The general manager for Xbox Live today told gamers of the more aggressive steps the service was taking to combat online fraud and phishing scams — like those that have recently generated a wave of bad publicity — while reminding everyone to take some steps that would make that job a lot easier.
In a post on the official Xbox blog, Alex Garden said Xbox Live has pursued legal action against online sites posting containing gamertags, usernames and passwords that criminals have used to break into and loot accounts. Purchases or account changes are being verified with security codes sent to mobile phones or to secondary email addresses, if the changes are made from an unfamiliar device. And, Garden pointedly reminded that not just sellers, but buyers "of known stolen accounts and content" face account and console bans, if not the risk of criminal prosecution.
All that said, "I encourage everyone to take five minutes today to check your security information and update it if necessary," Garden writes. "If you have any lost or stolen security proofs, update them now to prevent any interruptions to your Xbox Live service in the future."
The single most helpful step, Garden suggests, is making sure your Xbox Live password is different from that used to access other online services. "Sadly, 'password' and '12345' are still top of the most common password lists when we see breaches occur and passwords posted online," he writes.
Food for thought. In the US, fire safety officials use the change over from standard time to daylight saving time to remind everyone to check the batteries in their smoke detectors. It might be a good thing for some authority to designate a similar day for revisiting password security in all the accounts you most often use. For now, Xbox Live subscribers can start with July 18.
Take 5: Update Your Security Info Today [Xbox Live Blog]