You need a security token and unique password.

[sirdayne]

With the current epidemic of players having been compromised by RMT spammers, I can't stress this enough... for current players and anyone considering playing ARR:

1. Get a security token.
2. Use a unique password that is easy to remember but hard for attackers to break. Generally speaking, the more complexity and length a password has, the harder it will be to break.
3. Do not use that password on any other site.

If you want to bring your friends into the game make sure they also follow these steps. It is better take take precaution now. RMT are after any account they can break into and spam from.

Edit: Ignore previous example webcomic.

Do NOT use that example ! That's rubbish, any hacker worth his salt will break it rather easily. That comic is wrong and has been proven wrong by many security experts since it's publication.

[Rutteger]

Agreed. Most everyone has an iOS or Andriod phone/device and the software token is free! There is no excuse really. My blacklist is full of names that I'm sure RMTs have stolen. That's what opened my eyes and made realize I HAD to get one.

[RamzaBehoulve]

With the current epidemic of players having been compromised by RMT spammers, I can't stress this enough... for current players and anyone considering playing ARR:

1. Get a security token.
2. Use a unique password that is easy to remember but hard for attackers to break. Example in webcomic form
3. Do not use that password on any other site.

Do NOT use that example ! That's rubbish, any hacker worth his salt will break it rather easily. That comic is wrong and has been proven wrong by many security experts since it's publication.

Granted, I doubt chinese farmers have that level of knowledge, you can't be too sure about this stuff.

Source : http://arstechnica.com/security/2013...r-passwords/3/

Also, there is an easy way to get your password need covered while making it easy to remember. Most of time, experts will tell you to make a different password for each different service or website which is fundamentally true, BUT you do not have to make the entire password new!

Here is an completely random example : core of the password : GhQJn8!P --> Square-Enix services password : you add 2-3 letters linked to the service/website name and thus it becomes seGhQJn8!P or GhQJn8!Pse

As long as you never use the core only anywhere, this is nearly unbreakable without pure brute force and you only have to remember one core password, the rest is linked to something easy to remember from the website/service. Coupled with the token, the only way to guess your password is not guess it, it's get it directly from you through fraudulent means such as virus/trojans/keyloggers.

That said, I never used security tokens in 15 years of MMO, never got hacked, so they are not absolutely necessary for knowledgeable people, but if you are a novice, please do use one.

[sirdayne]

Edited OP to reflect this. I was unaware that method no longer works. The bottom line is getting a security token makes it near impossible for attacks to make it through to your account.

The free version is on iOS and Android.
Physical tokens cost like $10.*

Edit: * As of September 1, 2013, the security token will cost $10.99.

[Yamimarik]

Have my old FFXI token from my Mog Satchel then just un-registered it and registered my new one from my CE so I have two just in-case. But this RMT crap kinda annoying and a bit unnerving so decided to change my password to something I've never used ever, not even in any variation at all. I've seen so many people, some of whom I actually grouped/talked with, on my own server go from being themselves... to /sh /tell spamming RMT/Gilselling crap. SE really needs to get a handle on this and quickly ; ;

[Sasse]

I'd take it a couple of steps further than that.

- A unique email address that is to be only used to tie to your SE account, with a unique password. Turn on phone authentication for this email account (Gmail and Outlook offer this).
- A unique username and password for your SE account
- Use a flippin' Security Token!

[Jayrx93]

I totally agree. I play on PS3 and my account just got hacked 5 days ago, the hacker stole gil and alagan pieces. I opened up a ticket for data recovery and it says it takes 7-10 days to recover what the hacker stole from me. I admit that it is my fault for not securing my account with a token but Square Enix support is one of the worst service I have ever seen. There's no phone number to contact them regarding my issue. I got queued for an hour on live chat >only to get disconnected. I got no assurance at all if they are able to recover what I lost. Now, save yourself the trouble. Secure your account with a token.

[JeniLinsky]

For that matter, there are smartphone apps that will randomly generate and remember secure passwords for you. Look at Keeper for Android, for instance. There's no excuse not to have a reasonably secure password.

[Kagato]

Agreed. Most everyone has an iOS or Andriod phone/device and the software token is free! There is no excuse really. My blacklist is full of names that I'm sure RMTs have stolen. That's what opened my eyes and made realize I HAD to get one.

People with Blackberry phones are screwed... as usual.

[Cedagalice]

People with Blackberry phones are screwed... as usual.

Who Cares. Did not realize people actually used blackberry's anymore.