A few weeks ago we posted this, with some advice on keeping your Ultimate Team account safe. Unfortunately account intrusion and theft is still a huge problem, so Spike “Big Zombie Monkey” Chapman has created a guide to nailing a safe password and preventing people from getting into your account. Enjoy.
Recently it has come to the attention of many that there are more and more cases of EA accounts being broken into via phishing scams and alleged hacking as reported in the article XBL Accounts Hacked To Buy Ultimate Team Packs.
Now whilst this did provide some links for safety there is one key element to protecting your accounts that you can improve and this is your password. One of the most common and easiest way for someone to gain access to your account is via phishing and a piece of password hacking software that is not hard to obtain.
Without going into too much detail the intruder can simply use a piece of software to gain your password if it is not a complex password and all they need to do this is your email address that you use with your EA account.
The first step I would suggest to protect your account is to go into your EA account and ensure that you have not ticked the option “share my information with select EA Partners”, the reason for this is that it has been pointed out by a community member that one of the key areas that Microsoft have identified as how intruders are gaining access is by calling EA, posing as an EA partner and then getting information. At this point I must make it clear that I have not personally called Microsoft and confirmed this so this is alleged and not confirmed. Having said that it is not uncommon for account intruders to take routes such as this, other routes are to search various websites for e-mail addresses of known EA gamers.
Once someone has obtained your e-mail address their next step is to put it into the software and the software will then begin to attempt to identify the password. These programs are very complex in design but very easy to use making the intruders job very simple as all he/she needs to do is sit down and wait once the information is in.
This is where you as an account holder need to protect yourself as these password “retrieval” programs work on a patterns. First it will scan all commonly user passwords such as “Password”, “1234”, “abcdefg” etc. Once it has scanned a massive database of potential passwords and not come up successful it will then move on to combining all of the letters of the alphabet in every combination for up to 16 letters. If it is still unsuccessful it will then move onto combinations of numbers and letters and within an hour or two of scanning will have tried every combination.
By this point I imagine you are thinking “If it can do that then how can I protect my account?” well this is where your password can be changed to make things very complex and out of reach of these type of programs, or at least the majority of them.
When creating a password it is best to use a combination of numbers, letters, capitol letters and punctuation/signs. A good example is that if my password was “claire23” (my gf’s middle name and her age) then it’s likely one of these password programs would pick up my password within an hour and my account would be accessible. So how can I make my password stronger? Well as I said, a combination of numbers, letters, capitol letters and punctuation/signs and to make it stronger you can remove words, names etc
A good example of a strong password for example would be if I take a sentence such as “FIFA Soccer Blog is the number 1 website for all FIFA 12 news” and I take each letter and number from that sentence like so “FIFA Soccer Blog is the number 1 website for all FIFA 12 news” it leaves me with FSBitn1faF12n. So now I have a combination of capitol letters, lowercase letters and numbers. This is still going to be identified fairly quickly and so you need to then add something else, the punctuation/symbols. A simple way to do this is to add a full stop ever 4 letters like so “FSBi.tn1f.aF12.n” and then to make sure you add even more strength add a question mark to the start and end like so “?FSBi.tn1f.aF12.n?”. At this point you now have a password that could take weeks, maybe months to crack using the software that many intruders are and thus you have saved yourself from having someone else take control of your account.
Just to reiterate the difference this makes I put my original password (claire23) into a password strength checker and it came back as “weak” with a 34% score, however when I entered my new password “?FSBi.tn1f.aF12.n?” it scored a “very strong” with a 100% score proving that it has a massive impact on how much harder it would be to hack my account.
One final suggestion to account holders is that you change your password frequently, I know this can be very inconvenient but changing your password once a month whilst using a password like “?FSBi.tn1f.aF12.n?” is almost certainly enough to increase your security by a huge margin and potentially save yourself from losing not only UT cards and coins but access to your very own account.
I hope this helps many of you and that your account remains secure from the undesirables who seem to think account intrusion is a good way to improve their status on UT.