ESO Account Security and YOU!

I’m excited to feature another guest article from Tamriel Foundry contributor and Entropy Rising member VileIntent. As a veteran of the MMO genre, he has seen firsthand a lot of less savory issues which can plague gamers in terms of account security. VileIntent talks about some of the pitfalls to watch out for, as well as some of the things you (and ZeniMax) can do to keep Elder Scrolls Online accounts safe and secure.

How secure are you?

How secure are you?

Hail and well met members of the Foundry, we will soon be grinding many of hours away in The Elder Scrolls Online. Considering how much time will be dedicated to our online persona, I wanted to talk about protecting our accounts from malicious individuals or gold farming companies trying to abuse our hard earned time for the sake of digital goods and gold. Especially in successful games the digital commodities controlled by your character(s) are a precious resource, and like any valuable items they can become targets for theft. This article attempts to outline some of the pitfalls to watch out for and tools that you can use to protect yourself from the more nefarious side of online gaming.

Account Sharing

The first and most obvious pitfall that many gamers fall into is sharing their account information with a friend or acquaintance. There are many reasons why this is a bad idea, and the less well you know the person with whom you are sharing, the worse an idea it becomes. Not only can guild members or other friends who seemed otherwise trustworthy turn out to be less so, other people never have the same amount of incentive to protect your account security as you do.

Gold Sellers

Many gamers think that gold buying doesn’t hurt a MMO community. Often, when faced with high prices for in-game goods players turn towards third party sites to buy gold. If you cannot afford an epic new sword or a giant stack of resources to help level a crafting skill, what do you do? Spend hours or even days farming yourself? Oh, I certainly don’t have time for that! I’ll just go to this gold seller site and buy some gold for a few bucks. Unfortunately, the side effect of this decision is that you end up financially supporting scammers who profit from hacking game accounts. Furthermore, the websites which feature buyable in-game currency are often replete with key-loggers and Trojans that will, in-turn, expose your own account credentials towards theft or abuse.

Gold farmers love nothing more than coming back later when you’re not online and ripping everything of value out of your account. Many gold sellers go out of their way to protect their reputations, and there is no shortage of gamers who will claim they have purchased currency with no negative side-effects, however I urge everyone to be aware that these currency markets are ones in which there are major incentives for scammers and theft.

Phishing

Aldmeri Khajiit

This one has free items, if you tell it your password!

Another term to be be aware of is phishing; the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. This form of hacking is becoming more prevalent since directly hacking the account databases of a company like ZeniMax is becoming ever more difficult and risky. What you do frequently observe is hackers who will try to collect email addresses of active game accounts. One of the biggest mistakes that companies frequently make today is using your email address as your login name for their game or service. In such a scenario, a hacker only needs to solicit your password in order to have full account access.

The most common (and unfortunately effective) method for doing this is with a “phishing” email. Hackers will take a legitimate email sent by the company and use it as a template to spoof an official correspondence. These emails frequently request you to provide account details like your username or password, change your account password, or update other account information. Frequently, these emails link to authentic looking login or password forms which are actually hosted on external websites. As a general rule of thumb, you should never follow email links to pages not hosted under the elderscrollsonline.com domain, even if the email itself looks legitimate. Furthermore, you should never provide your account username or password to anyone even if they ask for it. An actual ZeniMax employee will already have this information about you, and will not have to ask.

 

How to Protect Yourself

Now that we’ve mentioned some of the primary ways in which your game account might become compromised, let’s talk about some ways you can protect yourself.

Authenticators

An authenticator provides a way to prove to a computer system that you really are who you say you are (authentication). There are several possible ways to use an external authentication tool:

  1. Hardware – Most people will recognize this from World of Warcraft as a Blizzard Authenticator. This small physical device is linked to your game account and will supply you with a unique and dynamically generated number to use in addition to your username and password during login. An authenticator adds a second factor of authentication (in addition to knowledge of your username and password) by requiring you to have possession of a physical object in order to log into your game account!
  2. Software – A software authenticator is an application or program that can be installed on common mobile devices, transforming them into a hardware authenticator. Software authenticators function similarly to dedicated hardware tokens except they can be on mobile devices: smartphones, tablets, and PCs, transforming them into intelligent security tokens. Software authenticators are generally considered to be slightly less secure than hardware tokens, but any form of two-factor authentication is a giant step towards account security from using only a single factor.
  3. Text Message Authentication (SMS) – This system allows the game to send a text message to the phone number which is registered in your account profile. This text message is automatically triggered whenever your account is accessed from an “unfamiliar” location. Specifically, when someone logs into your game account using an IP address which is distinctly different from your “normal” gaming location.

Email Addresses

ESO Stealth

Good account security can keep you our of trouble.

