Properly securing your account, preventing being hacked

[Kimbles01]

As I'm sure you all have seen, a lot of accounts have been hacked lately by gil selling companies (among other things) and are continuing to get hacked. According to SE, their account databases have been compromised so hackers are able to view information on your account. This involves all of the personal info you put into your account (name, age, etc), but, most importantly, your account name, your email, and an encrypted hash of your password (I AM just assuming this, but this IS data that goes into account databases). Whether the compromise has been fixed or not, I am not sure.

WHAT THIS MEANS FOR YOU: Exactly as it appears, they have access to your basic information, account name, your email address, and an encrypted hash of your password. What I can only assume they are doing is a brute-force dictionary password crack. It would be a program that generates every single password possible starting at 1 digit, moving up as it progresses, encrypts it, and checks it against the hash. If it matches, they have your password.

While this IS pretty much 99% SE's fault for their account databases getting compromised in the first place, users with extremely weak passwords and not using the security token are 1% at fault. (Note that I'm talking about people whose account randomly got hacked due to this compromise. If you responded to a phishing email, that is 100% your fault.)

--------------------------
SECURING YOUR ACCOUNT
--------------------------

For starters, I'm going to talk about passwords. As far as brute-force dictionary password cracking goes, the longer your password is, it will take exponentially longer for them to crack your password.

FOR EXAMPLE: If your password is 12 digits long, contains letters, numbers, AND symbols, there are 9,774,779,120,406,941,925,376 possible passwords that would have to be checked against yours. That is a LOT of different potential passwords, and would take months, if not YEARS to crack that password! NOBODY is going to waste that much time to crack ONE account, which brings me to my main point on passwords:

12 characters minimum, including letters, numbers, and symbols! A very easy way to make a password like this is to, literally, just press random buttons on the keyboard into notepad (Example: u7eix!8on@p* ). WRITE THIS DOWN! Write it on a piece of paper and tape it on your desk somewhere (assuming you fully trust the people who have access to your desk wouldn't hack your account either!) REMEMBER, the longer you make the password, it will be exponentially harder to crack, and thus safer! (13 characters comes out to 664,684,980,187,672,050,925,565 unique passwords!)

Another way to make a very long, safe password that might be easy for you to remember is a phrase of words. FOR EXAMPLE: mymothersbirthdayisthisoct21 That's 28 characters!

Before I finish up with passwords, there is one more thing I'd like to say. Make sure your FF14 password is NOT the same as your email password and vice versa!

Alright, now that we know how to make strong passwords, there's one more very important thing you can do to immensely secure your account. That's right, I'm talking about the Square Enix One-Time Password Token. There is NO purchase required if you want to use this! The only thing that costs money is the actual security token-keychain-thing that they sell. But, there is also a FREE smartphone app for iOS and Android. Simply go into iTunes or the Google Play Store and search "Square Enix Software Token". You'll also want to find SE's guide on setting up the app to work with your account (which can be found here). Make sure you save the "Emergency Removal Code" info (or something like that) incase you ever need to remove the security token from your account!

PHISHING EMAILS

When you get an email regarding your FF14 account, and it says something like, "There has been suspicious activity on your account, go here to change your password!" Or a fake password change email such as "This is a confirmation email regarding a change in password on your Final Fantasy XIV account, go here if you didn't want this and log in!" THESE ARE FAKE, DON'T CLICK ON ANYTHING. I am, of course, talking about when you get these RANDOMLY. If you changed your password in the Mog Station and have to check the confirmation email, well, odds are that's probably a legitimate email from SE!

I want to tell you guys "Whenever you get any emails like this, COMPLETELY disregard them and contact customer service!" I really want to tell you guys that. But, unfortunately, a lot of people have been finding out that Customer Service isn't exactly SE's strong suit, so this one is more on you to be aware of what's going on! Look at the links in the email. Is it www.square-enix.com or secure.square-enix.com/account/app/svc/mogstation? Or is it something like account.squarenix.tk or www.squareenix.com? Be aware of the slight changes in the link, as the last two were incorrect! They probably aren't actual phishing sites, I was just being random, but make sure you look at the links.

Addendum

I'd like to not get flamed for any information I got wrong in this post, please just point it out and I'll fix it; my only intention for this post is to help people in properly securing their account so they do not get hacked. I am not responsible if you change your password to something complex and don't store it somewhere if you can't remember it!

Thanks for reading, I hope this helped you!

[MisaCeliousa]

ty for the thread ^^

[Jessikia]

http://forum.square-enix.com/ffxiv/t...count-Security