Basic account security

Postitage siia RS teemalisi õpetusi ja soovitusi.
Vasta
Tim
Liider
Liider
Annetaja
Postitusi: 1161
Liitunud: 17 Jaan 2016, 19:35
RSN: 0fflimit

Basic account security

Postitus Postitas Tim »

It's come to my attention that there's still a vast amount of people that have, at the very best, lackluster account security. I'll assign it to ignorance because the risks of not securing yourself properly will, in a good outcome, mean you lose your account and items on it. In a bad outcome...Runescape will not be your primary concern.

The reason why I'm describing this in such a grave way is simply because: you won't care because you think it won't happen to you. Or that you're safe. I'm here to reiterate what people with infinitely more knowledge about this subject have said many times: you're wrong.

The following will list basic, and quite honestly, the minimum of mandatory steps you should follow to guarantee some form of internet security. This will take you maybe an hour to set up, which is complete peanuts if you compare it to how long you've been working on your account, the money you have on your account, and everything else you do online. So don't be lazy.

Emails

Every email you create should adhere to the following steps:

It should not include any of your personal details. You will always have a personal email, probably in the form of FirstName.LastName@gmail.com as an example. Don't use this on anything related to Runescape, gaming communities, and preferably websites in general. Registering on a website means you are vulnerable to have this information leaked. Companies with security budgets exceeding millions have had database dumps in such pathetic primitive forms you're putting your personal information out there for anyone to see, and potentially worse, for anyone to access. A simple tool to check whether a database breach has occured is by checking it through a website like this: https://haveibeenpwned.com/ - Please note: not being listed on this website does not mean you are safe. People get information from smaller databases all the time.

So make an email like this: BassHunter2412@gmail.com.

The first thing you need, and this is what you'll need for everything, is your mobile phone. Enable 2-step verification. Do this for every email address you own. Yes, also that account you used in 2012, 2008, primary school, from the womb: every account.

Second: enable an authenticator. Use a mobile authenticator - (there are multiple authenticators, but Google Authenticator is always good, Microsoft Authenticator is a solid alternative). The simple reason for this is that, for whatever reason, your computer gets comprised, they can't use the access to that authenticator to get into your accounts. As long as you don't lose your phone this should eliminate any problems with your authenticator.

Almost every website/game/tool you use that has Authenticator features that allow you to save these codes for 30 days, if not longer. Having to insert a code every month to practically guarantee your accounts being secure is a minimal effort. Do it.

Third: Make sure you do not have any recovery emails attached to any of your email accounts. The reason why this is bad is because it's a chain reaction: they get into one, they can get into more. If you still have a recovery email attached, remove it from your account asap.

Fourth: As an extra option both Hotmail/Outlook and Gmail have security code options. These are simple codes, often given in sets of 10, like 1918X1923X that you could use in case you forgot your password&phone. Print these, or better, write them down. Saving any account information could also leave you vulnerable in times of a keylogger/RAT incident.

Fifth: As a decent safety practice, check your account activity. Both Hotmail/Outlook and Gmail have this option. You can see from which devices, location & IP Address someone has been trying to access your account. You can usually see how far they've gotten: whether they failed on the password stage or whether they got to the authentication stage. In this case, change your password ASAP.

Passwords

Using passwords is common sense. Having a bad password is risky, as you're vulnerable to brute forcing. Having a leaked password is infinitely worse.

For people that have been using the internet for at least 5 years I can guarantee you have passwords leaked. I have passwords leaked, you have passwords leaked. People with hacking experience have passwords leaked. Passwords leaks happen and they are completely out of your control.

What is in your control is the amount of damage such a leak can do. If you use the same password everywhere, they will be able to access your accounts (or at least, assuming you have already enabled the authentication described above (which you really should)), and you're into trouble.

1. Don't use easily bruteforced passwords. I'd always recommend a password of at least 10 characters, featuring symbols, capital letters, numbers and regular letters.

2. Don't use passwords that have any personal meaning to you. Think simple things like location, date of birth, names...you name it. Just pick something generic. Cucumb3RTree@! is not going to get guessed, and with current technology (assuming proper encryption, generally SHA256) it's going to take a while to get bruteforced, which most "hackers" that you encounter don't have the means for.

3. Don't. Re-use. Passwords. Every password you have needs to be unique. Have a pattern in your passwords, re-use specific things, all that is fine. But make sure that all of your passwords can't be deduced from two leaked passwords. Let's say your password inspiration comes from LotR, $$Whit3Wizard$$, 3y3ofs4Uron+, Allanl00kslikeG0ll3m` - these passwords are all reasonably safe.

4. If for whatever reason you share a password, such as in the case of sharing a Runescape account, that password is meaningless. It's irrelevant how much you trust a person - your password is known, it's ass. Change your password in every situation where you are not the only person that knows about it.

Runescape

Now this will apply to most of you, as keeping your Runescape accounts secure is your primary motivation. I've seen it too many times now: people with good accounts getting hacked for defence or their cash because they were careless. If you adhere to the principles above, you are relatively safe, but you are not secure.

Your login-email: Make sure the email you login with is secure as explained in the steps above.

Your recovery email: This is anecdotal, but an extra layer in your security could be having a separate recovery email for your Runescape account. If your login is 1337pureking@gmail.com, make your recovery email foewarrior69@gmail.com. Make sure this account is equally secure.

Your password should adhere to the steps listed above. Make sure it's relatively random, make sure you haven't used it anywhere else, and make sure no one knows about it. If you share it, change it.

Now, as you did with your emails, you need to setup the authenticator on your RS account. Go to the Runescape website, go to account, Authenticator, and enable it following the steps.