Another thing to consider if account security is important to you is whether or not you want to use your “primary” email address for game accounts like ESO. Many users elect to register their game accounts on a separate email from the one they use for important personal services like banking, credit cards, or e-commerce platforms. If you do get any suspicious emails, just be sure to never follow their contained links or provide any private information about your account.

Remember your account security depends solely on you, never give anyone your password. If an email sounds too good to be true, it probably is. If you are unsure about some email communication, you can always use the built in support systems that ZeniMax will offer in order to check if it’s genuine.

Your Thoughts

In closing what kind of protection would you like to see Zenimax incorporate into ESO? Would you pay a bit extra to get a hardware authenticator, or would you like to see them release an iPhone/Android app that offers a software authentication system? Do you have any horror stories to share about these sorts of issues in your past, or have you managed to keep all your gaming accounts secure? If you have any thoughts, suggestions, tips, or advice, let us know in the comment section! Game safe and see you in Cyrodil 4/4/2014!

86 responses to “ESO Account Security and YOU!”

  1. Profile Photo
    Rek7

    Apprentice

    Total Posts: 31

    Ebonheart

    Another important tip is to not sign up to forums (even this one) with the same email AND password as your actual email or game account.

    In GW2 a lot of accounts were “hacked” because external sites did not store their data safely enough and large lists of peoples email addresses & passwords were easily available for scammers. They either directly logged into the game using the email/password, or logged into the email account and then did a password reset on the game account.

    Then people got all up Arenanet for not securing their data when it actually had nothing to do with them.

    ”People don’t like to be meddled with. We tell them what to do, what to think, don’t run, don’t walk. We’re in their homes and in their heads and we haven’t the right.” – River Tam

  2. Profile Photo
    Morkulth

    Expert

    Total Posts: 425

    Altmer Sorcerer

    Entropy Rising

    Wow great article GO ER. Go team Go!

  3. Profile Photo
    Shadow Wolf

    Journeyman

    Total Posts: 77

    Imperial Templar

    I do like the app idea since just about everyone has a smart phone by now.This a great artical

    The hunt is on 

  4. Profile Photo
    littelme

    Adept

    Total Posts: 130

    Khajiit

    Text Message Authentication (SMS) i have tried it in Rift and it just worked, without me having to do anything extra. This is smart because, there always is a percentage of people who do not get external security (me). This does not mean that this should be the only way, to secure one’s system. It should only be the first of a number, of systems to secure me from harm.

  5. Profile Photo
    Atropos

    Administrator

    Total Posts: 2994

    Imperial Sorcerer

    Entropy Rising

    Rek7 said on January 20, 2014 :

    Another important tip is to not sign up to forums (even this one) with the same email AND password as your actual email or game account.

    A very good point Rek, I definitely would not encourage anyone to use the same login AND password for ESO that they use on Tamriel Foundry. We do our best to keep our database secure, but at the end of the day TF is just a small fan site and not exactly Fort Knox.

    I would definitely rest easier if I knew that all our members were using different passwords on TF than they use for other important sites!

    Founder, creator, and developer of Tamriel Foundry.

    Guildmaster of Entropy Rising.

    Occasional Twitch Streamer.

  6. Member Avatar
    Onen-Rui

    Novice

    Total Posts: 16

    Altmer Sorcerer

    Thank you for your article. I’m not very savvy about this stuff and  these were excellent ideas to help me with the likely inevitable interest of the dark side.

  7. Member Avatar
    Locke118

    Scamp

    Total Posts: 1

    Nord Templar

    Great post any idea if ESO will have an authenticator app or will a physical one come with the game?

    Guards of the north, Sing their songs of the snow 

    Time has come for us all To answer the call

  8. Profile Photo
    R4VID

    Master

    Total Posts: 837

    Dunmer Nightblade

    A general rule… never forget to fleetsave.

    This is a term from ogame.org an MMORTS free-to-play game. Fleetsaving is basically making sure you don’t cut corners in your own security. In the game there are methods in which a player can see, calculate and track your movements. In this game there too are ways in which a player can conceal, mislead and misrepresent their in-game information. No fleetsave= no fleet. Where profit is to be made there is always someone willing enough to take it.

     

    I am all that is, all that was, and all that will be

  9. Profile Photo
    Solbranthius Dawnsurge

    Expert

    Total Posts: 370

    Altmer Templar

    Rek7 said on January 20, 2014 :

    Another important tip is to not sign up to forums (even this one) with the same email AND password as your actual email or game account.

    In GW2 a lot of accounts were “hacked” because external sites did not store their data safely enough and large lists of peoples email addresses & passwords were easily available for scammers. They either directly logged into the game using the email/password, or logged into the email account and then did a password reset on the game account.

