N 82 50 24 / Nat Arem Blog

You met me at a very strange time in my life.

Ten steps to secure yourself online for $50

This basically applies to people with Windows-based PCs.  Most people on Mac and Linux don’t have too much to worry about, but a bunch of the steps can be taken by the non-windows folks as well. But since Windows is still the best and easiest operating system for the computing novice to play poker on, I am going to write this mainly for Windows users.

This list is also for people who take their security seriously.  A lot of online poker players are simply too lazy to ever take security seriously, so they never pay any real attention to security and inevitably they get their accounts hacked.  If you’re lazy, this approach is not really for you.  It takes some effort to get all of this set up, although in the long-run I actually think it’s very low maintenance.

1. Use RoboForm. It encrypts and stores all of your passwords. You can only get at the passwords by entering the master password. Be sure to choose a random and impossible-to-guess master password!  RoboForm defeats keyloggers by automatically filling in passwords for you on the web. In addition, RoboForm has something called “SafeNotes” which are, essentially, encrypted text files. You can create SafeNotes for your online poker passwords (RoboForm, unfortunately, cannot automatically enter passwords on poker clients). Then when you need to sign in, you can go into your SafeNote and copy and paste your password. All a standard keylogger will see is Ctrl+C and Ctrl+V thereby keeping your password as safe as possible.  See the bottom of this blog entry for more info on RoboForm.
2. Change all of your online poker accounts so they’re associated with a random gmail address. Don’t tell ANYONE the address. In fact, don’t even tell anyone that you made the change. Depending on how paranoid you are, you can make a different random gmail for every poker account or use the same random gmail for all of your online accounts (if you’re careful with that one address, it’s probably okay to do the latter for convenience reasons, but it’s obviously safer to do the former).  And when I say “random” I really mean it.  Making an email like natpoker1, natpoker2, etc would be retarded imo.  Don’t let people guess your patterns!!  It’s the main way that people get hacked.  Your poker account emails should be like eycxw5v32c@gmail.com, bxm8bep969@gmail.com, etc (I just made those up using RoboForm).  When you’re signing up for your gmail account, do NOT put in a secondary address. While a secondary email makes it easy to reset a password, that also makes it easy for a hacker to reset your password at some point down the line. Instead of being lazy with password resets, use a combination of RoboForm and good backups to ensure that you never lose the password.  You should use gmail instead of hotmail, yahoo, msn or any other email service, including your ISP email. When you use gmail, go to the “Settings” link at the top of the page, then scroll to the bottom and ensure that “Always use https” is checked. This ensures that no one will be able to sniff your network traffic on a breached internet connection (well, technically they can still sniff it and capture your communications, but it will look like nonsense to them because it’s encrypted).
3. Use a different password at every poker site, web site and email address. RoboForm makes this easy for you because of the “Generate” button on the toolbar. For example, if I click “Generate” on my RoboForm toolbar and I select a 15 character password, I get the following: HVU6^H3$V8*5fwM. If I click it again, I get the following: K76pC5LY(k2F#Qr. Basically, it’s impossible to memorize those passwords quickly, let alone guess them. If you maximize password complexity and password length at every place you enter a password, it will make it very difficult for hackers to get a read on your passwords.  As an example, find out the maximum password length on PokerStars and make your password that maximum length.  Remember to use RoboForm SafeNotes to store your site passwords so people can’t get at them via email, text notes or wherever else you might store them on your computer.
4. Use Firefox 3 and always run updates whenever the browser prompts you to do so. It’s a pretty safe browser overall, especially with the right add-ons.  It’s also much faster than Firefox 2 or Internet Explorer.  While Google Chrome is a potential future competitor for Firefox 3, it is not yet a viable option because of the lack of easily addable extensions along with the inevitable growing pains (ie, initial bugs).  It also doesn’t support the RoboForm toolbar.  Lastly, while Opera is a good browser, it also does not support RoboForm and is therefore not the best browser option in my opinion.
5. Utilize Firefox extensions/addons.  I believe the most important security-related FireFox add-on is NoScript (see http://noscript.net). It helps you automatically block malicious JavaScript, Java, Flash and other things that can cause problems. But it will let you whitelist (ie, allow) websites that you trust. NoScript also helps to protect against XSS (Cross-Site scripting), which is a common vulnerability being exploited on the internet these days.  A second good add-on is the McAfee SiteAdvisor for Firefox (see http://www.siteadvisor.com). This add-on checks the URL you’re visiting against a McAfee database to see if it’s safe. This can help you catch yourself if you’re about to enter data on a phishing site or if the site is otherwise dangerous to your security.  There are lots of other security add-ons for Firefox, including many that I’ve probably never used.  Do some research on it and I’m sure you’ll find lots of good stuff.
6. Be sure to turn OFF password saving in FireFox. You can do this by going to Tools -> Options -> Security then unclick “Remember passwords for sites.” Also, once you’ve done that, click over to the Privacy tab and click Settings in the Private Data section. Click every box in the window and click okay. Then check “Always clear my private data when I close Firefox” and uncheck “Ask me before clearing private data”. Now, every time you close Firefox, your data will be erased and no one will be able to see any information about your browsing or access any of your accounts. You should probably also click “Clear Now” at this time to make sure that all of your saved passwords are removed.
7. I don’t personally use an anti-virus program, but if you’re not smart about what you tend to click on, AVG is as good as any company at anti-virus. They have a free offering which you can download here: http://free.avg.com. The paid version is obviously better, but you don’t need either one if you’re smart when you’re browsing.
8. Be wary of messaging clients/protocols. For example, with AIM, it’s very easy to guess the information needed to reset an AIM password (see https://account.login.aol.com/opr/_cqr/opr/opr.psp?sitedomain=editprofile.aim.com). When signing up for AIM accounts, always use fake/random information and don’t use a known email address.  However, AIM and MSN are inevitably very hackable and that’s why you see so many people getting their AIMs hacked.  There are a few options.  First, Google Chat is not nearly as hackable if you don’t have a secondary email address associated with your gmail account.  Second, never believe people on AIM or MSN or whatever.  Don’t click on links regardless of what they say (because even if a link says “youtube”, the actual destination of the link could be a malicious site).  Don’t do transfers without verifying that the person is who they claim to be.  Basically, treat online messaging as the dangerous medium that it is and assume that people can be hacked at any point.
9. Run updates via Windows Update or Apple Update.  I know this seems really simple and obvious, but tons of people never bother to do it.  Be VERY vigilent about updates.
10. Don’t let other people use your computer and don’t use other peoples’ computers when you’re doing anything related to your accounts.  Don’t sign into secret emails.  Don’t sign into poker sites.  I’m sure you trust your friends, but that doesn’t mean you should trust that they’re as smart as you are when they’re using the internet.  They could easily be compromised or get compromised in the future.  If they have poor security, you could leave traces that would make it easier for a hacker or malicious individual to find your accounts and your money.

