:
There are many things over the years that have been taught to us but people say different things about which is best.
Some say use a password saver and encryption app such as Lastpass or Dashlane 3 or KeePass (see article here: lifehacker.com/5529133/five-best-password-managers and here: www.pcmag.com/article2/0,2817,2407168,00.asp). Others say you should have a system of your passwords such as change it up with numbers replacing numbers (what some used to call Leet speak or "L33T 5p34k" back in the day) as well as don't use dictionary words or just one word but make a long password a sentence of 3 or more words (the longer the better) and if possible (if the site or program allows) use special characters as well such as #$%^&*!.
Many sites now do 2-step verification but not everyone owns a cell phone or feels comfortable with trusting that their cell phone number won't be sold and then get spam text messages. However, as long as the site is well known and trusted that it is a good idea. Even then, you should have good security on your cell phone as well. Some people have good security but then forget how to login to your cell phone. Or they get a different cell phone number and forget to update it in all their sites that have the 2-step verification in place with their old cell phone number. But the 2-step verification is a good way to keep your account secure if someone tries to hack in and then you get this message on your cell and you just don't do it and the hackers can't get in because they don't have your cell phone.
"...security is all about risk mitigation—you never actually become "secure", you merely decrease your risk."
lifehacker.com/5785420/the-only-secure-password-is-the-one-you-cant-remember
Now how secure is YOUR password?
howsecureismypassword.net/
I found this site a reputable as well as knowledgeable site when it comes to security:
www.grc.com/passwords.htm
As well as Krebs:
krebsonsecurity.com/password-dos-and-donts/
By the way, if you came to this article because you have GuildWars 2, you may be interested in your dragon mini:
dulfy.net/2015/07/28/gw2-exclusive-mini-mystical-dragon-for-using-2-step-verification/
www.guildwars2.com/en/news/a-new-way-to-protect-your-account/
A Quick Security Background
Game accounts are worth money to hackers. If they can steal one, they’ll strip it of gold and items, sell those, and then use the stripped account for botting or spamming. You don’t want that to happen to you, and neither do we.
How do they steal the accounts? They start by buying lists of hundreds of millions of possible e‑mail address and password combinations, mostly gathered through the many security breaches of websites and game platforms you may have read about in the news, and also collected from malware. Armed with these lists, and with access to many computers and Internet addresses to test from, they make constant log-in attempts to see whether anyone has created a Guild Wars 2 account using an e‑mail address and password that’s already on one of the lists.
Just finding a matching e-mail address and password generally isn’t good enough though. When the hacker tries to log in to the account, Guild Wars 2 recognizes that they’re logging in from a new location, and it sends an e-mail to the account holder to verify. But if the hacker can get someone’s Guild Wars 2 password from a list of known passwords, he can usually also get their e-mail account password from that list. Then he can just log in to the e-mail account and click through the verification email.
Game accounts are worth money to hackers. If they can steal one, they’ll strip it of gold and items, sell those, and then use the stripped account for botting or spamming. You don’t want that to happen to you, and neither do we.
How do they steal the accounts? They start by buying lists of hundreds of millions of possible e‑mail address and password combinations, mostly gathered through the many security breaches of websites and game platforms you may have read about in the news, and also collected from malware. Armed with these lists, and with access to many computers and Internet addresses to test from, they make constant log-in attempts to see whether anyone has created a Guild Wars 2 account using an e‑mail address and password that’s already on one of the lists.
Just finding a matching e-mail address and password generally isn’t good enough though. When the hacker tries to log in to the account, Guild Wars 2 recognizes that they’re logging in from a new location, and it sends an e-mail to the account holder to verify. But if the hacker can get someone’s Guild Wars 2 password from a list of known passwords, he can usually also get their e-mail account password from that list. Then he can just log in to the e-mail account and click through the verification email.
