How To Be Safe
These days, it seems like everybody's getting hacked- Bitfinex, Mt. Gox, you name it! But what about your CryptoGames account? It's definitely a possibility, so we've created this article to help you secure your account- and help you do it right!
Password
It seems like everybody takes password strength lightly these days- we're all focused on 2FA and the newest security protocols when the lowest-level security measures can be what stops a hack. When setting a password, we recommend you make the password at least 13 characters long, with at least 1 uppercase letter, 1 number, and a special symbol. Why? Given current technology, even a 11-characters password will take at least 3 years to hack, and 12-characters is almost impossible to hack for that matter. Technology does change, but for now, we recommend that you follow our guidance. Try memorizing your password as well; those 'remember password' checkboxes use cookies to store passwords. Therefore, when you clear your browser cache, your browser will 'forget' the password. You definitely don't want that happening! Never share your password with anyone, not even support. If you receive an email from someone claiming to be a CryptoGames staff/support and asking for your password, do not respond. We will never ask you to reveal your password.
2FA
2FA has been a very good technological advance in terms of protection- unfortunately, you'll need a phone to do this, but it's a very good way to secure your account. The most common way of utilizing this method of security is to simply turn it on! 2FA will send a text to your phone asking for confirmation that you want to use this as your 2FA device. Once you enter a code to confirm it, you'll be all set! Each time you login, you'll need to use a code sent to your phone- this can be a hassle, but assuming you've already logged into your account on one device, you won't need to use 2FA for a while. While not the most secure way of protecting your account in the world, 2FA ensures that both devices (computer and phone) are needed to log into an account, thereby increasing security. 2FA can also be hacked- yes, it is possible because no security method is unbreakable That's why we recommend putting up multiple layers of security, so that if one layer fails, there's redundant layers to stop it. An example of a potential threat can be found on Androids where some screensavers CAN view your phone's screen and potentially hack your 2FA or PIN. More ways 2FA can be hacked are:
- Someone could gain access to your 2FA device or OTP list (lost or stolen phone, device, or OTP lists).
- A malicious application (like a trojan horse) that you install on your device steals your 2FA data.
- Real-Time Phishing (the phisher asks for your OTP, then uses it immediately).
- Insecure set up (for example, using Google Voice with your SMS based 2FA).
- Man in the middle attacks (hackers insert themselves between your web browser and the web site, and steal your 2FA credentials as they are transferred).
- Phishers pretending to be technical support tricking you into disabling your 2FA.
- Phishers pretending to be you trick your technical or customer service support into disabling your 2FA.
- Getting access to your 2FA via hacking some other related site (for example, breaching your cell phone provider's web site).
Using Unique Passwords For Each Site
This is another big one- while you may be tempted to use only one password for all sites, this is a very, very bad idea. If one site happens to be fake or gets hacked, your data could be potentially leaked, and you could lose access to all of your accounts. This is one of the easiest things to fix by simply writing down the passwords for each site that you may not be able to remember. Physical storage has been and will always be one of the most secure ways to store data as it can't, for the most part, do anything bad. Although some programs offer to 'automatically enter' passwords for each site and save them, this is actually a bad idea; if that software gets hacked, all of your passwords will be openly available.
Public and Unsecure Computers/Networks
This is another very obvious risk that can be remedied. When using public computers, make sure that you DO NOT click remember password; in fact, just try to stay away from public computers at all times if you plan on accessing a site that requires a password. Your password could be logged very easily as you don't know what's on the computer. With public networks, somebody can easily view all connections and data being transferred on the network with the click of a button; the risk is very real. We recommend using your default firewalls and VPNs whenever possible on those connections. These are easy mitigations where, for the most part, you probably won't be hacked this way.
Conclusion
Since it is very easy to be hacked anywhere, these tips don't just apply on CryptoGames. These tips can be used on any computer or device. Being hacked is a real risk, and we hope we've helped you out with these simple and easy tips. Please contact as at support@crypto.games if you have any questions about the security of your CryptoGames account.