Account Security

How To Be Safe

These days, it seems like everybody's getting hacked- Bitfinex, Mt. Gox, you name it! But what about your Crypto-Games account? It's definitely a possibility, so we've created this article to help you secure your account- and help you do it right!

Secure your account

Password

It seems like everybody takes password strength lightly these days- we're all focused on 2FA and the newest security protocols when the lowest-level security measures can be what stops a hack. When setting a password, we recommend you make the password at least 10 characters long, with at least 1 uppercase letter, 1 number, and a special symbol. Why? Given current technology, even a 9-digit password will take at least 9 years to hack, and 10-digit is almost impossible to hack for that matter. Technology does change, but for now, we recommend that you follow our guidance. Try memorizing your password as well; those 'remember password' checkboxes use cookies to store passwords. Therefore, when you clear your browser cache, your browser will 'forget' the password. You definitely don't want that happening! Never share your password with anyone, not even support. If you receive an email from someone claiming to be a Crypto-Games staff/support and asking for your password, do not respond. We will never ask you to reveal your password.

2FA

2FA has been a very good technological advance in terms of protection- unfortunately, you'll need a phone to do this, but it's a very good way to secure your account. The most common way of utilizing this method of security is to simply turn it on! 2FA will send a text to your phone asking for confirmation that you want to use this as your 2FA device. Once you enter a code to confirm it, you'll be all set! Each time you login, you'll need to use a code sent to your phone- this can be a hassle, but assuming you've already logged into your account on one device, you won't need to use 2FA for a while. While not the most secure way of protecting your account in the world, 2FA ensures that both devices (computer and phone) are needed to log into an account, thereby increasing security. 2FA can also be hacked- yes, it is possible because no security method is unbreakable That's why we recommend putting up multiple layers of security, so that if one layer fails, there's redundant layers to stop it. An example of a potential threat can be found on Androids where some screensavers CAN view your phone's screen and potentially hack your 2FA or PIN. More ways 2FA can be hacked are:
  • Someone could gain access to your 2FA device or OTP list (lost or stolen phone, device, or OTP lists).
  • A malicious application (like a trojan horse) that you install on your device steals your 2FA data.
  • Real-Time Phishing (the phisher asks for your OTP, then uses it immediately).
  • Insecure set up (for example, using Google Voice with your SMS based 2FA).
  • Man in the middle attacks (hackers insert themselves between your web browser and the web site, and steal your 2FA credentials as they are transferred).
  • Phishers pretending to be technical support tricking you into disabling your 2FA.
  • Phishers pretending to be you trick your technical or customer service support into disabling your 2FA.
  • Getting access to your 2FA via hacking some other related site (for example, breaching your cell phone provider's web site).
As you can see, 2FA is indeed a good way of ensuring security, but there are still vulnerabilities. That's why we've taken several measures to ensure that nobody can get into your account! We'll explain some more risks next.

Using Unique Passwords For Each Site

This is another big one- while you may be tempted to use only one password for all sites, this is a very, very bad idea. If one site happens to be fake or gets hacked, your data could be potentially leaked, and you could lose access to all of your accounts. This is one of the easiest things to fix by simply writing down the passwords for each site that you may not be able to remember. Physical storage has been and will always be one of the most secure ways to store data as it can't, for the most part, do anything bad. Although some programs offer to 'automatically enter' passwords for each site and save them, this is actually a bad idea; if that software gets hacked, all of your passwords will be openly available.

Public and Unsecure Computers/Networks

This is another very obvious risk that can be remedied. When using public computers, make sure that you DO NOT click remember password; in fact, just try to stay away from public computers at all times if you plan on accessing a site that requires a password. Your password could be logged very easily as you don't know what's on the computer. With public networks, somebody can easily view all connections and data being transferred on the network with the click of a button; the risk is very real. We recommend using your default firewalls and VPNs whenever possible on those connections. These are easy mitigations where, for the most part, you probably won't be hacked this way.

Conclusion

Since it is very easy to be hacked anywhere, these tips don't just apply on Crypto-Games. These tips can be used on any computer or device. Being hacked is a real risk, and we hope we've helped you out with these simple and easy tips. Please contact as at support@crypto-games.net if you have any questions about the security of your Crypto-Games account.