Hello everyone! Artemus here! With an important safety PSA on helping keep your internet accounts safe from harm and hackers! I'll go over some quick tips that will hopefully help protect you from harm! ### \#1 2FA (Two Factor Authentication) Two factor authentication is when a website or service offers you the option to use your cellphone or other device / method as an extra step when logging on, the idea is that having a physical device to act as your key means that someone online won't be able to get in! Lots of websites and services offer it, services like Steam even require it for advanced features! Here are a couple of links you may find handy Blizzard : https://us.battle.net/support/en/article/24520 Discord : https://support.discordapp.com/hc/en-us/articles/219576828-Setting-up-Two-Factor-Authentication Gmail : https://www.google.com/landing/2step/ Steam / Steamgaurd : https://support.steampowered.com/kb article.php?ref=8625-WRAH-9030 And to help find information on almost any 2FA website, check out https://www.turnon2fa.com/ >Additional information suggested by Green Dragon Iris It is better to use an authentication app (such as [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en US) ) rather than using SMS messages, while unlikely, hackers have been able to socially engineer phone companies into giving out information that can be used against you. The safest option is of course be careful with who you trust your private information with, but an authentication app is an extra step you can take for safety's sake! Plus, who knows what could happen to your phone! Most services that offer 2FA will also provide emergency backup keys you can use if you lose your device. Rowdy stores his codes inside of his password manager, you can read about those next! {.left} ### \#2 Password managers I'm sure you've seen the tips on passwords before, don't use something someone could easily guess! A lot of people use the same passwords for everything which is no good. Maybe you've seen a password like this before? `cdAGoP,2ZpBHW/y` How are you supposed to remember *that*? Perhaps check out a password manager! Rowdy personally uses one called Keepass. It looks sort of like this! {.left} A password manager is an easy to use / easy to setup tool that lets you store complex passwords for all of your sites. They usually get saved in a little database file which you can backup and store safely on a thumbdrive, your cloud service, etc. Here are some you should check out! Keepass : https://keepass.info/ KeepassX : https://www.keepassx.org/ (What Rowdy uses!) Lastpass : https://www.lastpass.com/ (Is a paid service but still is one of the recommended ones) As for actually getting the passwords, I sometimes recommend this website : https://strongpasswordgenerator.com/ But also some programs (Like KeePass and KeePassX) come with built in password generators {.left} ### \#3 Watching out for scams! Steam scams are fairly common, and the more Valve does to combat them, the smarter the scammers try and be! There are some basics to always understand! >From Dustrat : Non steam links will take out of the steam client and open up in your native internet browser, this is an indication that the site you're logging in with may be malicious! An exception to this is the following, here on the Jewelbox / SCG site, you go through steam to login. Take note of the URL, you're still on the real Steam Community website, you're just logging on normally. In this scenario, we (scg.wtf) does not get your password, you're using [Oauth](https://en.wikipedia.org/wiki/OAuth) to log in! {.left} 1. Steam/Valve will never ask you for your password. Especially via your steam chat. 2. People can threaten to report you all they like, it won't work unless you're actually breaking a rule. 3. A Valve admin will never talk to you on steam, a community admin may be different, but they cannot globally ban your account. Look out for scams that ask you to add someone, or visit a sketchy website. {.left} This is an example of a scam in action, don't fall for it! >From Jhar: Most if not all scammers or malicious people create a “sense of urgency” to their messages in order to provoke action. In addition, be very careful when logging into a website, take note of the URL and watch out for any weird misspellings or incorrect names. This applies to email scams when checking sending headers as well! ### \#4 Other tips! Here are some quick tips that may also come in handy! 1. Always make sure you're using Https instead of http! Https is for securing data you send back and forth between a website, and can help avoid people in-between watching your data. 2. When using public wi-fi (As in, free or otherwise passwordless wifi you find in public) avoid logging into anything with your passwords if you can help it, if not, make sure you're accessing the website via https! 3. Use open-source software when you can! What does that mean? Use software that hosts the code library on a website like Github or Gitlab, open-source software means almost anyone can contribute and audit it, which helps avoid potentially dangerous schemes like malware. 4. Don't be afraid to ask for help with a security question, or if you think someone's account may be compromised! For more help, feel free to write here, or ask the nerds over at the #tech-support channel in the [SCG Discord!](https://www.scg.wtf/discord)