If you play video games, you are an ideal target to get wrecked by hackers.
Sure, you’re tech savvy—you know what a hard drive is and have seen an HDMI cable or two in your day. Still, there are some unassailable, totally exploitable truths about gamers: They are very online. They log in to a lot of stuff. They have some money. They want to be better than other gamers. And they like to use the password “Dragon.”
This post originally appeared 5/1/18.
In 2018, hackers broke into thousands of Fortnite players’ accounts and siphoned hundreds of dollars at a time. How? Those players had used their username and password combinations somewhere else on the world wide web. And somehow, they got leaked. Now, they’re begging for big refunds and scurrying to protect themselves from further financial harm. It was a preventable disaster. And we’re here to teach you how to prevent it.
Here some some tips on how to stay safe while gaming.
What matters when it comes to security?
Everything matters. That sucks to hear, I know. Security is like a balloon. If there’s even one hole, it’s not a balloon anymore. When it comes to your gaming apps, if you have unique passwords on your Blizzard and Epic Games accounts, but not on your five favorite gaming forums’ accounts—and if you use those same passwords on PayPal, e-mail or Facebook—then you’re vulnerable to hacking.
Password leaks happen all the time on all sorts of sites. Hackers can input your niche Everquest forum password into, say, your banking site if you use the same password for both. And then you get screwed. It’s that simple.
Think about everything you have an account for. Your PlayStation Network account, your Microsoft account, your Battle.Net account, your Steam account, your Reddit account… when you add it up, that’s a lot of stuff! And each of these accounts contains at least a little personal information, whether it’s your first and last name or your credit card number.
It can seem really intimidating to stay vigilant about so many accounts, but with good habits in place, keeping everything in check can become second nature.
Where do I start?
Start with your passwords. We all know “Password123” is easy to guess. But so is “Dragon.” “StarWars,” “monkey” and “football” are extremely common for the same reason—turns out a lot of people like popular stuff. It’s also likely that your unique, fun password you’ve kept since the fourth grade—“Pikachu,” maybe—is just as easy to figure out.
You need to have crazy passwords for everything. According to our sister site Lifehacker, passwords that are long and include numbers, capital letters and symbols are great. Don’t use common phrases or words. BiRdSaNdBeEs_123 isn’t as great a password as bVWx633HVN7Z.a!=.
Changing your passwords is totally tedious, but on the back end of a security breach, extremely worth it. Spend a few days recording which websites and apps you use regularly. Likely, it includes some combination of Facebook, Gmail, Twitter, Reddit, YouTube, Discord and Amazon. For gamers, that list might include Battle.net, Steam or Xbox Live. Write all of it down. Then…..
Download a password manager
You simply cannot remember 20 very strong passwords. If you can, your passwords probably aren’t strong. You need a password manager. And a lot of password managers can even help you come up with secure passwords.
Since browser-based password managers like the one in Opera have been hacked before, I recommend downloading a password manager onto your phone. I use LastPass. Other people like 1Password. That way, you’ll only have to remember the password to your password manager (or you can just use your fingerprint).
Enable two-factor authentication
Two-factor authentication is a fancy way of saying, “the app asks you to verify yourself.” All it means is that, when you log in to something, you’ll receive a text message or an e-mail with an additional code. You can also get a special app that generates this code on your phone. No one will be able to log into your account unless they enter that code into the client.
Opting in to two-factor authentication can mean the difference between someone else logging into your MMORPG account and stealing all your hard-earned gold and, well, that not happening. Getting a two-factor authentication code when you’re not trying to log into something is also a great way to know someone’s trying to hack you!
Lots of gaming apps let you enable two-factor authentication. Here’s a list from TwoFactorAuth.org plus links to instructions on how to enable it:
- Elder Scrolls Online
- Electronic Arts (Origin)
- Epic Games
- EVE Online
- Garena Online
- Guild Wars 2
- Humble Bundle
- Nintendo Account
- PlayStation Network
- Roberts Space Industries
- Rockstar Games Social Club
- Square Enix
- Star Wars: The Old Republic
- Xbox Live/Microsoft
If you just scrolled through this and wondered, “Where’s League of Legends?” or some other service not listed, then I have some advice for you: E-mail them! Make sure they know you want this security feature. Basic two-factor is something worth demanding.
