M
mischman
Legend
Silver Level
Posted by Lee Jones on 2+2.
Hi folks -
A well-known player wrote me and asked for any suggestions I had about counter-strategies against account hackers. There have been a few high-profile cases recently and this person was (understandably) concerned.
I took the liberty of forwarding his question to JeffW - a senior staffer at PokerStars. Jeff has been with PokerStars longer than I have, and has a eighth-dan black-belt in computer security. Jeff sent back a list of 11 guidelines for protecting your computer and online poker account.
You may not like them all - some of them are a hassle and some are in direct conflict with the way a lot of you live your online poker lives. But this is serious stuff, and there are some Very Bad people out there working hard to separate you from your bankroll. And I don't mean the good poker players.
I hope you'll read carefully and follow these guidelines.
Best regards,
Lee Jones
PokerStars Poker Room Manager
----------------------------
Jeff’s computer security tips for online poker players
1. Never let the system “remember” any of your passwords. While systems provide this as a matter of convenience, this is the most common "hack". A password does nothing for you at all if itnever has to be entered.
2. Password-protect your Windows system so that when it goes to sleep, you have enter a password to get back in. This is security 101 stuff but almost nobody does it.
3. Always choose a strong password. Never use a word that can be found in a dictionary, and never, ever use kids names, birthdays, friends names, or a password related to the site. “pocketaces” is a terrible password for online poker. Good password selection can be as simple as picking a book off your bookshelf, flipping to a random page,and picking two words from it at random separated by the page number. Then bookmark the page and circle the two words in case you ever need to look it up again. Doing this just now with a novel I came up with a password of “great167side”.
4. Never, ever share your poker account password with anyone. You wouldn't let someone else access your online banking, so why let someone else access your poker account? Likewise, no reputable site will ever ask you to send your password for any purpose other than to actually log into the site in question. Any other time you're asked to give up your password, you're being scammed.
5. Don't use the same password in any two locations. Sure, it makes it easy to have the same password everywhere. Easy for you. Easy for hackers. You may trust the operators of this forum, but if you sign up at a forum somewhere and use the same password (and heaven forbid, the same user ID!), then you're asking for a hack. A determined hacker is willing to go to the effort to establish a forum that looks legitimate and to stick with it for a VERY long time, in order to harvest many emails, account names and passwords. Only months later will he go in for the kill, draining at once all the accounts he's managed to find.
6. Change your passwords often.... very often. 3 months is too long to keep the same password on a financial account. When changing passwords, never re-use an older password, nor any variant of it. If your last password was (as insecure as) “iraisewithAA”, then your next password should not be “iraisewithKK” or even “ifold72offsuit”.
7. If someone chats you up online claiming to be your close buddy who wants a loan...call and ask first. You wouldn't hand money to a stranger in a casino because “your buddy Joe said he needs it, he's right over there in the Pot Limit game, honest”. Don't do this online, either. If he is that good of a buddy, you have a phone number for him. Call him first.
8. Never log into Windows to play poker as "Administrator" or equivalent. Use a restricted user account to make key loggers or trojans have a much more difficult time gaining access. Yes,Windows XP Home Edition users have no choice in the matter, since every user account is by default an Administrator. Don't use XP Home to play online. Use XP Professional.
9. Windows Firewall stinks. It will not protect you, as it only blocks attacks from the outside from getting in. It does nothing to protect you from thingsthat managed to get in from communicating with the outside world. No matter how much it bogs down your system, you need a good bidrectional firewall that will alert you when software triesto access the Internet. Norton, McAfee, ZoneAlarm, Kaspersky. They are your friends, and they are not optional – use one (exactly one) of them. Same for at least two good spyware scanners.
10. Virus/Trojan/Spyware Scanners only detect things they know about. It is still possible to catch a customized piece of spyware or a key logger that has never been reported to the scanner authors... and you'll never know you've been infected in such a case. Thus, exercise good judgement when deciding what to download. How much do you know about that third party HUD (“heads-up display”) tool? Does the author identify himself? Has it been around for a long time and used by many players without incident? Don't be the guinea pig that finds “malware” the hard way. Don't install downloaded software you don't implicitly trust completely... and that list should be avery short one.
11. Here’s the hard one: don’t play online poker on anybody else’s computer. We know that’s anathema to the young, mobile, hip online poker crowd. But consider this: You go to all the trouble to protect your computer and PokerStars account with the steps we’ve outlined above. Now you sit down at somebody else’s laptop and type in your userid and password. You know virtually nothing about the security of that computer, and have just wasted all the work that you’ve done to protect yourself. If you really “must” play online poker on another computer, do it on a machine owned by somebody that’s as careful about security as you are.