Okay, so how much does it cost to secure yourself?  RoboForm is the only thing in this list that you have to pay for.  It costs $30 for your first computer and $10 for another computer.  You can also get RoboForm2Go which installs onto a USB stick for $20, although you need a RoboForm license to get the mobile version also.  I’m going to assume that most people will need a $30 license for their main computer and then a mobile license to take their passwords to a laptop or other computer (it can also serve as a backup), so that’s another $20.  $50 total to highly minimize your chance of being hacked.  I think that’s easily worth it.

To buy RoboForm, you can click here to secure yourself now.  That link has my affiliate tag on it.  I want to emphasize that I am NOT writing this post to make money.  I want my blog readers to be vigilant about their security.  But since I did put effort into this, I am including the affiliate tag.  If you’d like to sign up without being tagged to me, here is a RoboForm link without my affiliate tag.

Whichever you click on (if any), the most important thing is that you’re vigilant about security.  Stay safe.

Related posts:

1. Things I Wished Online Poker Sites Had
2. razeones, part two
3. another funny support exchange
4. admin@thepokerdb.com: a fun place to be
5. internet explorer sucks

If you enjoyed this post, please consider leaving a comment or subscribing to the feed to get future posts delivered to your feed reader.

Powered by Wordpress | WP Premium theme by WP Remix
Copyright 2008. Nat's Poker Blog. All rights reserved