Jump to content

Account Security: Best Ways To Protect Yourself and What To Look Out For

hrtbrk

By hrtbrk
in Neopets News

 Share

Recommended Posts

  • Popular Post
hrtbrk Experienced

hrtbrk

Posted
  • Popular Post
Posted

Hi everyone! It's that time again where we like to send a friendly reminder on account security and how you can protect your account.

 

koi_grey_sigh.gif

 

Over the past week, there have been an large amount reports of accounts being broken into, affecting people who view the Neoboards, pet pages and neomails. But fret not, there are a few ways you can protect yourself!

 

Always remember to log out.

This is an important, and easy step in preventing your account from being compromised. Doing so issues you a new cookie, which is something that remembers you every time you go back to the website. It is what account thieves steal from you in order to gain access to your account, so by logging out and logging back in, it makes the cookie that the thief may have become obsolete and unable to gain access to your account!

 

Frequently change your password/do not use the same password for every account.
While cookie grabbers cannot gain access to your password, it it still a wise choice to update your password every few months. Make sure you choose something that is not easy to guess, and have it contain a string of different numbers, letters, and characters.

 

Put a PIN on everything.
Making sure you have a PIN on everything that is important to you will help prevent any items, neopoints - or worse - pets - from being removed from your account.

 

Turn OFF Advanced Neomails, NeoHTML and other fancy font effects.
It is suspected that cookie grabbers (CGers) are being embedded into Neomails as well as on Neoboards. It is recommended that you enable Plain Text Neomails in your user preferences as well as going into your neoboard preferences and disabling the fancy text as well as hiding Neo-signatures. This should block any malicious script that is hidden in these features.

 

NOTE: If you receive a suspicious neomail, it has been advised to not open it up.

 

Use other browsers and their plugins!
If you absolutely have to view a pet page, it is suggested to do so on a browser that you do not use for Neopets. It is also being suggested that if you MUST view the Neoboards to do so on a side account so your main won't become compromised. Additionally, a lot of browsers offer plugins that will allow you to block requests from websites other than Neopets. Doing so will stop the cookie grabber exploit from happening. Popular plugins to do this are NoScript and RequestPolicy (any script blocking plugin will do). If you choose this option, remember to white list requests from Neopets ONLY.

 

Additionally, always make sure your browser and their plugins (including Flash) are up to date.

 

If something is too good to be true, it probably is.
A lot of compromised accounts have had their expensive, rare, pets thrown into the pound as well as their galleries emptied into the Money Tree. Remember that if you see these things that it is probably too good to be true and you should not be tempted by cheap items appearing around Neopia as they came from a compromised account. It could be a trap or could end with you being reprimanded for it.

 

We hope these small tips and practices can help protect you around Neopia. For an extensive look at account security, please view our guide!
 

Link to comment
Share on other sites
Oquendof Newbie

Oquendof

Posted
Posted

I don't understand this: "If you absolutely have to view a pet page, it is suggested to do so on a browser that you do not use for Neopets. It is also being suggested that if you MUST view the Neoboards to do so on a side account so your main won't become compromised."

 

I mean, are we in danger if we see someone else pet page?? Or by going into the neoboards??

Link to comment
Share on other sites
hrtbrk Experienced

hrtbrk

Posted
  • Author
Posted

I don't understand this: "If you absolutely have to view a pet page, it is suggested to do so on a browser that you do not use for Neopets. It is also being suggested that if you MUST view the Neoboards to do so on a side account so your main won't become compromised."

 

I mean, are we in danger if we see someone else pet page?? Or by going into the neoboards??

Yes, you are in danger if you view someones pet page or go onto the Neoboards without taking these preventive measures.

 

It is suggested to view the boards on a side account, as if it becomes compromised, you will not lose your main account as it is typically more valued than a side account in several ways.

Link to comment
Share on other sites
Mouseykins Enthusiast

Mouseykins

Posted
Posted

Another tip I found was to put your favorite pet's petpet in Grave Danger as they can't be adopted or transferred while the petpet is being used for that game.

That unfortunately won't really do anything. If your account becomes compromised the password can be changed and your account can be emptied out. For your pet even though its petpet is in Grave Danger all they have to do is wait it out and then do what they wish. It's not a safety measure.

 

The items listed in the first post on this thread are your best ways at protecting your account. :)

Link to comment
Share on other sites
MysteryAF Newbie

MysteryAF

Posted
Posted

Actually I heard it's a bad idea to change your password because the new password goes to your cookies and the hacker obtains it immediately. Same with adding a PIN to everything. I guess NoScript would help with that though.

Link to comment
Share on other sites
Mouseykins Enthusiast

Mouseykins

Posted
Posted

Actually I heard it's a bad idea to change your password because the new password goes to your cookies and the hacker obtains it immediately. Same with adding a PIN to everything. I guess NoScript would help with that though.

That is completely incorrect! Please do not simply rely on everything you hear and classify it as the truth. With situations like this it's easy for people to panic and others like to spread false information that becomes misleading.

 

The steps that we have listed in the top post are correct and will help to keep your account safe. Passwords and PINS that you set for your account do not get logged in your cookies. If you're worried about cookies being logged or whatever then just clear your cookies and cache, which won't really do much because every time you log out, you're issued a new cookie.

Link to comment
Share on other sites
MysteryAF Newbie

MysteryAF

Posted
Posted

Well I'm super paranoid about losing my account so I didn't know what to believe.. >.<

 

I think that a hacker will be able to get into pretty much any account they want to with brute force, but maybe I'm just being stupid again. .-.

Link to comment
Share on other sites
mtsparky Newbie

mtsparky

Posted
Posted

I had some security measures in place before now on lock down, but Im still a little freaked about shops. What about quests, feeding kads and the employment agency? Using sides, which is also against rules!?

 

Why hasn't TNT made an announcement to inform, quell rumors and general paranoia?  Do we even know if it was cookie grabbers?

Link to comment
Share on other sites
Mouseykins Enthusiast

Mouseykins

Posted
Posted

 

Well I'm super paranoid about losing my account so I didn't know what to believe.. >.<

 

I think that a hacker will be able to get into pretty much any account they want to with brute force, but maybe I'm just being stupid again. .-.


The precautions listed above including not visiting petpages and the neoboards are the best ways to secure your account. If you visit those pages do them from a different browser and from a side account. :)

 

 

I had some security measures in place before now on lock down, but Im still a little freaked about shops. What about quests, feeding kads and the employment agency? Using sides, which is also against rules!?

 

Why hasn't TNT made an announcement to inform, quell rumors and general paranoia? Do we even know if it was cookie grabbers?


Yes it was cookie grabbers causing the termoil and they're still out there. So far shops and userlookups have been safe. That may change yet as well. For now it's isolated to those two areas. The best thing is remember to log out each time or after you've been to an area where you're questioning it's security. Also NoScript or other script blocking browser add-ons are a good thing to have as well. :)
Link to comment
Share on other sites
MysteryAF Newbie

MysteryAF

Posted
Posted

Why does Neopets seem to be the only website with this problem?

I doubt it's the only site but it's the main one.

 

If you search "how to stop cookie grabbers" on Google, about every link is about Neopets. There's clearly an issue with the security on Neopets.

 

CGers cannot get your pins, that it why it is a very crucial tool to prevent items/pets/nps from being stolen.

 

They also can't get your birthday either. Adding a birthday login is very useful for not getting your account hacked.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...