- Postitusi: 1019
- Liitunud: 17 Jaan 2016, 19:35
- RSN: Tj mz
The reason why I'm describing this in such a grave way is simply because: you won't care because you think it won't happen to you. Or that you're safe. I'm here to reiterate what people with infinitely more knowledge about this subject have said many times: you're wrong.
The following will list basic, and quite honestly, the minimum of mandatory steps you should follow to guarantee some form of internet security. This will take you maybe an hour to set up, which is complete peanuts if you compare it to how long you've been working on your account, the money you have on your account, and everything else you do online. So don't be lazy.
Every email you create should adhere to the following steps:
It should not include any of your personal details. You will always have a personal email, probably in the form of FirstName.LastName@gmail.com as an example. Don't use this on anything related to Runescape, gaming communities, and preferably websites in general. Registering on a website means you are vulnerable to have this information leaked. Companies with security budgets exceeding millions have had database dumps in such pathetic primitive forms you're putting your personal information out there for anyone to see, and potentially worse, for anyone to access. A simple tool to check whether a database breach has occured is by checking it through a website like this: https://haveibeenpwned.com/ - Please note: not being listed on this website does not mean you are safe. People get information from smaller databases all the time.
So make an email like this: BassHunter2412@gmail.com.
The first thing you need, and this is what you'll need for everything, is your mobile phone. Enable 2-step verification. Do this for every email address you own. Yes, also that account you used in 2012, 2008, primary school, from the womb: every account.
Second: enable an authenticator. Use a mobile authenticator - (there are multiple authenticators, but Google Authenticator is always good, Microsoft Authenticator is a solid alternative). The simple reason for this is that, for whatever reason, your computer gets comprised, they can't use the access to that authenticator to get into your accounts. As long as you don't lose your phone this should eliminate any problems with your authenticator.
Almost every website/game/tool you use that has Authenticator features that allow you to save these codes for 30 days, if not longer. Having to insert a code every month to practically guarantee your accounts being secure is a minimal effort. Do it.
Third: Make sure you do not have any recovery emails attached to any of your email accounts. The reason why this is bad is because it's a chain reaction: they get into one, they can get into more. If you still have a recovery email attached, remove it from your account asap.
Fourth: As an extra option both Hotmail/Outlook and Gmail have security code options. These are simple codes, often given in sets of 10, like 1918X1923X that you could use in case you forgot your password&phone. Print these, or better, write them down. Saving any account information could also leave you vulnerable in times of a keylogger/RAT incident.
Fifth: As a decent safety practice, check your account activity. Both Hotmail/Outlook and Gmail have this option. You can see from which devices, location & IP Address someone has been trying to access your account. You can usually see how far they've gotten: whether they failed on the password stage or whether they got to the authentication stage. In this case, change your password ASAP.
Using passwords is common sense. Having a bad password is risky, as you're vulnerable to brute forcing. Having a leaked password is infinitely worse.
For people that have been using the internet for at least 5 years I can guarantee you have passwords leaked. I have passwords leaked, you have passwords leaked. People with hacking experience have passwords leaked. Passwords leaks happen and they are completely out of your control.
What is in your control is the amount of damage such a leak can do. If you use the same password everywhere, they will be able to access your accounts (or at least, assuming you have already enabled the authentication described above (which you really should)), and you're into trouble.
1. Don't use easily bruteforced passwords. I'd always recommend a password of at least 10 characters, featuring symbols, capital letters, numbers and regular letters.
2. Don't use passwords that have any personal meaning to you. Think simple things like location, date of birth, names...you name it. Just pick something generic. Cucumb3RTree@! is not going to get guessed, and with current technology (assuming proper encryption, generally SHA256) it's going to take a while to get bruteforced, which most "hackers" that you encounter don't have the means for.
3. Don't. Re-use. Passwords. Every password you have needs to be unique. Have a pattern in your passwords, re-use specific things, all that is fine. But make sure that all of your passwords can't be deduced from two leaked passwords. Let's say your password inspiration comes from LotR, $$Whit3Wizard$$, 3y3ofs4Uron+, Allanl00kslikeG0ll3m` - these passwords are all reasonably safe.
4. If for whatever reason you share a password, such as in the case of sharing a Runescape account, that password is meaningless. It's irrelevant how much you trust a person - your password is known, it's ass. Change your password in every situation where you are not the only person that knows about it.
Now this will apply to most of you, as keeping your Runescape accounts secure is your primary motivation. I've seen it too many times now: people with good accounts getting hacked for defence or their cash because they were careless. If you adhere to the principles above, you are relatively safe, but you are not secure.
