1. Protecting your own account is more than important. Not online on Hypixel Network but also in your daily life. School, work or even your home connection are all affected by this any second. So having your account secured and still being able to log in as fast as possible is not common these days. In this guide, we make sure that we try to make it easier for you by following some basic tips we will apply to you.

    Basic tips
    1. Do not share your password with anyone, not even your dog or even shouting it out loud.
    2. Do not use the same password twice and always update your password monthly if possible.
    3. Staff or employees will never ask for your password.
    4. Companies will never call, mail or even email a request to share information about your account information (password, security questions or SMS code). Companies will let you know how you can make your account more secure by linking a page to where to change it to.
    5. Do not click any links you are unfamiliar with, do not download anything someone asks you to do download if you do not trust them.
    6. Do not connect to wifi networks you don’t know and you are not sure if you should trust them (including public wifi without any password required). More information about this here.
    7. Do not log in on public devices at all or devices that are easily accessible.
    8. Keep your Operating system, antivirus and browser always up-to-date and make sure you are aware of the news about these type of subjects. The news page I use can be found here.
    9. Use a password manager such as lastpass
    10. Enable 2FA where possible
    2 Factor Authentication
    A 2-factor authentication code is commonly used as an extra layer of security on your account or accounts. These methods are most likely used by most companies and if not, they will be used soon or later.
    There are a lot of types 2 Factor Authentication system developed of the past 10 years which as an outcome the most commonly used are the following:
    • Security questions; having two questions or more about personal information which only you should know ones a month or only when you res

    • Email Verification; having a code or sometimes even a verification link send towards your mail which you have to use every time to log in.

    • Code Generators; an SMS code or a third party application which generates codes.
    I will go by each one of them step by step and which company might be using them for a while based on my personal experience.

    Security questions
    You have seen them in Mojang or even in your bank account. Questions which is personal and direct towards you. For example; ‘what was your first cat name?’
    Those questions are meant to be a security matter. They are often a requirement to type them every time the same, capital and spaces included to make sure you are correct with your question.

    This type of information is still a type of information which you might have shared on your Facebook or any other social media. which means that this type of security is not the most recommended to use if a company has the possibility to choose between a lot of them.
    Email verification
    Microsoft, Gmail or steam all have an email verification code method in their systems. These systems are there to send you a code which you can use for your account ones each session or sometimes a timer on it as well.

    These codes which are most likely 6 digits long or even more is one of the code solutions which is out there right now and often used for the first time or even every time you log in on the account.

    This type of information is most likely to be on your email. This will lead that your email will also be compromised in a matter of time. Which will lead into that you should not use the same password twice in for anything.
    Code Generators
    Google, Hypixel, Twitter or any other huge company is using this method these days. It is either with an SMS code or with a third party application. These are often used and you can trust your device to the account for 30 days and you will only use the code ones in those 30 days.

    These codes will come from a server and are 6 digits long. They refresh every 30 seconds and it is hard to hack/bypass this method with a system. There are a lot of third-party applications who get this code for your instead of using an SMS system. The common apps are;
    These applications can manage the codes and will show you a new code every 30 seconds.

    The source and more explanation of how the Code Generators work could be found here.
    Breaches
    Daily a lot of robots or humans try to get information about accounts or information they could sell to other people. A lot of people try to get breaches via;
    • a database;

    • Phishing you via an email
    for this type of information.

    We will help you with giving your more information about how to possible detect these type of people who try to get your information via these ways.
    You can be notified when your account was in a breach using https://haveibeenpwned.com/

    Getting into databases
    This one, you can’t see it but since this year a lot of companies are required to deliver news about new breaches within databases and keep their customers/users updated about who and what got leaked.

    You will either get a mail from a company saying that you should change your password on the website. To make it secure for yourself, don’t click on the link they send via the mail but search it up via google to make sure it isn’t a scam mail. You can check if a breach has happened on https://haveibeenpwned.com/ on here you can also enable email notifications to get notified when your email is included in a breach.

    [​IMG]

    Example of a data breach mail.

    Always watch out what is happening, it might be a real mail or not, but always be secure it via the tips above.
    Phishing via mail
    You know them, mails from companies about that you need to pay something or otherwise you will be in a lot of trouble. Mails who said that they need to update your bank information via a link.

