I’ve noticed that there’s been a lot of account hijacks lately, and it worries me even though I haven’t got much in my bankroll. My concern mainly comes from realising that it’s not just my poker account that’s at risk, but really it’s lots of sites such as paypal, ebay, amazon etc. About the only thing that I feel secure about is my online bank, but there’s still plenty of ways the bad guys can get to your money.

So I looked around and found out some ways of securing things and warning signs you’ve been hacked;

GMail

If you use gmail, then go to your Google Accounts settings (ie from Gmail, go to Settings, Accounts, and at the bottom Google Account Settings).  Then go to your password recovery options and turn on SMS – that way to recover your password you’ll get a text to your mobile instead of an email which a hacker could read.

Also while you’re there check that a hacker hasn’t added his address to your recovery emails (which has given them a backdoor to your gmail anytime they want).

Also change that security question to something no-one could guess, brute force or find out by googling you (ie don’t use anything where the answer is a name or is possibly in public domain like mother’s maiden name etc).

Email in general

First thing is not to use your regular everyday email account for things that involve money or things you don’t want to lose (so that could be poker accounts, paypal type sites, amazon, eBay, domain registration, etc).The risk is from keyloggers – you can be on holiday & pop into an internet cafe, check your mail, and that’s it – some hacker has your password. Once they have that, then they’ll get the passwords to everything else (just by clicking ‘forgot password’).

So create a second email account just for your money stuff. Don’t use it for anything else. You should check it regularly though, but only from a secure computer (ie at home, not a cafe). It should be a very rare day that you’d ever send an email from this account.

I would have said don’t use webmail like hotmail or gmail either, but since gmail added that SMS password recovery it’s looks more secure now. Trouble is email is so unsecure that it’s hard to know what to do. Make sure you have a good password, which leads nicely onto;

Passwords

There’s all the usual stuff about strong passwords etc, but it’s pretty hard to avoid having similar passwords for lots of different things when you have so many to remember. An excellent solution is to use KeePass. This is an open source tool that holds all your passwords in an encrypted database. It’s a small enough program that you can carry around on a USB key if you like. The big advantage is that once you use a program like this, all your passwords can become ridiculously strong passwords like  HPL+*?$0gO3o1oONS^\3

All you have to do is remember one password while all your online accounts have crazy unbreakable passwords.

The one downside is if you lose your KeePass database or it gets corrupted, or you forget your master password, then you’re in a lot of trouble. All I can say is make backups of the database and don’t forget the master password! It’s an awesome tool, and worth getting the hang of.

If you use the save passwords feature of your internet browser, then if it’s Firefox you must set a master password now! Otherwise anyone could access your passwords. If you use Internet Explorer, then all I can say is ‘Dont’ do it!’. Again, KeePass can help you out a lot here. The Firefox master password is pretty good as it encrypts all the usernames/passwords using the master so it’s fairly hard to get at them once you’ve done this (ie the passwords aren’t actually stored anywhere in readable format, while if you don’t set that master password, they are!).

Poker sites

It seems only Pokerstars is getting it’s act together on this. First turn on the PIN number – it’s a bit of hassle having to enter your password and then click on 6 numbers to get in, but it’s a fairly strong defense against keyloggers. Secondly, if you’ve got 6000FPP, get the RSA key now!

General Security

Seems obvious that you should have a firewall and antivirus software. However it should also be obvious that in just about all poker site’s Terms of Service they state that if you don’t have this kind of software then they won’t give you any money back if you get hacked. It’s the same as an insurance company refusing to pay out because you left the back door wide open.

Freeware antivirus isn’t bad – AVG will do.

Don’t install anything dodgy – no warez or software installed with cracks off the internet. Do you really think people are making this available out of the goodness of their hearts? Most of it contains malware (viruses, trojans etc) or spyware. It’s just not worth it. If you have been doing this then it’s not enough to just stop and uninstall the dodgy software – you’ll really have to wipe your drive and reinstall windows again.

Misc

While sorting out that stuff I also found that PayPal has an SMS system too – in their case it’s an SMS message every time you log in. You pay for the SMS but worth it unless you’re logging in 20 times a day.

So, basically;

• Turn on SMS password recovery for Gmail (check no-one already has backdoor entry)
• Don’t use your regular everyday email for poker sites
• Turn on the PIN for PokerStars and get that RSA key
• Firewall and anti-virus software & keep your PC clean.
• Try out KeePass