Your login-email: Make sure the email you login with is secure as explained in the steps above.
Your recovery email: This is anecdotal, but an extra layer in your security could be having a separate recovery email for your Runescape account. If your login is email@example.com, make your recovery email firstname.lastname@example.org. Make sure this account is equally secure.
Your password should adhere to the steps listed above. Make sure it's relatively random, make sure you haven't used it anywhere else, and make sure no one knows about it. If you share it, change it.
Now, as you did with your emails, you need to setup the authenticator on your RS account. Go to the Runescape website, go to account, Authenticator, and enable it following the steps.
At this point getting into your account will be difficult, but not impossible. To account for this happening, enable a bank pin. Jagex has recently implemented a feature that allows you to "save" your bankpin for a short amount of time, which will prevent you from needing to insert it again after a world hop during a trip, for example. Make sure your pin, as everything else, is generic. Not your birth-date. Not your favorite X, Y, Z. Pick something that has no meaning to you. If it doesn't have a meaning to you, it's a 1/9999 chance for them to get it right.
We're almost done. Runescape has security questions that you can enable. I've received mixed signals about this. Either you don't enable them, and if you do, make sure nothing is actually a personal answer. People can and WILL find out about them. Your place of birth is hilariously easy to discover. If you decide to enable them and fill them in, pick random places, random answers. As listed with passwords & security codes, if you need to remember them, it's safer to put them on a piece of paper.
Lastly, your account age from Hans is a security vulnerability. It could be valuable to know yourself, for the sake of recovery, so write it down on a piece of paper. Don't screenshot it. Don't share it. Jagex has confirmed (in)voluntarily they do consider this information.
Basic internet safety
If you've followed these steps you are probably fine. Probably. No one and nothing is ever a 100% secure.
Database leaks are inevitable. Trying to fight against the information that has already been leaked is a pointless effort. Rather, make sure the information leaked does not make you vulnerable in any way.
Spreading both real life and online information. Facebook, Twitter, anything that connects your personal data to the internet is a liability, a security threat. I know people use this and it's inevitable, but be smart. As you wouldn't drape a flag over your house as you leave for vacation with "NOT AT HOME. BURGLARS FEEL FREE TO ENTER AND STEAL OUR SHIT", you shouldn't go around leaking just about everything that can compromise you. If you connect your gaming profiles to your real life accounts, that's a goldmine of information people can and will abuse.
The reason why this is important is, especially for services like Runescape, they don't always need a password or even an e-mail. People, and with that companies, are able to be socially engineered. A call or an email to a customer service representative can be a gamechanger. Runescape accounts have been discovered simply by using similar IP addresses, locations, old real life information, a leaked password and a potential recovery question. There's a sea of information out there, about most of us, and sometimes they only need a fraction to get into your accounts.
Be cautious with downloading anything. Exercise basic logic and safety - use a Firewall, a Virus-Scanner and a basic Malware tool. Microsoft Firewall/Microsoft Security Essentials (I believe it's incorporated in Windows 10 nowadays) and something like Malwarebytes Anti-Malware are simple examples of these programs.
If you do somehow get ratted/trojaned, don't save any of the information listed above on your computer. A piece of paper can't be hacked. This might sound tedious to you. My take is that rebuilding your account, or worse, makes laziness a deadly sin. Don't be stupid.
This is all very basic, and there's tons more out there to do or consider. If you want to prevent loads of unnecessary hassle consider using throwaway emails for accounts you only need once and use a VPN to protect both your internet data and your IP address. Enable authenticators for Twitter, Facebook, Steam, Battle.net and so on as well.
Please consider all of this and keep yourself secure.
NB! Kõik kes kasutavad mingit online.ee maili või midagi muud, tehke endale gmail.
- Postitusi: 1833
- Liitunud: 17 Jaan 2016, 19:08
- RSN: Loogiruhm
Viimased 50 liiget kes külastasid seda teemat
EXTEEND, Mathias, Wr 2, nuggitsamees, Initiate, 12B, j6hkard, Henrik, Don Dude, gert, Karli, Narko Ment, Tim^, Chicago Inc, Dubwix, K2C, Amen Jesus, esthunta, aw panic lol, kKzepO, QuitGame, The herblore, Karl, Madis, Elka, Nestea, Typhome, tugevmees, Legend FuNny, Deadly^, t u b s z, Cpz, Seven, freakz, swaferftgotl, Tolm, Kert, EST Vihane, DEIZ, Alistamatu, ST Ants
Kasutajad foorumit lugemas: Registreeritud kasutajaid pole ja 1 külaline