    You would think, who would fall for it? Well we all did at some point or will do it in the future. Some of them are really hard to catch but you can always look better before you click on a link and ask yourself the question “Does a company really ask me this?” and you can call them if you are not sure about it.

    We have a few examples about some phishing mails, watch carefully some of them might be real.

    [​IMG]

    [​IMG]

    [​IMG]


    These examples, often look very real but you can see grammar mistakes or sometimes even company name errors in it
    If you are still unclear how breaches work, I would recommend to watch this video.

    Credit to @Hoopless for helping a lot with this thread!
     
    #1
    Last edited: Jan 1, 2020
    • Like x 41
    • Useful x 29
    • Helper Lapis x 6
    • Mod Emerald x 2
    • Agree x 1
    • Creative x 1
  2. Stannya

    Stannya Well-Known Member

    Stannya
    MVP++
    Blue Crew BLUCRU
    Member
    Messages:
    2,444
    Nice thread!! Hope this gets pinned because this is a very important topic.

    Recommendation:
    Use this for the Google Auth App. Add a spoiler with a screenshot of the iOS app, and a screenshot with the Google Play app. This could help players because they will know exactly what they need to get.

    Conveniently, I have an iOS device and I've made a screenshot for you:
    [​IMG]
     
    #2
    Last edited: Oct 1, 2018
    • Like Like x 3
    • Agree Agree x 1
  3. agreed everyone should have these things
     
    #3
    • Like Like x 1
  4. Good thread, ill be sure to check out that last pass thing
     
    #4
    • Like Like x 1
  5. This thread should be pinned somewhere, thank you for this.
     
    #5
  6. Will add this once I'm home :)

    Its really easy to use and helps a lot, if you want my ref link (so you have free premium for a month) pm me asking for it ;)
     
    #6
    • Like Like x 2
  7. Vegito

    Vegito Well-Known Member

    Messages:
    758
    How does this work though, certain steam verification work like this too and Im just wondering how
     
    #7
  8. Really nice thread I hope this helps lots of people making their accounts secure. Personally I was already doing all of these things but it’s still useful for younger kids and people who don’t know a lot about the world of the interwebs
     
    #8
    • Like Like x 1
  9. Craftathon103

    Craftathon103 Active Member

    Messages:
    237
    This thread is very important. Should definitely be pinned as it can definitely help out a lot of people.

    I personally would have made the first paragraph centered as it gives a nicer appearance but the information given is incredible. Great job!
     
    #9
    • Like Like x 1
  10. Very well done thread, good job.
     
    #10
    • Like Like x 1
  11. Steam has its own app, most services use the google auth app. You just install it from the play store (or ios store) and scan the QR code the website provides.
     
    #11
  12. Public WiFi just almost doesn't exist... :)
     
    #12
  13. Velt

    Velt Well-Known Member

    Veltah
    MVP+
    Messages:
    1,161
    Nice guide! :)
     
    #13
    • Like Like x 1
  14. Almost anywhere I go (here in Belgium) has public wifi. It just depends where you are from :p
     
    #14
    Last edited: Oct 1, 2018
  15. I have now added this with the addition of the play store version, thanks for the suggestion :D
     
    #15
    • Like Like x 1
  16. Nice guide! Maybe give a few tips upon how a password should look , for example passwords should be long and should involde different characters and numbers etc. :) Also , they can check how strong their password is on online sites.
     
    #16
  17. I included lastpass, this application makes you able to have a password up to 100 characters long totally randomly generated check out the site for more info. A lot of sites limit the length of your password and checking how strong your password is can be done by lastpass if you are interested in that.
     
    #17
    • Agree Agree x 1
  18. MS-DOS

    MS-DOS Active Member

    Messages:
    500
    id say that authy is much better than google auth cus encrypted cloud backups if you switch devices for example also authy onetouch is neat on sites that support it
     
    #18
  19. nobody cares
     
    #19
    • Dislike Dislike x 2
  20. I haven't used this myself and as far as I know it does the same as google auth but is better when switching phones. I will look into it and see if it is worth adding this :)
     
    #20

Share This Page