How to Protect Your Account
This applies to league, and also more generally.
#How Do Accounts Get Compromised?
These are the three most common ways:
- You give someone access to your account (your password) and they misuse it
- or share it with someone else who misuses it.
- Through Social Engineering
- Tricking you into logging in to a fake site that looks like the real one, but actually steals your login info. (Phishing)
- Tricking you into giving your login info by promising free stuff, like RP or Elo Boosting. (Scams)
- By using the normal 'account recovery' options with info they found out about you online. (Personal Info)
- Ex: if your facebook birthday is public, and you also publicly share that your cat's name is Freddy, and then another account asks your birthday and pet's name as recovery questions.
- Often this information is found out by first hacking one of your other online accounts is hacked. For example, maybe you use the same password (or variants) or recovery information for multiple accounts.
- You have an easy-to-guess password
- like "password" or "p@ssw0rd" or "p@25%w)rd!23" -> anything based on a single english word
- Anything based on a name.
- Anything based on personal information
#How Can I Protect My Account?
- Don't give others your login info. If they must get access, log them in yourself, watch them while they're using the account, and log them out when they're done.
- Even if they are trustworthy and have good intentions, they might accidentally compromise your info. Each other person who knows your login info is another place that your account could get compromised.
- Be smart, not careless, about your account security.
- [Phishing] Always make sure you on the site you think you're on.
- [Scams] See #1: Don't give out your login info. Period.
- [Social Engineering]
- Think before you share personal info online. Only share a minimum of personal information. Share it with as few people as possible (eg, only the people you actually want to share it with).
- Use different login info for each of your accounts.
- Use strong passwords.
#There's a problem with strong passwords.
They're usually hard to remember. Especially when you have a lot of them. See those two italicized points above...
Enter masterpasswordapp. It solves both of those problems if you can follow two simple steps:
- Never share your master password, with anyone. Under any circumstances. EVER.
- Don't write it down.
- Don't type it anywhere except the app.
- Don't tell it to anybody.
- Remember your master password. You must memorize it.
- Below I'll discuss how to make a super strong and memorable password.
- Masterpasswordapp makes it so you don't need to remember any of your other passwords, so it'll be less to memorize overall.
How do I use it?
On any machine, download the app, enter your name, master password, and the name of the site you want your password for, and it'll give you your password.
How secure it is?
It's the most secure solution that's reasonable for anybody except Edward Snowden (and probably even good for him). The only way that your passwords can be compromised is if your master password is compromised.
Either trust me or read about it yourself. There's plenty of info on the masterpasswordapp and diceware websites; I don't need to make this monster post any longer.
What's the catch?
All your passwords are tied directly to your master, and there's no way to change or recover a master. So...
- If you forget your master password, you lose all your passwords.
- Solution: remember your password. There's really no way around this.
- If someone gets access to your master password, they get access to all your passwords. This is both bad, and a pain to change all your passwords.
- Solution: use a really strong master password so nobody can hack it (see next section)
- Solution: never share your master password. (are you getting tired of hearing this yet?)
As long as you follow the two simple steps above (1. Don't share it. 2. Remember it), these really aren't issues.
#How to make a Strong and Memorable master password (tldr use Diceware)
https://imgs.xkcd.com/comics/password_strength.png
We're going to do something like this, a method called Diceware. A Diceware password looks like that: normal, lowercase words in a random order, separated by spaces. Yours should be 6-7 words long. How strong is that? Assuming the person trying to hack you KNOWS you're using Diceware...
- Five words are breakable by criminal gangs, good hackers, and rich people.
- Six words are breakable by the NSA.
- Seven words and longer are unbreakable with any known technology. We think the NSA will be able to break them ~2030
- Eight words should be completely secure through 2050.
######Based on source
#How to use Diceware
Open this link. There's the list of words you will use. There are word lists for other languages too, if you'd prefer one of those.
- Roll a die (yes, a physical die) 5 times.
- Now you know why it's called Diceware.
- Don't use a random number generator online or anything like it. It's not good security to get your passwords from the internet.
- Each roll is a digit. You get a number that corresponds to a word in the list.
- Ex: 1-2-3-4-5 -> 12345 -> "april"
- Repeat the above for each word.
- Keep the words in the order you generate them in. Changing the order will reduce security.
#Example:
die rolls: 44362 25645 65164 56411 55555 14233
master passphrase is: "outdo fluff zoe tear sum bit"
#Conclusion Security isn't easy, but tools like masterpasswordapp and Diceware make it much easier.