User blog:LostInRiverview/A friendly reminder about internet security

I'd like to take a few moments of your time to remind you&mdash;yes, you!&mdash; about the importance of being smart and secure when you use the internet or use internet-connected programs or devices.

Sims Community has put out a story regarding a recent attempt by a malicious individual (or individuals) to "give away" stolen Origin accounts. These accounts often include large libraries of games, as well as personal information and credit card or other payment information. This kind of information, when in the wrong hands, can do serious (and sometimes irreversible) damage to your finances.

On top of this most recent example, there are countless examples of malicious people gaining access to accounts on virtually every web service; Google, Facebook/Instagram, Twitter, Snapchat, Steam, etc. Even accounts on FANDOM/Wikia are not immune from attempts to gain access. Once this access has been gained by these bad users, it can be very hard to repair the damage they cause.

On The Sims Wiki, it is policy for us to permanently block any account suspected of being compromised. Our view is that only the rightful account owner should be editing with their account. If an account is compromised, we have no choice but to prevent it from editing until such time as we can determine that the rightful owner has fully recovered the account; proof of this may be difficult or impossible to produce, meaning that the rightful owner may never be unblocked from editing here.

Our view is that "an ounce of prevention is worth a pound of cure." With that in mind, we have a few Do's and Do Not's for you. These are general tips for general internet security that everyone should practice!

1 - Use strong passwords, and change them regularly - Listen, I know it's inconvenient having to do this, but regularly updating your passwords is one of the best forms of security you can have. It's important to pick passwords that are difficult to guess. Make sure your passwords are long and don't contain any easy-to-guess words or phrases. If you ever suspect that someone has accessed, or tried to access, an account of yours, be sure to change that password right away.

2 - DO NOT USE PASSWORDS ON MULTIPLE SITES/SERVICES - Absolutely do not reuse passwords! Reusing passwords on multiple services is a huge no-no! If a malicious person figures out your password on one site, they will likely try to use that password on other sites as well. Having one compromised account is bad enough, but using the same or similar passwords on multiple sites gives an attacker the opportunity to compromise several accounts at the same time, gaining access to any personal information you've stored on any of those sites. Worse yet, if they can gain access to your email account, they can then change your passwords on other sites by filling out fake "forgot my password" requests, even if those accounts use a different password!

3 - Enable two-factor authentication (2FA), if available - Many web-based services allow account owners to set up two-factor authentication. This adds an extra layer of security by requiring the user to offer two forms of proof that they are in fact the rightful account owner. This often takes the form of a code that is sent to the user's mobile phone, but there are other examples of this. With 2FA enabled, a malicious user who somehow knows your password won't be able to gain access to your account unless they also have your mobile phone. And speaking of mobile phones...

4 - Secure your mobile phone (and any other electronic devices) - It's 2019, this should be basic stuff, but it bears repeating anyways. Your mobile phone is a window into your everyday life, and if you're like most of us, you do a lot with your phone on a daily basis. Make sure that your phone is secure with a strong password (and remember, don't reuse passwords!) or other form of strong lock. Other devices with access to your web services and/or accounts, such as your personal laptop/desktop or tablet, should also be secured. The idea should be that even if someone stole your device, they wouldn't be able to gain access to your data; the data is likely to be even more valuable than the physical device itself.

5 - Monitor your account activity - Many sites and services track your log-in activity. Keep an eye on these records, and react immediately if you see something suspicious such as a log-in attempt from a foreign country or from a device you don't recognize.

6 - Do not give passwords or login info to anyone - A lot of internet scams aren't based around hacking into your accounts, but are instead based on tricking you into giving up sensitive information, such as passwords or bank account info. Understand that no one with legitimate purposes will ever contact you to ask for your password or other login credentials.

7 - If it sounds too good to be true, it is - Be extremely wary of anyone offering to give you stuff for free, offering to send you money, or offering to provide services that you didn't contract for.

8 - Don't share your accounts - It can be tempting to register a single account for multiple people in the same household, but beware the risks involved. Even if you are smart and practice good internet security, there's no guarantee that everyone else in your household will too. This is assuming that all the people you share your accounts with are trustworthy in the first place, which may not be guaranteed either. Finally, realize that on many sites (including on The Sims Wiki), account sharing is forbidden. The Sims Wiki's rule is "one person, one account;" just as we do not usually allow one person to control multiple accounts, we do not allow more than one person to control the same account. – Hopefully, with a little bit of preparation and prevention, you can avoid being the next victim of a cyber attack. In the comments below, let us know if you have any other tips for how to be a more safe and secure internet user.