Digital Security 101

Marcelo Suplicy

Oct 20, 2021

8 Essential Tips for Staying Safe Online

Gaming is a popular hobby, and it has been around for a while now. Along with time, tenure and rarity comes an increased perception of value, which attracts those unsavory types that look for an easy victim. Don’t be one!

In this blog post, we’ll discuss some important security tips that all serious gamers worth their Gold Cards should follow. Doing so will greatly reduce the chances of ever having a security issue with your gaming accounts and items.

Tip 1 - Don’t use the same password everywhere

Even if you use a very strong password, if one service is compromised all your accounts using the same password are compromised.

Simple one, right? But this is something a lot of people still don’t follow. Reusing (and sharing) passwords is single-handedly the biggest cause of account loss in gaming, by far.

Using a password manager such as Bitwarden, LastPass, 1password, or similar services is a great way to ensure you’ll be safer - you can use a different, very strong password that would otherwise be too hard to remember, because you just have to remember a single password to unlock your password manager. Use their password generators whenever you join a new service. Just select a good amount of characters (I’d recommend 16+), check those boxes for increased complexity in the characters, and once you use one password, never reuse it.

We all have devised our amazingly uncrackable passwords in our heads, especially in the earlier days of the internet. Unfortunately, using your birthdate, mother’s name or city in which you were born (plus those two extra magic numbers) won’t make them as safe as passwords should be. Let the manager do the hard work of creating passwords and keeping tabs of all your services.

But please, create a strong unique password for accessing the password manager too =)

Tip 2 - Two-Factor Authentication (2FA) is your greatest weapon

Two-Factor Authentication - signing in with something you create (a password) and something you physically have (like an authenticator app on your phone that gives you one-time codes) is one of the best things you can do to protect your online accounts. Having a correctly-set 2FA makes account theft almost impossible (someone would have to get hold of both your password and your phone), and thus, this should be enabled in all your important platforms. So go ahead, and enable it on your Google services, PayPal, Steam account, etc.

We know enabling it is a minor hassle. You gotta have your phone nearby, and that makes the usage of those platforms a bit clunkier, but the security benefits greatly outweigh the small inconveniences it may cause.

2FA makes it so much harder for evildoers to get access to your account that most will immediately give up when they see it on your account and move on to a different, softer target.

A word of warning, though: 2FA using SMS messages or email, while better than nothing, is nowhere near as good as an app such as Google Authenticator. Email 2FA / account recovery is only as good as your email security and SMS can be defeated by getting a duplicate SIM card from your mobile provider, which is depressingly easy, or by intercepting the SMS which is a bit harder, but still very much possible.

Disable SMS 2FA and email recovery when possible and other options are available. 2FAs allow you to generate some emergency backup keys in case you need to recover your account (due to losing your phone, etc). Print them and keep them stashed somewhere safe.

So, go ahead and enable a 2FA app everywhere you can. It’s a free service, on top of everything else!

If you are like most of us, if someone got access to your email (Gmail from Google being the most common option) they would get access to most of your online life. They would get a list of services you are signed up for from the emails you receive, they could gain access to most of them by using the reset password feature.

If they changed your password you’d be cut off from everything and unable to stop them until you regain access to your email.

To make things worse your email account is likely one of the first things you’ve created when you started using the Internet and has a simple, weak password. You have most likely reused that same password elsewhere too.

If your email account happens to be a Gmail account it’s even more serious, because evildoers  would gain access to all Google services tied to that account, including your Play Store presence, including a list of devices you have connected to it, what apps you installed and more. This gives them a lot of power and information.

Your Sequence Wallet account used to access Skyweaver is also connected to your email. Even if you chose to create your wallet through Discord, Twitch, Facebook or Apple, those services are still tied to your email. Considering that you may want to use your wallet for other financial transactions as well, it’s imperative that you keep your email secure to preserve your online identity and to avoid loss of assets.

Evildoers know that, and they will target your account, trying to steal your credentials or doing social engineering (such as trying to impersonate you on Google Support to take control of your account) towards their evil goals.

As such, your email/Google Account should be really fortified with as much security as you can. The first two tips are a given, but you can do more to help you. Using different email addresses for different goals (one for gaming, one for banking, one for newsletters, and a couple extra burner ones) is a great way to isolate risk into smaller, manageable groups.

Remember that if you have another email account set up as recovery then you are only as secure as your worst secured account.

Don’t share your email address more than you have to. Don’t post it publicly or use it in services you don’t trust. The fewer places those email addresses are floating around, the safer you are as a whole.

Tip 4 - Even safe places sometimes get compromised

High-profile services, platforms and games are more likely to be targeted by hackers or thieves, simply because they host so much valuable information in a single place. Just remember what happened to CD Projekt and their Cyberpunk 2077 game or more recently, the huge Twitch leak. Unfortunately, this is a somewhat common occurrence, as the digital battles get bloodier and potential gains increase.