Here’s a fun fact: Random Call of Duty players you add as friends on your PlayStation might be able to see your first and last name! Maybe that’s cool with you. Maybe it’s not. Either way, you should know whether you’re leaking personal information you don’t want leaked.
Your PlayStation, Xbox, Steam account, etc. all have privacy settings. The Switch has very limited customization options here, but that’s because Nintendo’s online service doesn’t show friends your real name, anyway. You should familiarize yourself with the privacy and security settings for all your gaming accounts and modulate them to your liking. The PlayStation Network’s settings, for example, ask whether you’d like people on your friends list to see your real name. Microsoft blocks Xbox users’ real names by default, although there was once a bug that temporarily revealed people’s names. Now on Steam, you can even hide how few hours you’ve actually played of PlayerUnknown’s Battlegrounds.
Wow, free Fortnite V-Bucks! Booyah! All I need to do is enter my social security number into the website f0rtn1te.net!
Nothing cool is free in online gaming. Even if all your passwords are perfect and you have two-factor enabled on everything, that won’t stop you from falling for hackers’ tricks.
Any sites or people offering free video game skins, currency, etc. are shady, and especially if a stranger messages links to you through an online game. If you receive an e-mail from a strange address telling you that your Elder Scrolls Online account has been compromised, and that you need to give them your username and password, type that address into Google to make sure it’s legit.
Sometimes, hackers will copy the look and feel of sites you frequent to make their scam see legitimate. If a website starts with http:// and not https://, that can be a red flag. If the website is http://www.ep1cgames.com, and not https://www.epicgames.com, that’s a big red flag.If the website is asking you to download something before proceeding, and that something is not Adobe Flash Player, Google what it is before just automatically downloading it. Most computers these days come with decent antivirus software that will let you know whether you’re downloading insidious malware, but it doesn’t hurt to double up. Here are some good options.
Don’t put your personal information out there
A decade ago, your parents probably warned you about the “strangers” and “dangerous people” haunting AOL chatrooms. Maybe they said that telling MMO buddies your first name could mean inviting some 50-year-old mouthbreather to stand outside your window all night. We’ve been on the internet long enough to know that, for the most part, people who play games online are not going to stalk you because you told them what city you live in. That said, it’s hard to vet how safe online friends are. And it’s easy to leverage even the tiniest bits of personal information against someone.
Somtetimes, even just knowing your mom’s maiden name can be the key to your goods. Other times, someone can impersonate you to your cell phone provider’s customer service rep using your birthday and the last four digits of your social security number. It might not even take that much. People voluntarily overshare on Twitter and Facebook all the time.
If you are playing video games online—or streaming yourself playing video games—here’s a handy list of topics to avoid to protect yourself from potential harm:
- Your full name
- The full names of the people closest to you
- Your exact birthday
- Your address or a picture of your home
- Your phone number
- Your social security number
- Any banking information
- Where embarrassing photos of you live
- Physical places you frequent (i.e. schools, restaurants, stores)
Any combination of this information can spell out exactly who you are, where you live and how to find you. You will need to rely on your own judgment when it comes to trusting strangers. Suffice to say, there isn’t any reason to give out any of the above information to anyone you’re gaming with. (Bonus: You can get a gaming-specific VPN—or, a private network that masks where you are—to really protect yourself from getting tracked.)
Don’t do anything stupid, stupid
One time in 2008, I tried to pirate a copy of Spore and got a virus that bricked my computer instead. Did I deserve to have my $600 laptop destroyed? Probably not. But did I have it coming? Definitely.
Listen, if you’re trolling darkweb marketplaces for high-ranked League of Legends accounts, you’re inherently putting your security at risk. Games’ Terms of Service exist to protect developers, yes, but also, to protect gamers. If you’re doing something that flagrantly breaks a game’s Terms of Service, like purchasing in-game currency or installing cheat software, you could be giving an opening to hackers.
The sad, solemn truth is that it is impossible to account for everything. It really is. Good hacks happen to good, vigilant people. However, with these tips, you can exercise a little more control over the chaos that is the internet.