Staying safe online is something that has always been really important to me, from keeping your personal information safe, to keeping your computer safe, to staying safe in games. It’s not always easy, either, as the people who want to do bad things are always coming up with new and tricky ways to get you to give them your address or phone number, or install their malicious software, or to hijack your character and take your equipment or gold or whatever. Fortunately, even though there are always going to be a lot of ways people can try to trick you, there are only a few things they’re trying to get from you, and once you know about them and their tricks it becomes much easier to recognize them and protect yourself against their schemes.
[singlepic id=3269 w=320 h=240 float=left]First of all, what do they want, these bad guys? I always picture them as old fashioned spies in long trench-coats and dark glasses trying to take pictures of my personal information with one of those cool mini spy cameras. Lucky for us, there are only a few pieces of information that they want, which makes it a lot easier for us to protect ourselves. The biggest thing they try to get their hands on is any key personal information; that’s your full name, your home address, home phone number, and social security number. That information is usually pretty well protected by most people, but as I said, the bad guys are tricky, so they are also very interested in things like your school, where you might work, your birth date, your sports team, your pet’s name – basically anything that will tell them more about you than just your name.
Keeping your home address and phone number safe is obvious, I hope everyone out there is already very careful with this information, but why should you worry about giving up something like your pet’s name or the town you live in or the hospital you were born in? Well, have you ever had to recover a lost password to a game or website? They ask security challenge questions like ‘what was your first pet’s name?’ or ‘What town were you born in?’ all the time, right? If one of our fedora-wearing spies gets their hands on a piece of information like that, it’s like a puzzle piece, and when they have enough pieces of the puzzle filled in they’ve got a picture of YOU they can use for lots of naughty things. The less you give them, the safer you are.
This is also important to keep in mind when you’re signing up for a new website or online service too – where did you find out about the site? What kind of information is it looking for? Believe it or not there are fake sites on the Internet that try to get people to sign up and fill out all this personal information to use it for bad things, so if a site is asking for a lot more information than you think they need, ask some questions before filling it out. Why would a website need your home address or phone number if all you want to do is read an article? And NO gaming or social website should ever need your social security number – if a website is asking for that just click away immediately. Maybe close the browser then wash your hands too, just to be safe.
Another important note on signing up for new websites and games is your user name and password. After all, that’s all that’s keeping the bad guys away from your profile information and, in a game, your characters and equipment. Many of us – maybe all of us by now – have multiple profiles on multiples games and websites, and most of like to use a similar (or the same) username in all of these, because that’s our online identity; we like people to know who we are, we have a reputation and friends that are important to us, all linked to that identity. That means that it’s your password, that one little secret code word, that is keeping the bad guys out of all your stuff.
Passwords need to be strong to be effective, but the stronger they are the harder they are to remember, especially across multiple games and websites, so people often fall into two different password ‘camps’ – either using easy passwords, like their last name backwards or, terrifyingly enough, ‘password’ (OK, if you have ANY game or website account with the password of ‘password’, please stop reading right now and go change it. Do it now. I’m totally serious. Don’t worry, I’ll wait.) or they use a really strong password, but they use the same exact password across all the games and websites they sign up for.[singlepic id=3270 w=150 h=112 float=right]
You can see the problem with both cases – using an easy password means that it won’t take the bad guys many guesses to get in, and the same password across all websites and games means that if one of your sites or games gets compromised or one of your accounts gets hacked (it happens, even to huge sites like the Gawker network, which is the home of the gaming site Kotaku) then the bad guys have access to ALL of your accounts, and believe me, once they get your username and password to, say, your WoW account, they’ll try that information on LOTRO, then DC Online, then EQII, and so on, and so on, until they’ve hit every first tier and second tier game out there, and if you use the same username and password in every game you play they can strip every active account you have, literally overnight, while you’re asleep.
There is a pretty good compromise between ‘multiple easy passwords’ and ‘same hard password’ that you can use that will keep your accounts safer. No password or website security is perfect, of course, so I can’t say you’ll NEVER get hacked, but this is better than the other two options above, and much easier to remember than random super-strong passwords for every website you sign up for. What you should do is choose a really strong password , one that combines upper case and lower case letters, numbers, and at least one special character (if allowed) , and then for every website and game you sign up for, add two or three characters to the password that will identify the site or game in a way that’s obvious to you, but would be very difficult for someone else to guess. For example, my standard password could be D1tto (it’s not, obviously) and I might use the first two letters of the URL or game I’m signing up for, plus another identifier known only to me, so for MMO Crunch I would add mm$ at the end of the password. That way, even if someone can get my password for another site and I use the same username, it isn’t going to let them into my MMO Crunch profile.
[singlepic id=3280 w=549 h=400 float=left]I’d like to talk briefly about changing your passwords too. One of the most secure things you can do for online accounts is regularly change your passwords. Most major companies force their users and employees to do this, sometimes as often as once a month. For regular folks like you and me, though, it’s a pain, there’s no doubt. How do you do it, how do you remember which sites to do it with, how do you decide how often, and how do you remember what you changed it to? You don’t want to save some text document on your desktop with all your usernames and passwords on it, obviously – that’s what Neville Longbottom did and he wound up letting Sirius Black into Gryffindor tower! We sure don’t want that! What you can do, though, is just make a list of what sites you want to use rotating passwords on, and the date you want to change them. You only need to change them by one or two characters to be effective, and though I don’t recommend using a 1,2,3 at the end of the password (that’s pretty obvious) you can use the associated special characters related to that instead, like !,@,#…
Easy for you to remember, very hard for the bad guys to figure out.
One last note on account security, and this one should be obvious, but I’m going to say it anyway. The strongest most unguessable password on the planet is not going to protect you if you tell it to other people! If someone needs your password… no, let me rephrase that. NOBODY NEEDS YOUR PASSWORD EXCEPT YOU! Not your friend from school who just wants to log in to see your house or your new armor, not some guy you met in-game who promised to give you that awesome sword or finish a hard quest for you. And the same goes for writing it down – ideally you don’t want to do this, but if you do feel the need to jot your username and password down in some notebook or on a sticky note somewhere so you don’t forget it, make sure that notebook or sticky note is kept in a secure place and is not rattling around the bottom of your backpack with half a pack of gum and those broken headphones you keep forgetting to throw away. If you’ve already shared your password with people, it’s OK, just go change it now and don’t do that again!
That’s the basics on account and information safety, but there’s a lot more to talk about in part two of this series, so please come back next week for even more! Until then have fun and play safe!