How To Secure your MMO Account

This is a Guest post by Tim Hiteshew. Tim is an IT professional living in the San Francisco Bay Area.  He blogs at BloggingTor where he shares his thoughts on all things in the SWTOR universe from character creation to endgame content and everything in between.  


Imagine the horror waking up one morning and discovering that you couldn’t log into your MMO account.  Countless hours of questing along with all of your epic gear, money, and even friends list are now in the hands of a complete stranger. Contacting customer support has proven useless.  They have no way to verify that you are the rightful owner to the account and no way to restore everything that you’ve lost.    

How can you prevent this from happening?  Following these simple guidelines will help ensure that you will never see your favorite MMO account on the back of a milk carton.

Don’t Share.  Forget what you learned on that first day of kindergarten.  Don’t share your password with anyone, especially the people you believe you can trust the most.  All humans are susceptible to trotting down the “dark side” from time to time which can lead to pain, suffering and heartbreak.  That seemingly innocent argument with your significant other about the proper direction to hang the toilet paper (it’s “over the top” by the way) can escalate, culminating in the ultimate act of vengeance:  your leet max level toon becomes only a fond memory.  

The only way this could have happened is if your SA/BFF knew your password.  Just like the old adage “loose lips sink ships” they can also permanently destroy your character or clean out their entire inventory of unbound resources, gear, and other loot. 

Have a Unique Username and Password.  How many different passwords do you have?  Is your Facebook account password the same as your bank account password?  What about your email account?  That forum you belong to about racing hamsters? 

Each website you belong to and online game that you play should have a unique password.  If it isn’t unique, and your password gets compromised somewhere, the bad guys have instant access to your other online accounts, including your MMOs.  If Jonny Blackhat hacks www.fuzzyhamsterracing.com, he is most likely going to take his new account and password list and try each one against every website that he can think of to see if he can get in.  

Your username should also be unique for the same reason.  If someone figures out that you use CaptHuggyPants as your account name for everything, then they have one of the two items they need to compromise your account.  Make guessing your credentials twice as hard by having both a unique account name and password.      

Passwords should also be difficult to guess.  Analysis of compromised password databases show that a lot of people use such easily guessed passwords as “password,” “12345,” or their favorite expletive.  Here are a few tips for making a good password that is not easily guessed:

·         Use a combination of letters (capital and lowercase), numbers, and special characters.
·         Use a password with a minimum of 8 characters.
·         Don’t use a password that contains a real word.  Password cracking programs are set to try different combinations of real words in an attempt to guess them.  Not having a real word reduces the effectiveness of these programs. 
·         Don’t include the name of the website or service in the password (Facebook1). 
·         Instead of a password, come up with a phrase and then use the first letter of each word in the phrase as the password.  For example, if your phrase is “I Have To Get More Fuzzy Racing Hamsters!” you could have a password of “Ih2GmFrH!”  

Don’t Go Phishing.  Be wary of any emails that you may receive that ask you to click on a link, especially if the email is about an offer that sounds too good to be true.  Those now infamous YOU’VE WON THE LOTTERY IN SOME SMALL INSIGNIFICANT COUNTRY THAT YOU’VE NEVER HEARD OF!!! Emails can easily be replaced with YOU’VE WON THE MOST AWESOME MOUNT EVER!!!  JUST CLICK HERE AND ENTER YOUR MMO ACCOUNT INFORMATION!!!!  Once you enter your account credentials, someone on the other end has them and your character will be stripped down to nothing in no time.  

Another popular phishing attack is to send an official looking email from the game publisher indicating that there is a security issue with the game and to please click on the link, log in, and change your password.  Tech support should never ask you for your account credentials.  Account actions are always initiated by the owner of the account, not the company providing the service.  If you’re suspicious about an email, don’t hesitate to contact customer support in order to make sure it is legitimate.  

Secure Your PC.  Certain types of malware and viruses can install a keylogger on your PC as part of its payload.  Just as its name implies, a keylogger will record every keystroke that is pressed on the keyboard and send this information back to the owner of the keylogger.  A keylogger on your system will jeopardize not only your MMO account, but your bank account, social media sites, email account….pretty much anything that you do online.

To prevent the likelihood that a keylogger will get installed on your system, you should practice good PC hygiene.  At a minimum you should perform the following tasks religiously:

·         Keep your PC current with the latest security patches for not only the operating system but applications as well (word processors, games, web browsers, etc.)
·         Keep all plug-ins and third party add-ons current (Flash, Java, browser plug-ins, etc.)
·         Keep your anti-virus software current.  If you have a subscription based antivirus product (aka not free), don’t let the subscription run out.  Only antivirus products with the latest signature files will be able to detect any new exploits that attempt to load on your PC.
·         Install an anti-malware/spyware detector and scan your system weekly.  There are many high quality products that are free and do an excellent job of keeping your system safe. 
·         Put your PC behind a firewall.  This can be a software firewall such as the native one built into Windows, or a hardware device that doesn’t expose your system directly to the internet such as a router.  Firewalls of any kind mitigate your risk of attack by reducing the attack surface.  Bad things can’t get onto your system if it isn’t exposed to the ickiness of the internet.

Beware of Free.   Often, free comes with a price.  It’s the ultimate enticement: you can have something really cool or useful and you don’t have to pay anything for it.  However, this promise of free can lead to a compromise of your MMO account or other facet of your online life:

·         Software available for “free” download through Bit Torrent or warez sites can contain hidden keyloggers, Trojans, viruses, or other malware.
·         The “free” add-on for your MMO works as advertised, but it contains a keylogger that sends your credentials halfway around the globe. 
·         The “free” game you saw advertised on the banner ad can contain spyware that weakens your computer’s defenses.
·         The “free” WiFi at the coffee shop is most likely running as an open hotspot without any security.  Unscrupulous individuals know how to capture and analyze the network traffic of computers connected to these networks and look for passwords, credit card information, and anything else they find interesting. 

MMO’s are popular with old and young alike.  SWTOR is sure to be no exception, making each of its subscribers a target for theft and fraud.  Using the guidelines mentioned in this article will help to ensure that your MMO account resides solely in your possession.