Watch DogsImage: Ubisoft
If you play video games, you are an ideal target to get wrecked by hackers.
This post was originally published on May 1, 2018
Sure, you’re tech savvy – you know what a hard drive is and have seen an HDMI cable or two in your day. Still, there are some unassailable, totally exploitable truths about gamers: they are very online. They log in to a lot of stuff. They have some money. They want to be better than other gamers. And they like to use the password “Dragon.”
Earlier this year, hackers broke into thousands of Fortnite players’ accounts and siphoned hundreds of dollars at a time. How? Those players had used their username and password combinations somewhere else on the world wide web. And somehow, they got leaked.
Now, they’re begging for big refunds and scurrying to protect themselves from further financial harm. It was a preventable disaster. And we’re here to teach you how to prevent it.
Here some some tips on how to stay safe while gaming.
What matters when it comes to security?
Everything matters. That sucks to hear, I know. Security is like a balloon. If there’s even one hole, it’s not a balloon anymore.
When it comes to your gaming apps, if you have unique passwords on your Blizzard and Epic Games accounts, but not on your five favourite gaming forums’ accounts – and if you use those same passwords on PayPal, email or Facebook – then you’re vulnerable to hacking.
Password leaks happen all the time on all sorts of sites. Hackers can input your niche Everquest forum password into, say, your banking site if you use the same password for both. And then you get screwed. It’s that simple.
Think about everything you have an account for. Your PlayStation Network account, your Microsoft account, your Battle.Net account, your Steam account, your Reddit account … when you add it up, that’s a lot of stuff!
Each of these accounts contains at least a little personal information, whether it’s your first and last name or your credit card number.
It can seem really intimidating to stay vigilant about so many accounts, but with good habits in place, keeping everything in check can become second nature.
Where do I start?
Start with your passwords. We all know “Password123” is easy to guess. But so is “Dragon.” “StarWars,” “monkey” and “football” are extremely common for the same reason – turns out a lot of people like popular stuff. It’s also likely that your unique, fun password you’ve kept since the fourth grade – “Pikachu,” maybe – is just as easy to figure out.
You need to have crazy passwords for everything. According to our sister site Lifehacker, passwords that are long and include numbers, capital letters and symbols are great. Don’t use common phrases or words. BiRdSaNdBeEs_123 isn’t as great a password as bVWx633HVN7Z.a!=.
Changing your passwords is totally tedious, but on the back end of a security breach, extremely worth it. Spend a few days recording which websites and apps you use regularly.
Likely, it includes some combination of Facebook, Gmail, Twitter, Reddit, YouTube, Discord and Amazon. For gamers, that list might include Battle.net, Steam or Xbox Live. Write all of it down. Then …
Download a password manager
You simply cannot remember 20 very strong passwords. If you can, your passwords probably aren’t strong. You need a password manager. And a lot of password managers can even help you come up with secure passwords.
Since browser-based password managers like the one in Opera have been hacked before, I recommend downloading a password manager onto your phone. I use LastPass. Other people like 1Password. That way, you’ll only have to remember the password to your password manager (or you can just use your fingerprint).
Enable two-factor authentication
Two-factor authentication is a fancy way of saying, “the app asks you to verify yourself.” All it means is that, when you log in to something, you’ll receive a text message or an email with an additional code. You can also get a special app that generates this code on your phone.
No one will be able to log into your account unless they enter that code into the client.
Opting in to two-factor authentication can mean the difference between someone else logging into your MMORPG account and stealing all your hard-earned gold and, well, that not happening.
Getting a two-factor authentication code when you’re not trying to log into something is also a great way to know someone’s trying to hack you!
Lots of gaming apps let you enable two-factor authentication. Here’s a list from TwoFactorAuth.org plus links to instructions on how to enable it:
- Blizzard
- Elder Scrolls Online
- Electronic Arts (Origin)
- Enjin
- Epic Games
- EVE Online
- FaceIT
- Garena Online
- GOG.com
- Guild Wars 2
- Humble Bundle
- Itch.io
- Nintendo Account
- PlayStation Network
- Roberts Space Industries
- Rockstar Games Social Club
- RuneScape
- Square Enix
- Star Wars: The Old Republic
- Steam
- Ubisoft/Uplay
- Wargaming
- WildStar
- Xbox Live/Microsoft
If you just scrolled through this and wondered, “Where’s League of Legends?” or some other service not listed, then I have some advice for you: Email them! Make sure they know you want this security feature. Basic two-factor is something worth demanding.
Opt out
Here’s a fun fact: Random Call of Duty players you add as friends on your PlayStation might be able to see your first and last name! Maybe that’s cool with you. Maybe it’s not. Either way, you should know whether you’re leaking personal information you don’t want leaked.
Your PlayStation, Xbox, Steam account, etc. all have privacy settings. The Switch has very limited customisation options here, but that’s because Nintendo’s online service doesn’t show friends your real name, anyway. You should familiarise yourself with the privacy and security settings for all your gaming accounts and modulate them to your liking.
The PlayStation Network’s settings, for example, ask whether you’d like people on your friends list to see your real name. Microsoft blocks Xbox users’ real names by default, although there was once a bug that temporarily revealed people’s names. Now on Steam, you can even hide how few hours you’ve actually played of PlayerUnknown’s Battlegrounds.
Recognise Phishing
Wow, free Fortnite V-Bucks! Booyah! All I need to do is enter my social security number into the website f0rtn1te.net!
