RotMG Account Security Tips
RotMG Account Security Tips by OtherBill
I’ve been reading all the forum threads on people getting hacked, trollers phishing for login information, etc. and so on, and it dawned on me that nobody is providing any suggestions of what you can do to protect yourself before these threats come along. So, I just wanted to toss up a few suggestions of a few things that I do to keep my RotMG characters secure.
Obvious suggestions are obvious.
Well, duh. “Don’t share your login credentials with anyone”, “Don’t click on suspicious links”, “Watch out for phishers”, “Keep your firewall/antivirus protection up to date”, “Change passwords—often”, “Don’t download suspicious programs”, etc. and so on.
You’re probably doing all of this already, and if you aren’t…well, you should.
Don’t use your primary email address for your RotMG account
For goodness sake, no. If you do any sort of online banking or other activity with the same email address that you use for RotMG, getting hacked could have far worse consequences than some pixels.
Instead, use a webmail provider (gmail, etc.) to get a throwaway email address, solely for RotMG use.
When creating webmail accounts, don’t use <Character_Name>@gmail.com as your RotMG email
If someone can guess your email address…well, keep reading.
Protect your email address like a password
Nobody can brute-force your RotMG account if they don’t know your email address in the first place. Given knowledge of your email address, someone can try to brute-force your email account or abuse the provider’s “Forgot Password?” feature, then use access to your email to ask WildShadow to change your RotMG password.
I’ve seen people post muledumps or RotMG account summary screens without blacking out the account email address. That’s practically begging for someone to hack you, especially if you have lots of juicy loot in your vault.
Think twice about trading realm gold
We’ve all heard of this mechanism: Person A goes to buy gold, then sends the payment URL to Person B so they can pay for the gold for Person A. There are a few things wrong with this: (1) Person B now knows Person A’s account email address. See above. (2) There is nothing preventing Person A from walking away from the deal and scamming Person B.
So really, this particular trade mechanism is rife for hacking and scamming from both parties. Just…don’t do it.
Don’t use the same password for your forum account and your game account.
If someone phishes (.wildshadow.co and so on) to steal your forum account credentials, you’re giving them a big golden key to your charslots and vaults if the passwords are the same. So, don’t do that.
If you use different passwords, a phisher will only get your login credentials to the forums. All they can do with that is post crap on your behalf…which can still be pretty dangerous from an impersonation point of view, but is far less damaging than open access to your game account.
Better yet, don’t even use the same email address for your forum account and your game account.
If a phisher gets login credentials to your forum account and your profile lists your game’s email account, that’s a toehold he can use to begin brute-forcing your game account. If your game’s email account is completely different, then he can brute-force all he wants and come up empty, because there’s no game account there to brute-force.
If you mule, (A) Don’t give your mules sequential names, and (B) Don’t use the same password for all of them
I remember reading a thread where the OP sold one of his mules, then the new owner figured out the login information for all the other mules. Oops!
If you mule, you probably use muledump (and if you don’t…well, you should). Your account.js file includes all your email/password information for all your accounts anyway, so you might as well make that information so unintuitive and so cryptic that you have to write it down to remember it…because you already did!
I know this all sounds pretty paranoid, this is just sort of a start of the types of things that rumble around in my head from time to time. If you have any other suggestions, feel free to share them here.