At this point getting into your account will be difficult, but not impossible. To account for this happening, enable a bank pin. Jagex has recently implemented a feature that allows you to "save" your bankpin for a short amount of time, which will prevent you from needing to insert it again after a world hop during a trip, for example. Make sure your pin, as everything else, is generic. Not your birth-date. Not your favorite X, Y, Z. Pick something that has no meaning to you. If it doesn't have a meaning to you, it's a 1/9999 chance for them to get it right.

We're almost done. Runescape has security questions that you can enable. I've received mixed signals about this. Either you don't enable them, and if you do, make sure nothing is actually a personal answer. People can and WILL find out about them. Your place of birth is hilariously easy to discover. If you decide to enable them and fill them in, pick random places, random answers. As listed with passwords & security codes, if you need to remember them, it's safer to put them on a piece of paper.

Lastly, your account age from Hans is a security vulnerability. It could be valuable to know yourself, for the sake of recovery, so write it down on a piece of paper. Don't screenshot it. Don't share it. Jagex has confirmed (in)voluntarily they do consider this information.

Basic internet safety

If you've followed these steps you are probably fine. Probably. No one and nothing is ever a 100% secure.

Database leaks are inevitable. Trying to fight against the information that has already been leaked is a pointless effort. Rather, make sure the information leaked does not make you vulnerable in any way.

Spreading both real life and online information. Facebook, Twitter, anything that connects your personal data to the internet is a liability, a security threat. I know people use this and it's inevitable, but be smart. As you wouldn't drape a flag over your house as you leave for vacation with "NOT AT HOME. BURGLARS FEEL FREE TO ENTER AND STEAL OUR SHIT", you shouldn't go around leaking just about everything that can compromise you. If you connect your gaming profiles to your real life accounts, that's a goldmine of information people can and will abuse.

The reason why this is important is, especially for services like Runescape, they don't always need a password or even an e-mail. People, and with that companies, are able to be socially engineered. A call or an email to a customer service representative can be a gamechanger. Runescape accounts have been discovered simply by using similar IP addresses, locations, old real life information, a leaked password and a potential recovery question. There's a sea of information out there, about most of us, and sometimes they only need a fraction to get into your accounts.

Be cautious with downloading anything. Exercise basic logic and safety - use a Firewall, a Virus-Scanner and a basic Malware tool. Microsoft Firewall/Microsoft Security Essentials (I believe it's incorporated in Windows 10 nowadays) and something like Malwarebytes Anti-Malware are simple examples of these programs.

If you do somehow get ratted/trojaned, don't save any of the information listed above on your computer. A piece of paper can't be hacked. This might sound tedious to you. My take is that rebuilding your account, or worse, makes laziness a deadly sin. Don't be stupid.

This is all very basic, and there's tons more out there to do or consider. If you want to prevent loads of unnecessary hassle consider using throwaway emails for accounts you only need once and use a VPN to protect both your internet data and your IP address. Enable authenticators for Twitter, Facebook, Steam, Battle.net and so on as well.

Please consider all of this and keep yourself secure.



NB! Kõik kes kasutavad mingit online.ee maili või midagi muud, tehke endale gmail.
Pilt
Pilt
Pilt
Pilt
gert
Postitusi: 1118
Liitunud: 23 Jaan 2016, 19:09
RSN: disco ball

Postitus Postitas gert »

Nice copy paste kid
Awards: Pilt Pilt Pilt Pilt
Tim
Liider
Liider
Annetaja
Postitusi: 1161
Liitunud: 17 Jaan 2016, 19:35
RSN: 0fflimit

Postitus Postitas Tim »

stfu kid
Pilt
Pilt
Pilt
Pilt
Initiate
Postitusi: 1863
Liitunud: 17 Jaan 2016, 19:08
RSN: Toomas

Postitus Postitas Initiate »

Kui te teete runescape kasutaja jaoks täiesti uue gmaili ning panete selle emaili peale google authenticatori, siis on teie acc safe. Auth on nii rs kasutaja kui ka gmaili peal. Siis saab su acci ainult siis kätte, kui keegi pätsab sult telefoni.
Pilt
EST Vihane
Kasutaja
Postitusi: 68
Liitunud: 22 Mär 2016, 21:35
RSN: EST Vihane

Postitus Postitas EST Vihane »

Eesti keeles pls
Pilt
Kasutaja avatar
Henrik
Kasutaja
Annetaja
Postitusi: 787
Liitunud: 14 Jaan 2016, 18:33
RSN: BMW 525TDS

Postitus Postitas Henrik »

>2017
>rahvas kasutab ikka veel hot.ee/online.ee
Pilt
Kasutaja avatar
Legend FuNny
Postitusi: 1404
Liitunud: 22 Veebr 2016, 22:53
RSN: Legend FuNny

Postitus Postitas Legend FuNny »

Ma sain ka tänu Hotile scammi ... Nüüd @gmail :)
Soovitan kindlast enne vahetada enne kui hilja. Ma kaotasin mingi 100M
. Don't let your dreams just be dreams 8-)
Pilt Pilt Pilt
Pilt
kKzepO
Kasutaja
Annetaja
Postitusi: 455
Liitunud: 19 Jaan 2016, 20:49
RSN: AC4

Postitus Postitas kKzepO »

gert kirjutas: 12 Apr 2017, 11:53Nice copy paste kid
Pilt
Pilt
Pilt
Narko Ment
Kasutaja
Annetaja
Postitusi: 192
Liitunud: 01 Mär 2016, 18:13
RSN: Narko Ment

Postitus Postitas Narko Ment »

Kuidas gmailile authi panna, ma ei leidnud.
Pilt
Vasta

Kes on foorumil

Kasutajad foorumit lugemas: Registreeritud kasutajaid pole ja 4 külalist