Nothing cool is free in online gaming. Even if all your passwords are perfect and you have two-factor enabled on everything, that won’t stop you from falling for hackers’ tricks.
Any sites or people offering free video game skins, currency, etc. are shady, and especially if a stranger messages links to you through an online game.
If you receive an email from a strange address telling you that your Elder Scrolls Online account has been compromised, and that you need to give them your username and password, type that address into Google to make sure it’s legit.
Sometimes, hackers will copy the look and feel of sites you frequent to make their scam see legitimate. If a website starts with http:// and not https://, that can be a red flag.
If the website is http://www.ep1cgames.com, and not https://www.epicgames.com, that’s a big red flag.If the website is asking you to download something before proceeding, and that something is not Adobe Flash Player, Google what it is before just automatically downloading it.
Most computers these days come with decent antivirus software that will let you know whether you’re downloading insidious malware, but it doesn’t hurt to double up. Here are some good options.
Don’t put your personal information out there
A decade ago, your parents probably warned you about the “strangers” and “dangerous people” haunting AOL chatrooms. Maybe they said that telling MMO buddies your first name could mean inviting some 50-year-old mouthbreather to stand outside your window all night.
We’ve been on the internet long enough to know that, for the most part, people who play games online are not going to stalk you because you told them what city you live in. That said, it’s hard to vet how safe online friends are. And it’s easy to leverage even the tiniest bits of personal information against someone.
Sometimes, even just knowing your mum’s maiden name can be the key to your goods.
It might not even take that much. People voluntarily overshare on Twitter and Facebook all the time.
If you are playing video games online – or streaming yourself playing video games – here’s a handy list of topics to avoid to protect yourself from potential harm:
- Your full name
- The full names of the people closest to you
- Your exact birthday
- Your address or a picture of your home
- Your phone number
- Your social security number
- Any banking information
- Where embarrassing photos of you live
- Physical places you frequent (i.e. schools, restaurants, stores)
Any combination of this information can spell out exactly who you are, where you live and how to find you. You will need to rely on your own judgment when it comes to trusting strangers. Suffice to say, there isn’t any reason to give out any of the above information to anyone you’re gaming with.
(Bonus: You can get a gaming-specific VPN – or, a private network that masks where you are – to really protect yourself from getting tracked.)
Don’t do anything stupid, stupid
One time in 2008, I tried to pirate a copy of Spore and got a virus that bricked my computer instead. Did I deserve to have my $US600 ($796) laptop destroyed? Probably not. But did I have it coming? Definitely.
Listen, if you’re trolling darkweb marketplaces for high-ranked League of Legends accounts, you’re inherently putting your security at risk. Games’ Terms of Service exist to protect developers, yes, but also, to protect gamers.
If you’re doing something that flagrantly breaks a game’s Terms of Service, like purchasing in-game currency or installing cheat software, you could be giving an opening to hackers.
The sad, solemn truth is that it is impossible to account for everything. It really is. Good hacks happen to good, vigilant people. However, with these tips, you can exercise a little more control over the chaos that is the internet.
Comments
7 responses to “A Gamer’s Guide To Not Getting Hacked”
If they’re asking for your password, then they are most definitely shady. No online system in the world should be asking you to verify your identity by asking for your password.
My passwords are usually something stupid that would never occur in a spoken sentence like WaterproofJacketVibrator 666.
Companies that don’t offer 2FA at this point should be named and shamed. It’s ridiculous that any service bigger than a garage operation wouldn’t have it in this day and age.
I agree, but 2FA fundamentals needs to be drilled into people’s minds before they use/implement them, not just hand them out or enforce them because of the benefits. People don’t read, they just press the “Accept” button after filling in details.
I mean, the amount of times I get cases where someone knows the password to their account, but has lost/destroyed their second form of authentication is immeasurable, and then they’re pissed because they can’t wrap their heads around how their own irresponsibility lead them to this scenario.
Because it’s becoming the norm, I’d start teaching kids about 2FA as soon as they’re old enough to own a smartphone.
Blizzard never emails you with a link, if you got a free gift then it will show in your client, if you’re flagged for beta it will show up in you account and your client
honestly more companies needs to do this, especially since everybody these days have their own game services
The only time I got hacked was back in the day when I pirated Arkham Asylum (after the glide thing was patched). I tried to sign in to GFWL and it failed. Big deal, I thought. A few days later my hotmail account was hacked and had its password and language changed. I was foolish enough to have the same password for my eBay at the time, so that went, too.
I managed to recover both, but lessons learned.
Is the correct statement. Security is really only a balloon if you aren’t being careful and put everything under the one umbrella. The trick to better security is to compartmentalise and make it difficult for hackers to get at more than one piece of your data. Totally crazy passwords may be more secure but having length and symbols or spaces increases the amount of effort it takes for hackers to brute force your password. It also makes it less likely to come up on rainbow tables.Using a password manager is fine but keep in mind that:
a) If you forget your key password (Or lose your phone if you take the advice of the article) then you lose all of your passwords.
b) If someone works out your key password, they have access to all of your unencrypted passwords.
Basically the mantra is never think of it as “if you get hacked”, always act as though it will be “when you get hacked”. Especially since you are mostly depending on the person hosting your data to have good protection in place.
An anonymous VPN with a built in Killswitch is really all you need. ExpressVPN is a good option