You need a security token and unique password.

[RamzaBehoulve]

With the current epidemic of players having been compromised by RMT spammers, I can't stress this enough... for current players and anyone considering playing ARR:

1. Get a security token.
2. Use a unique password that is easy to remember but hard for attackers to break. Example in webcomic form
3. Do not use that password on any other site.

Do NOT use that example ! That's rubbish, any hacker worth his salt will break it rather easily. That comic is wrong and has been proven wrong by many security experts since it's publication.

Granted, I doubt chinese farmers have that level of knowledge, you can't be too sure about this stuff.

Source : http://arstechnica.com/security/2013...r-passwords/3/

Also, there is an easy way to get your password need covered while making it easy to remember. Most of time, experts will tell you to make a different password for each different service or website which is fundamentally true, BUT you do not have to make the entire password new!

Here is an completely random example : core of the password : GhQJn8!P --> Square-Enix services password : you add 2-3 letters linked to the service/website name and thus it becomes seGhQJn8!P or GhQJn8!Pse

As long as you never use the core only anywhere, this is nearly unbreakable without pure brute force and you only have to remember one core password, the rest is linked to something easy to remember from the website/service. Coupled with the token, the only way to guess your password is not guess it, it's get it directly from you through fraudulent means such as virus/trojans/keyloggers.

That said, I never used security tokens in 15 years of MMO, never got hacked, so they are not absolutely necessary for knowledgeable people, but if you are a novice, please do use one.