Securing Your Gaming & Social Accounts Using 2FA, Password Managers, & Healthy HabitsPosted by Publications & Articles March 7, 2021 in
In the digital age, your account security is more important than ever as more and more websites have had “data breaches” over the past years. With that being said, making sure you secure your gaming & social media accounts using 2FA (Two Factor Authentication), strong passwords with a Password Manager, and overall healthy safety habits are super important as an individual, esports player/staff, and someone in the industry. Your accounts are your responsibility & digital identity – you should be protecting them like your Social Security Number/legal documents.
Tip #1: Using 2FA (Two Factor Authentication)
Two Factor Authentication is not something recently that new, however, it’s sadly not always commonly used amongst all gamers and users. Two Factor Authentication (also abbreviated as 2FA) is the method of adding an additional security layer to your account, requiring anyone attempting to log into your account to enter a code either texted to your cell phone or generated in an Authenticator App. So, if a “hacker” (or simply someone who shouldn’t be getting into your account) guesses your password, they will have to go through the 2FA code to get actually into your account.
Most services nowadays use and may also highly recommend setting up 2FA. Blizzard, Google, Discord, Riot Games, etc. are examples of services that highly recommend using 2FA. Google, in fact, has extra features in place where you’ll receive an email whenever your account is logged into.
To set up using 2FA, you can enter your cell phone number in your account settings with these services. Discord, for example, has the option for community servers to require users in their Discord Server to have a confirmed/registered phone number in order to chat in their community – this is for promoting secure accounts as well as filtering out spam-bots.
In addition, and also highly recommend, to using your phone number, you can use Authenticator Apps such as Authy, DUO, and LastPass Authenticator, to create an account and turn your mobile device (some services such as Authy allow you to even use your desktop/laptop/tablet too) as an authenticator for generating 30-second randomly-generated 5-7 digit codes to enter your account. This is a great way for managing numerous services using 2FA under one app/account. I personally highly recommend using a service such as Authy over Google Authenticator, as Authy allows you to “backup” your 2FA codes and sync them across devices, unlike Google Authenticator which ties your codes just to your device – so if you were to reset your phone or get a new phone, you would potentially be locked out of your accounts if you don’t download or write-down your backup codes for each individual service. Happened to me, speaking on personal experience.
Pro Tip – Backup Codes: If you go with using an Authenticator and using 2FA, you most definitely should be sure to write down your backup codes on a physical piece of paper or download them. These backup codes will allow you to keep 6-12 2FA codes to get into your account should your authenticator (phone) be lost or your cell number change.
Chances are if you don’t have backup codes and you do get locked out of your account, you won’t be able to reset your 2FA to get back in – as it defeats the purpose of 2FA. Some platforms have company policies to not allow users locked out of their accounts to gain access for security reasons, however, some such as Blizzard will allow you to – by going through proper support channels and providing legal/photo identification for getting back into your accounts (which is why you should use your legal name when purchasing products / creating your account [=/= username]).
Tip #2: Using a Password Manager (and unique/strong passwords)
Password Managers have been around for a few years, but chances are have already heard of them. Do you use Safari or Google Chrome to “auto-fill” your passwords? They save your passwords to your Google Account or iCloud Keychain and “browser” but technically are not “actual password managers” or better put: are not up to speed with actual 3rd party password manager companies (Read: Why you shouldn’t use your web browsers password manager). Sure using those can be good, but you’re missing out on better security layers than password managers such as LastPass, 1Password, and others. For our example, we’ll be using LastPass (personal preference of mine) as it comes with a free option as well as a free premium upgrade for all UTD students, staff/faculty.
To put it simply, a password manager will allow you to generate stronger and more secure passwords, as well as safe & autofill them for you (so you don’t have to risk making less secure/complicated passwords for the stress of trying to remember them all).
In addition, these password managers such as LastPass can do all of the work for you. By automatically saving new accounts you create using their Browser Extension, generate secure passwords using 16+ characters, symbols, numbers, etc. and sync your passwords securely across devices. In addition, it allows you to not use the same password for numerous services. If you use the same password for all of your accounts (or something similar) you can only assume that all of your accounts are compromised when one of your accounts is compromised.
LastPass will also alert you in your password vault when a password is old (haven’t changed in 365 days), or not strong/secure (as the company actively searches for when databases or password data is leaked on the internet). You can also safely store addresses, notes, payment cards, and bank accounts in LastPass (great for auto-filling your payment cards on websites when checking out) – which is backed by top-notch encryption and account security.
Tip #3: Proactively having Healthy Account Security Habits
The two tips above on using 2FA and a Password Manager are already healthy account security habits, but you should always exercise additional habits such as: not clicking on phishing/unknown links in emails that look suspicious, changing or resetting your password(s) when a company emails you saying their data has been leaked/breached, changing your passwords once a year (can be automated with LastPass), not using insecure WiFi at public places (apps such as ATT Mobile Security can help with that), and only using websites that have SSL (Secure Sockets Layer – when there’s https:// in a URL) when entering password/payment information.
This article should not be your final end-all-be-all source for keeping your account secure. Always do your research on discovering ways to keep your accounts secure and constantly be proactive! Never wait until it’s too late to start securing your accounts.