THIS is why it is imperative to use a different password for each and every site, email login and account we make even if in a game and not on a website. However it is hard to remember different passwords so people use programs to remember those passwords and those have been known to get breached as well so then you have to also change your master password as well used for those programs and all the passwords in there that may have been obtained by that breach. This is why passwords are not enough and many games have gone with additional security such as an extra passkey after you already put in the password as well as tracking where you are logging in from and sending to your email a notification incase it was not you who logged in. But sometimes the hackers get into your email too and well the rest is explained by the GW2 people (Anet) on that as well in their latest news:
Using Unique Passwords
The simplest thing you can do to keep your Guild Wars 2 account secure—and all your other accounts too—is to pick a unique password for each account. Choose a password for Guild Wars 2 that you’ve never used anywhere else. And once you’ve started using it for Guild Wars 2, don’t subsequently use it elsewhere.
Over the past few years, we’ve tried to ensure that players pick unique passwords for Guild Wars 2 by building our own list of the hundreds of millions of passwords that hackers know and then not allowing new accounts to use any of those passwords. It has worked well, and Guild Wars 2 has had a pretty low incidence of account hacking since we started that.
It’s not a perfect system. One problem with forcing everyone to pick a new password for Guild Wars 2 is that a lot of people later forget those passwords. This year, hundreds of thousands of you will contact our customer-support team to ask for help recovering a password. We know it’s difficult and frustrating for you to have to contact customer support just to get back into your own account, and frankly it’s hard on us too. We do have an automated account-recovery system, but we set a high standard of proof for automated recovery, which many players returning to the game after a long absence can’t satisfy. And we can’t lower that standard of proof, because then hackers would steal accounts through automated account recovery. There has to be a better way.
The simplest thing you can do to keep your Guild Wars 2 account secure—and all your other accounts too—is to pick a unique password for each account. Choose a password for Guild Wars 2 that you’ve never used anywhere else. And once you’ve started using it for Guild Wars 2, don’t subsequently use it elsewhere.
Over the past few years, we’ve tried to ensure that players pick unique passwords for Guild Wars 2 by building our own list of the hundreds of millions of passwords that hackers know and then not allowing new accounts to use any of those passwords. It has worked well, and Guild Wars 2 has had a pretty low incidence of account hacking since we started that.
It’s not a perfect system. One problem with forcing everyone to pick a new password for Guild Wars 2 is that a lot of people later forget those passwords. This year, hundreds of thousands of you will contact our customer-support team to ask for help recovering a password. We know it’s difficult and frustrating for you to have to contact customer support just to get back into your own account, and frankly it’s hard on us too. We do have an automated account-recovery system, but we set a high standard of proof for automated recovery, which many players returning to the game after a long absence can’t satisfy. And we can’t lower that standard of proof, because then hackers would steal accounts through automated account recovery. There has to be a better way.
There are many things over the years that have been taught to us but people say different things about which is best.
Some say use a password saver and encryption app such as Lastpass or Dashlane 3 or KeePass (see article here: lifehacker.com/5529133/five-best-password-managers and here: www.pcmag.com/article2/0,2817,2407168,00.asp). Others say you should have a system of your passwords such as change it up with numbers replacing numbers (what some used to call Leet speak or "L33T 5p34k" back in the day) as well as don't use dictionary words or just one word but make a long password a sentence of 3 or more words (the longer the better) and if possible (if the site or program allows) use special characters as well such as #$%^&*!.
Many sites now do 2-step verification but not everyone owns a cell phone or feels comfortable with trusting that their cell phone number won't be sold and then get spam text messages. However, as long as the site is well known and trusted that it is a good idea. Even then, you should have good security on your cell phone as well. Some people have good security but then forget how to login to your cell phone. Or they get a different cell phone number and forget to update it in all their sites that have the 2-step verification in place with their old cell phone number. But the 2-step verification is a good way to keep your account secure if someone tries to hack in and then you get this message on your cell and you just don't do it and the hackers can't get in because they don't have your cell phone.
"...security is all about risk mitigation—you never actually become "secure", you merely decrease your risk."
lifehacker.com/5785420/the-only-secure-password-is-the-one-you-cant-remember
Now how secure is YOUR password?
howsecureismypassword.net/
I found this site a reputable as well as knowledgeable site when it comes to security:
www.grc.com/passwords.htm
As well as Krebs:
krebsonsecurity.com/password-dos-and-donts/
By the way, if you came to this article because you have GuildWars 2, you may be interested in your dragon mini:
dulfy.net/2015/07/28/gw2-exclusive-mini-mystical-dragon-for-using-2-step-verification/