So, a good idea is checking Have I Been Pwned? to verify if accounts (and often their passwords!) linked to your email have leaked during one of those security breaches that have happened in the past. If you are a gamer like us, you’ll probably find quite a few instances in there.

But, knowledge is power, so don’t fret: change passwords you have reused, add additional security measures to your compromised email accounts, and you shouldn’t have any issues.

Tip 5 - Assume everyone is trying to scam you on social media and forums

Everyone. Even your family and friends (or at least someone who gained access to their account and are impersonating them).

Sounds harsh, huh? But unfortunately this posture is a necessity when engaging with people online. Scamming others is easy and profitable, because a lot of users out there are easy targets.

Don’t reply to unsolicited messages on Reddit, Discord, Forums, Facebook, etc. No, you aren’t a winner of a random amount of Bitcoin in a promotion you didn’t even know it existed. The Skyweaver team won’t contact you out of the blue asking for your login and email. Ignore those messages, as they probably are someone trying to scam you. Block repeat offenders.

Nobody should ever ask you for your password or ask you to enter them in a different than usual website. If they do, 99.999% chance it’s a scam. Support has tools to get what they need without that. If they try to push or scare you into doing that, report/block then ignore.

For Skyweaver, if you want to make sure you are talking to an official team member, just check our Community Manager role on Discord (in bright orange, on top of the user list), or users with the “Horizon” purple flair on Reddit. Send them a message yourself if you have any security issues. Doing so will ensure you are talking to real team members who will take good care of you. Unscrupulous users might try to impersonate us, so beware. As much as possible, initiate support interactions yourself. Even if it’s coming from an official account but sounds too good to be true or otherwise fishy double check with another official source of information. We’re only human and it’s possible one of our accounts gets compromised, despite the very much above average level of security we have.

Report users spamming or bothering you. And, the Block feature is a powerful tool for your safety and peace of mind in all online platforms; use it liberally.

Tip 6 - Avoid public devices and if you can’t, at least use Incognito Mode

If for whatever reason you have to use a public device, eg. in a school or library, or simply one you don’t own and control, always use your favorite browser’s Incognito/Private Window.  Your login data is not going to be saved by browser and you will be automatically logged out of everything once Incognito/Private window is closed. You don’t have to do that in a device you know, such as your home computer or phone, of course.

Remember that this doesn’t protect you from any malware (e.g. a keylogger capturing your password) that might be installed on that device.

Tip 7 - Learn how to read your browser’s Address Bar

This is an important one: your browser’s Address Bar has a lot of information that can make you safer.

Check the padlock besides an address. If you see one, you probably are where you think you should be. Phishing is an insidious strategy that tries to fool users with addresses that look legit, but aren’t. They usually have some small difference that can pass unnoticed if you are not careful. So, keep a close eye on those addresses and links.

Bookmarking your favorite sites and services is also a good idea, since doing so basically eliminates the possibility of a random phishing case while going about your usual business.

If you are on a computer, hovering over a link will also show you where the link is really taking you, so don’t trust only the link/mail descriptor, as those can be edited for malicious uses.

Be especially aware of mails from big, popular services such as Netflix, PayPal and Amazon. Scammers know most people have accounts in those places, and they frequently send scary-looking messages impersonating these services, aiming to steal your credentials. Be on your guard. If you are worried about your account in those sites, better to manually go there and check what's going on, instead of clicking on mail links.

Tip 8 - On public WiFi, only trust HTTPS websites or use a VPN

HTTPS with a valid certificate (your browser will scream bloody murder if it isn’t) guarantees who sent you the data and that this data was not read or modified in transit.

HTTP offers no such security. A Starbucks WiFi access point (or an evildoer with a laptop pretending to be a Starbucks access point) has full access to any data sent over a connection that isn’t encrypted.

Using a VPN doesn’t make HTTP websites more secure, but at least it protects you from a local attack (someone impersonating an access point), hiding and securing contents of your otherwise unencrypted traffic from prying eyes.

Final Checklist - Protect yourself as a gamer, and as a financial actor

  • Just try to be private and deliberate in your online adventures.
  • If you need to go to a page, you manually go there. Don't follow links you don't know and/or trust.
  • Don’t freely share personal information.
  • Be mindful of the communities you are in.
  • Don’t create accounts or join services and platforms when you are tired or when your attention is divided. The same applies for purchases and financial transactions.
  • Always double-check people, links and addresses when online.
  • Never click on unsolicited links, as those can capture important personal information if malicious.
  • Avoid public/shared devices if possible. Be extra careful when using public WiFi.
  • Even small improvements to your online security matter, because attackers will often switch to a less challenging target. It’s like running away from a bear - don’t be the slowest one running.

That’s it! We’ll publish more tips in the future that will help you keep your Skyweaver and your cryptocurrency accounts much safer from scammers or issues that could be avoided with a bit of extra care. Feel free to share this and let us know if you have any tips we might have missed!

And even if you don't read anything else...

tl;dr

Stay safe,

The Skyweaver Team

Recent Posts

Recent Posts