I’m excited to feature another guest article from Tamriel Foundry contributor and Entropy Rising member VileIntent. As a veteran of the MMO genre, he has seen firsthand a lot of less savory issues which can plague gamers in terms of account security. VileIntent talks about some of the pitfalls to watch out for, as well as some of the things you (and ZeniMax) can do to keep Elder Scrolls Online accounts safe and secure.
Hail and well met members of the Foundry, we will soon be grinding many of hours away in The Elder Scrolls Online. Considering how much time will be dedicated to our online persona, I wanted to talk about protecting our accounts from malicious individuals or gold farming companies trying to abuse our hard earned time for the sake of digital goods and gold. Especially in successful games the digital commodities controlled by your character(s) are a precious resource, and like any valuable items they can become targets for theft. This article attempts to outline some of the pitfalls to watch out for and tools that you can use to protect yourself from the more nefarious side of online gaming.
The first and most obvious pitfall that many gamers fall into is sharing their account information with a friend or acquaintance. There are many reasons why this is a bad idea, and the less well you know the person with whom you are sharing, the worse an idea it becomes. Not only can guild members or other friends who seemed otherwise trustworthy turn out to be less so, other people never have the same amount of incentive to protect your account security as you do.
Many gamers think that gold buying doesn’t hurt a MMO community. Often, when faced with high prices for in-game goods players turn towards third party sites to buy gold. If you cannot afford an epic new sword or a giant stack of resources to help level a crafting skill, what do you do? Spend hours or even days farming yourself? Oh, I certainly don’t have time for that! I’ll just go to this gold seller site and buy some gold for a few bucks. Unfortunately, the side effect of this decision is that you end up financially supporting scammers who profit from hacking game accounts. Furthermore, the websites which feature buyable in-game currency are often replete with key-loggers and Trojans that will, in-turn, expose your own account credentials towards theft or abuse.
Gold farmers love nothing more than coming back later when you’re not online and ripping everything of value out of your account. Many gold sellers go out of their way to protect their reputations, and there is no shortage of gamers who will claim they have purchased currency with no negative side-effects, however I urge everyone to be aware that these currency markets are ones in which there are major incentives for scammers and theft.
Another term to be be aware of is phishing; the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. This form of hacking is becoming more prevalent since directly hacking the account databases of a company like ZeniMax is becoming ever more difficult and risky. What you do frequently observe is hackers who will try to collect email addresses of active game accounts. One of the biggest mistakes that companies frequently make today is using your email address as your login name for their game or service. In such a scenario, a hacker only needs to solicit your password in order to have full account access.
The most common (and unfortunately effective) method for doing this is with a “phishing” email. Hackers will take a legitimate email sent by the company and use it as a template to spoof an official correspondence. These emails frequently request you to provide account details like your username or password, change your account password, or update other account information. Frequently, these emails link to authentic looking login or password forms which are actually hosted on external websites. As a general rule of thumb, you should never follow email links to pages not hosted under the elderscrollsonline.com domain, even if the email itself looks legitimate. Furthermore, you should never provide your account username or password to anyone even if they ask for it. An actual ZeniMax employee will already have this information about you, and will not have to ask.
How to Protect Yourself
Now that we’ve mentioned some of the primary ways in which your game account might become compromised, let’s talk about some ways you can protect yourself.
An authenticator provides a way to prove to a computer system that you really are who you say you are (authentication). There are several possible ways to use an external authentication tool:
- Hardware – Most people will recognize this from World of Warcraft as a Blizzard Authenticator. This small physical device is linked to your game account and will supply you with a unique and dynamically generated number to use in addition to your username and password during login. An authenticator adds a second factor of authentication (in addition to knowledge of your username and password) by requiring you to have possession of a physical object in order to log into your game account!
- Software – A software authenticator is an application or program that can be installed on common mobile devices, transforming them into a hardware authenticator. Software authenticators function similarly to dedicated hardware tokens except they can be on mobile devices: smartphones, tablets, and PCs, transforming them into intelligent security tokens. Software authenticators are generally considered to be slightly less secure than hardware tokens, but any form of two-factor authentication is a giant step towards account security from using only a single factor.
- Text Message Authentication (SMS) – This system allows the game to send a text message to the phone number which is registered in your account profile. This text message is automatically triggered whenever your account is accessed from an “unfamiliar” location. Specifically, when someone logs into your game account using an IP address which is distinctly different from your “normal” gaming location.
Another thing to consider if account security is important to you is whether or not you want to use your “primary” email address for game accounts like ESO. Many users elect to register their game accounts on a separate email from the one they use for important personal services like banking, credit cards, or e-commerce platforms. If you do get any suspicious emails, just be sure to never follow their contained links or provide any private information about your account.
Remember your account security depends solely on you, never give anyone your password. If an email sounds too good to be true, it probably is. If you are unsure about some email communication, you can always use the built in support systems that ZeniMax will offer in order to check if it’s genuine.
In closing what kind of protection would you like to see Zenimax incorporate into ESO? Would you pay a bit extra to get a hardware authenticator, or would you like to see them release an iPhone/Android app that offers a software authentication system? Do you have any horror stories to share about these sorts of issues in your past, or have you managed to keep all your gaming accounts secure? If you have any thoughts, suggestions, tips, or advice, let us know in the comment section! Game safe and see you in Cyrodil 4/4/2014!