BKB Barym
If you are not a member of BKB or her allies dont bother registering. You wont be accepted.

Account Safety and Security Guide

Go down

Account Safety and Security Guide Empty Account Safety and Security Guide

Post by Guest on Wed Jan 13, 2010 5:34 pm

Account Safety and Security Guide
Seems to be a common problem these days. Here's what I've compiled so far. PM me anything that should be added.

The most important way to keep your account safe is to not have an easily guessed password. You’d think we wouldn’t have to say this, but we do. 99% of people who say “OMG my account got hacked” just had someone guess their password, or they use auto complete, and somebody sat down at their computer, and simply logged in and changed the Email, waited a week, and voila.

So heed this advice: make your password hard to guess. For the love of God, do not make it the same as your username. Please, don't make it “aaaaa,” or “123456.” If your log in name is, for instance "Darth Vader," please don't make your password something obvious like "starwars." Don't user your own name as a password, if you play at school, don't use your school name. Lastly, use auto-complete at your own risk. It's convenient, yes, but you're placing a lot of trust on the other people that use that computer, especially if they play OGame. Even if it's your own personal computer, if somebody knows you have your password saved, they might just be tempted enough to do bad things, whether it's send a naughty message from the account, delete all the colonies, or hijack it altogether.

Do not enter your username and password into anything but the OGame login page. In the past, thieves have used sites that appear to be OGame proxies, affiliates of some kind, or cheat sites, but are actually password harvesters. Use the same username/password on other sites at your own risk, because if security is compromised at one of those sites, then your OGame account will be endangered.

Also, if you have somebody sit your account, please, use good sense and don't give the sitter your regular password, change the password to something else before you give it to the sitter, and then change the password again once the sitter returns the account to you. If your trade your account for another account, please change the password to one you don't use, and give that password to the new owner instead. Too many people have gotten their account stolen by using the same password in all universes, then when they trade an account, they give their real password. Bam, somebody else has access to all their accounts. Never, ever, for any reason, no matter how much you think you can trust somebody, give them a password that you actually use. If you're going let somebody else into one of your accounts for sitting or to trade the account, change the password first, and in the case of sitting, change it back when you get the account back.

Another critical account security issue involves password recovery. Please, please, please do not use a junk Email address that you never check. If somebody breaks into your account and changes the Email address, with the intention of stealing it later, all they have to do is wait a week until the Email address they entered becomes the permanent Email address. They will then be able to use password recovery, and take over your account. However, when the dynamic Email address is changed, an Email will automatically be sent to the permanent Email address notifying you of this. But if you signed up with an Email address that you never check, you won't receive this notification. And since chances are very good that you aren't keep a watchful eye on what Email address is entered into the box, you could very easily be locked out of your account. If you're worried about spam, then relax. Ask any player that's been here a while whether or not OGame has caused them to receive spam (or more than they already do). The answer will be no.

Finally, if you feel that your account has been broken into, please do not jump to the conclusion that hacking was involved. Of all the cases of account theft on Ogame, not a single one was due to any sort of hacking, they were all caused by some sort of user negligence. The word hacked has become a misnomer to replace the word stolen, or broken into. Please do not fall into the trap of instantly thinking any kind of security problem with your account (or anybody's) involves hacks, because they never do.

Need a good password?

Some notes n a good password from Devon_Raider:

The most secure passwords are ones that contain letters, (A-Z), Numbers (1-9) and symbols, such as !"£$%^&*@#~]{.
An important part of a password is that it is random. A word, place name, pets name, are eaiser to guess than a random set of characters.

If a person wants to get into your account (and you have a simple password) who knows a little about you, even by reading your posts on the board for example, can pick up the odd thing, (where you live, your dog's name etc) and take a guess on it. If you are going to use a easy password to remerber use a random word, not one that can be associated with you. You might not think it could happen to you, but it has happened to other people, and there's no reason it couldn't happen to you.

Idealy use a letters/ numbers / symbol mix. NOT abc123, its a mix, but do you see the pattern? Thought so. This is random, iktz193#0. Just made that up, its a bit more diffcult to remember, but ALOT harder to guess. Also, keystroke orders are eaiser to memorise than a random set of digits. Know the keys to press rather than what they produce also might help. I use a random set of keystrokes for mine, I couldent tell you what it is unless I had a keyboard infront of me

Here are a couple other things Poptart came up with:

Originally posted by Poptart
Contact a GO
--First get the person you're trading with to tell you the persistent email address of the account they're trying to trade.
--Next email a GO of that universe and find out if the persistent email address is the one that actually lines up with that account. If it doesn't, don't trade with that person because they don't own the account you're trying to trade for.
--GOs will not always be able to help you if something goes wrong, if you don't execute the trade with them.

Check Ostat
--Go to http://uniX.ostat.org (X is the universe number). Click Spieler/statistik on the left, then type in the account name that you're trying to trade for. Hit enter. Check the statistics of the account they're offering. If they line up then that's good. If it ends up being that the account doesn't even exist, then don't make the trade.

What about IP check?

IP check does a security logout if the IP using an account has changed or two users try to enter your account with a different IP. Deactivating IP check is not smart, because all somebody needs to do is steal one of your session numbers (every time you log in you are assigned one, they are only invalidated when you click the log out button, or log in again) and they can get into the account. Accounts that are lost as a result of the owner disabling IP check without permission any rights to recovery.

A copy of this is stickied on the general board, also


Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum