Crack me if you can

Credit to Author: Egor Nashilov| Date: Fri, 03 Jul 2020 14:59:47 +0000

If you think that your Steam or Origin account with its handful of purchases and achievements is of no interest to cybercriminals, we have bad news. Every year, scammers indiscriminately steal hundreds of thousands of gaming accounts and sell them on the black market. The first barrier that protects your account from this fate is your password. We explain how to make it as strong as possible.

Why an attacker wants your gaming account

Account stealing is similar to carjacking: if an account is valuable enough, they sell it whole, otherwise they strip it for spare parts. This means in-game items, payment card details, or e-mail addresses for spammers to top up their databases. Even an account with no in-game items can be of some use, for example with spamming or farming, so it too can fetch a penny on specialized dark net forums.

Accounts can sell for anything from less than a buck to quite a hefty sum, so some attackers bust a gut to create believable phishing sites to lure gamers with all kinds of fancy skins, half-priced loot boxes, and other impossible goodies. Sometimes, instead of intricate schemes, brute-force is used for password cracking. And if your password happens to be something simple like the name of your favorite band, the city where you live, make of car, or your date of birth, expect to part with your account one day.

Another popular way to steal accounts is to try entering passwords leaked from other services — a method known as credential stuffing. The chances of success are higher than you might think, because many people use the same password for different sites. For that reason, you should always create a unique password for every app and website that you use.

How to set a strong password for a gaming account

All services have their own interface, so there’s no universal instruction. Just look for the Change Password (or similar) option in the Steam, Battle.net, Origin, or other platform settings. To set a new password, you will most likely have to enter the old one manually — or request a password reset.

  • How to make a password so strong it will overheat the cybercriminals’ computer?
  • For starters, it should be at least ten characters long, preferably 15 or even more. The longer the better.
  • It should have alternating lowercase and uppercase letters, numbers and special characters (if those are allowed by the service in question).

It’s not hard to come up with a strong password, however the remembering part is the challenge. Thankfully, there are some tricks to help them stick in your memory. Here’s security expert David Jacoby’s recipe:

  • Take the first letters of the words of some lines from your favorite song
  • Dilute them with special characters
  • Add a unique word that you associate with this gaming service
  • Check the password’s strength

If your memory can’t be trusted, or you just don’t want to bother with such a system for dozens of sites, use a password manager. The program will generate strong, unique passwords, save them in secure, encrypted form, and automatically enter them in the right app or website when you need to log in.

Extra security: two-factor authentication

You can add an additional layer of security by enabling two-factor authentication. With this, hackers will be unable to log into your account without a one-time code, thus protecting it in the case of password leakage.

Gaming platforms usually have two options: they either send codes through text messages, or allow them to be generated using platform’s mobile client or third-party authenticator apps like Google Authenticator, Authy and so on. The first method with text messages is more convenient, but using authenticator apps is far more secure.

To sum up, two simple steps will keep your gaming accounts safe from hackers:

  • Set strong, unique passwords for all services. If you can’t come up with dozens of password combinations, or are afraid of forgetting them, use a password manager.
  • Enable two-factor authentication for maximum protection.


https://blog.kaspersky.com/feed/