2016 was a year a lot of people would like to forget but one thing we shouldn’t forget is how many security breaches have occurred recently. That is why one of your New Year’s Resolutions should be all about your gaming account security.
The following article will guide you through setting up better security for your accounts and can be applied to a number of non-gaming related services as well. It should also be noted that no security steps are a silver bullet to account breaches but it can make things a lot harder if someone does try to get into your accounts.
Have your details already been taken?
First thing is first, it is worth checking whether any of your accounts have already been compromised. A couple of sites exist which allow you to enter your email address and then they’ll check from known breaches if it matches with any details that have been previously taken. If you get any results back, those are the accounts you should focus on securing first along with any accounts that used the same credentials on other services.
There are other sites that can do similar searches but the two above are the most popular and are free to use.
One of the biggest problems with a data breach is that a lot of people use the same passwords for each service because it is easier to remember. That does mean that when one service is breached, the people that get hold of the data can run your credentials against other services in the hope of a match.
Account details are automated against other services in the search for matches. If they get a successful login using the same details, the ones responsible can then sell on a verified batch of credentials to those who would use the information. Occasionally this will be reported as another data breach but is instead poor account security practices by the account owners.
Using a password that is easy to remember but is difficult for someone to guess is one of the hardest things you’ll do in modern day life. Passwords should ideally be over twelve characters long and be unique per service.
That is a lot of passwords to have to remember. There are a few methods you could use when creating your passwords
- Have a phrase rather than a traditional password. This generally makes them easy for you to remember but more difficult for someone trying to guess. Things like MyFavoriteGameIs*InsertGameName* can be unique to you, give you a long password you can remember and isn’t a word someone can brute force with a dictionary attack.
- Create your own password algorithm. This simple method allows you to create unique passwords per service. Simply pick a word/phrase you can remember then append some numbers to the end. The numbers could be derived from the service you are using. Remember when phones had numbers with three letters under each one for SMS texts? Well, how about a number that represents the service using those.
- Password Managers. Services like LastPass, Dashlane, LogMeOnce and Sticky Password will not only remember your passwords and encrypt them, they will also generate them for you too based on your criteria. Password length and complexity can all be set for password generation.
Two-Factor Authentication (2FA), 2-Step Verification or Multi-Factor Authentication (MFA)
No matter what you call it, it is always worth enabling on accounts where you can have it. Gaming services including PlayStation Network, Xbox Live, Steam, Origin, Blizzard and Good Old Games all offer the option. Other services like Google, Amazon, Apple, Facebook, Twitter, Outlook/Hotmail and much more also provide the option.
This method of securing your account means that when you log into a service, you are required to do a second verification step. Usually, this means entering a six-digit code from an app on your mobile device or that the service sends to you an email or text message with a unique code to confirm your identity.
Sony has opted to send your unique code via text message to your mobile device. To enable 2-Step Verification on your PlayStation Network account, follow the steps outlined on PlayStation.com
Microsoft enables two-factor authentication on the account level. This means that if you enable it for Xbox Live, you also enable it for Outlook/Live/Hotmail and other Microsoft services where you use your Outlook/Live/Hotmail account.
Microsoft uses the authenticator app method which we personally find a better experience as it doesn’t require your mobile device to have network coverage to access your accounts.
As Microsoft Accounts cover more than Xbox Live, you can find how to enable or disable two-factor authentication on the Microsoft Website. Enabling two-factor authentication on your account will mean you need to log into your Xbox again using the new security settings.
Steam uses its own app called Steam Guard which is available on Android, iOS and Windows Phone devices. Similar to Microsoft, this method uses an app on your phone to generate a unique identifier you can then use to confirm your identity.
For details on how to enable two-factor authentication on your Steam account, check out the Steam Help Page.
Origin / Electronic Arts
Electronic Arts have a similar system to Microsoft for its account system, so much so that authenticator apps you can get for your phone will work to provide codes for most services without a separate app for each.
EA has a help page to guide you through setting up the process of enabling two-factor authentication on your account.
Similar to Valve, Blizzard has opted for its own application or hardware fob called the Battle.net Authenticator which will generate a code for you to enter when logging into your account.
For details on enabling two-factor authentication on your Battle.net account, head over to the Battle.net Support Page.
Good Old Games
GoG.com recently added two-factor authentication to their website and made it a requirement unless you specifically disabled it. That means that if you haven’t logged into GoG.com in the last few months, you’ll be taken through the process the next time you log in.
For information on setting up two-step login on your Good Old Games account, check out the GoG.com security guidelines.
For the most part, you will only need one app for most of your two-factor authentication needs beyond those services that require their own app. Here are a few Authenticator Apps, the most useful and important apps to get if you start enabling two-factor authentication is the Google/Microsoft Authenticator apps as they can be used on many services outside of gaming as well.
- Google Authenticator – Available for Android and iOS devices
- Microsoft Authenticator – Available for Windows Phone (works in the same locations as Google Authenticator)
- LastPass Authenticator – Available for Android, iOS and Windows Phone devices
- Battle.net Authenticator – Available for Android, iOS and Windows Phone devices
- Steam Guard – Available for Android, iOS and Windows Phone devices
One important note is that all of the links above are from the help pages listed for each service. When picking an authenticator app, ensure it is from a reliable source. Some authenticator apps may appear and seem to be a better option thanks to reviews, but when it comes to account security, it is generally better to go with the names you trust when picking your apps.
An important thing to remember with Authenticator Apps is that when you change phone, the Authenticator Apps don’t get included in any phone backups. That means when you transfer apps to your new device, the settings for Authenticator Apps don’t go with them. That is another part of the security of these applications but is also one of the most annoying things.
So when you get a new device, you will need to go through all the services you use the apps for and disable two-factor authentication. Then, when all of them are disabled, move to your new device and set up the two-factor authentication on your new device.
Those are just some tips and methods of making sure your gaming account security is as good as it can be. While it won’t stop the account breaches we see about in the news, it will help protect your accounts from your side.