You Should Protect Your Gaming Accounts like a Bank Account, Here’s How

It’s gut-wrenching to learn that someone has accessed one of your gaming accounts. Unfortunately, this is all too common. My accounts have been compromised several times, which is what inspired me to better safeguard my gaming accounts.

Never Share Your Account Details

One of the simplest ways a hacker can steal your account is by convincing you to share the login information willingly, for instance, in the form of a phishing attack. Bad actors use different forms of phishing attacks to trick you into submitting your account details. The most common are in-game or social media chat messages and phishing emails.

If you’ve ever played World of Warcraft, you might have seen a loading screen tip that says, “A Blizzard employee will NEVER ask for your password.” Well, the tip holds true for all games and companies. Video game admins and support staff don’t need your password to resolve an issue, so they’ll never ask you for direct access. If somebody poses as a company employee and asks for your password, that’s a red flag.

My recommendation is not to share your account with anyone, lest you risk losing it. Many of us have shared our gaming accounts with friends and family at one point, but this can easily turn into a security breach if your credentials aren’t adequately protected. Even if the person you’re sharing an account with doesn’t have any nefarious intent, there’s no guarantee that somebody won’t compromise them and get access to your account that way.

Never Re-Use Passwords, Try To Use Unique Emails and Usernames

Having one account compromised sucks, but having twenty of them stolen is worse. This happens when you use the same username, password, and email across your accounts. While maintaining separate emails for all of your gaming accounts isn’t practical, having different usernames and passwords is easy enough.

I admit that I’ve used the same username and password for gaming accounts a long time ago. Guess what? A modding site I frequented got hacked, and my credentials were leaked. Even big companies aren’t immune to data breaches, and though passwords are normally encrypted it’s still prudent to have as little of your details leaked as possible (including usernames and email addresses).

You can check whether your email has been leaked with haveibeenpwned.com. If you use a Google account to store all of your passwords, the Password Checkup tool can notify you of password leaks. Apple’s password manager for iPhone, iPad, and Mac will also notify you of any passwords you should change, as will many third-party password managers. I never bothered changing my reused password for the gaming accounts I no longer use, so this is what my Password Checkup looks like:

The good news is that you don’t have to memorize dozens of different usernames and passwords for your Steam, Epic Games, Battle.net, Ubisoft Connect, and EA accounts. Just use a password manager instead. Your accounts will be much safer in the hands of a trusted password manager service than if you were to lock them under a single password. Not to mention that you won’t have to memorize the credentials, as you can access them through the password manager or with automatic login.

Watch Out When Downloading Suspicious Files

Gamers are prone to downloading files from shady websites. Think fixes, save files, mods, and trainers for obscure games. While there’s nothing inherently wrong with downloading these files, you should be aware that they’re a potential security breach. Some of these seemingly harmless downloads might have malware attached to them.

A recent example is the BloodyStealer, which was specifically targeted at gamers in order to steal gaming accounts. These hackers can steal your entire collection of games and in-game items and sell everything for a few bucks on account marketplaces. You should also be wary of random links and other scams disseminated via Discord.

=The “obvious” solution would be to avoid third-party websites altogether. But since many of us like to modify our games, so this simple solution isn’t always feasible. If you like to mod games, the best advice I can give you is to stick to Steam Workshop, official websites, and recognized names in the industry that verify all game files like Nexus Mods.

If you suspect that your computer has already been compromised, check out our guide on how to check for computer viruses.

Set Up Two-Factor Authentication and Security Questions

Two-factor authentication (2FA) is one of the best ways to protect any online account. As the name implies, this requires an additional security step before you can sign in to your account. This usually takes the form of an authenticator app code sent via text message or email. You probably already use it for your Google account, Apple ID, and bank account. Your gaming accounts deserve the same special treatment.

2FA has become a commonplace security feature, so it’s built into most games and digital marketplaces. Enable it to upgrade your security instantly, but keep in mind that not all 2FAs are the same. App authenticators that require you to type in a 6-digit code are significantly safer than emails, SMS, and “tap yes” authentication. This is because if your email, phone, or PC has already been compromised, the hacker can still gain access to your account without any issues.

This isn’t to say that 2FA is bulletproof. If a hacker has a way to log in through your PC or phone, they can bypass it completely. Social engineering attacks can be used to convince your cellular provider to port your number to a new SIM, effectively delivering the codes necessary to unlock your account to the attacker. Where possible, use an authenticator app and change your password regularly.

VPN marketing teams might lead you to believe that these programs are a one-stop shop for online safety, but they’re really not. Still, VPNs provide an excellent way to encrypt your traffic, allowing you to hide data from websites you connect to and your ISP. VPNs are especially handy when connecting to public Wi-Fi networks. This can protect the data you send and receive from hackers on a compromised network, known as a “man in the middle” attack.

The downside of VPNs within the context of gaming is that they might increase your ping. This can be somewhat mitigated by selecting a server that’s physically near your location. Alternatively, you can choose to only use a VPN on certain devices or when you’re not gaming. If a VPN renders your multiplayer games unplayable, at least use it on public Wi-Fi and when accessing untrustworthy websites.

Try not to panic if your gaming accounts are compromised. Customer support can usually restore access without hassle, take it from me.

I had my Riot account stolen recently. I had two-factor authentication enabled, but the hacker was able to log in to the website and just turn it off without issue. This is probably because they had access to my laptop, and I was already logged in. Thankfully, support was able to restore access to my account.

Now comes the important bit: I had to prove my account ownership. In the case of Riot Games, it was a long list of questions, like when and where the account was created, whether I bought in-game currency, and associated PayPal transaction IDs. I was able to dig up the PayPal transaction ID in my email inbox, and I’m convinced that this was one of the most crucial bits of information. An important takeaway here is to download your gaming-related digital receipts and keep them neatly organized, the same way you’d do for bank transfers.