    Then people got all up Arenanet for not securing their data when it actually had nothing to do with them.

    True, though there’s a lot of people out there who are pretty scatterbrained to say the least and can barely remember one password let alone more than one! Thankfully I’m not one of those people, though I can sympathise as I struggle quite a bit to remember phone numbers no matter how hard I try. As far as account security goes I prefer it to be accessible. I favour the authenticator system myself – when my cat doesn’t run off with mine – as they’re pretty easy to use and generally efficient.

     

  10. Profile Photo
    Atropos

    Administrator

    Total Posts: 2994

    Imperial Sorcerer

    Entropy Rising

    Locke118 said on January 20, 2014 :

    Great post any idea if ESO will have anauthenticator app or will a physical one come with the game?

    We haven’t heard anything about this yet, but I hope there will be enough demand for it that ZeniMax will consider offering some authentication options. From a business perspective, every prevented hack or account theft saves their customer service team an hour or so of effort, which can really pile up over time. Hopefully they think offering something like this is worth the development cost.

    Founder, creator, and developer of Tamriel Foundry.

    Guildmaster of Entropy Rising.

    Occasional Twitch Streamer.

  11. Profile Photo
    Zairan Arainai

    Expert

    Total Posts: 438

    Altmer Templar

    Helpful article.

    Welcome to the end of your life, and I promise its going to hurt!

  12. Profile Photo
    Boromir WolfsBane

    Adept

    Total Posts: 214

    Nord Nightblade

    Ravenguard

    Thanks for the info!!! :)

    http://i.imgur.com/VSsnFY0.png

     

  13. Profile Photo
    Ivalice

    Adept

    Total Posts: 126

    Bosmer Sorcerer

    Elderblade

    Another good article, thanks!

  14. Profile Photo
    Cheers

    Adept

    Total Posts: 117

    Breton Templar

    Pantheon

    Those were great reminders for everyone before the game goes live.  Phishing seems like the biggest target.  I get emails daily from games I have never signed up for telling me my account has been compromised and I need to sign in and change my password.  Another thing I would add is make sure you use a complex password of over 8 characters, utilizing special characters, Capital letters, and numbers. You also want to make sure you use passwords that aren’t in the dictionary. I do this with all my sensitive account info and have yet to get hacked. The longer the password the better and phrases seem to be easier for me to remember.

    Good Example — I ran to th3 st0rE! (I ran to the store)

    Bad Example– beer

     

    Cheers!

  15. Profile Photo
    Lacaiman-who-gathers

    Adept

    Total Posts: 163

    Argonian Nightblade

    thanks for this article     Does using TOR keep people from hacking you while playing

    Dying in Morrowind  “STOOPID”

     

    Black water rolls and the saw grass waves

  16. Profile Photo
    Marsh-Shadow

    Master

    Total Posts: 571

    Argonian Sorcerer

    The Keepers

    Nice article, I have a feeling not many foundrians will have any of these problems.

  17. Profile Photo
    RagnarLodbrok

    Expert

    Total Posts: 296

    Orc Templar

    im hoping with no auction house gold sellers will be easily tracked. i imagine ZOS will be all over it and hopfully crush them lol.

    ragnar

  18. Profile Photo
    xBlackJester

    Apprentice

    Total Posts: 27

    Khajiit Templar

    Thanks! On the note of authenticators, will ZOS or Bethesda be offering to sell them? I think that would be a great idea to help with account security. Thanks again for the info but anyone who takes their account seriously should already know this refreshers never hurt!

  19. Profile Photo
    Kotaro Atani

    Master

    Total Posts: 843

    Khajiit Nightblade

    Queen’s Hand

    RagnarLodbrok said on January 20, 2014 :

    im hoping with no auction house gold sellers will be easily tracked. i imagine ZOS will be all over it and hopfully crush them lol.

    Kotaro says “Security, I have your security right here..” pointing to his Akaviri Katana and Wakizashi swords…

    OOC,

    I think that it may be just the opposite, even though I agree with you that they should be crushed and banned if found out, but if transactions are person to person in the game world, which it looks like it will be in ESO, even through Guilds, then how can they track every transaction, when it could be in the Million user range or even hundreds of thousand user range ??? I do hope ZOS has a plan for this..

     

     

     

  20. Profile Photo
    NightStorm

    Adept

    Total Posts: 206

    Khajiit Templar

    Black Market Wares

    I use the same email for all forums I belong to. I also use a separate email just for games. Makes it easy for me to tell when i get a phish. Now as far as passwords I use a blend of nonenglish. Elven and Draconic work wonders for me.

Comment On: “ESO Account Security and YOU!”

You are not currently logged in. You must log in before commenting.