☆ Keen Cipher
Welcome to the Keen Cipher, the very sharpest account security guide! Contained herein are the major steps you can take to make sure that your account stays out of the hands of those who would sell your gold for cash, empty your safety deposit box, and pound your wonderful pets. Yeah, those people are jerks. Let's not make it easy for them. Many of these lessons can be used across the internet, so get wise to account safety!
☆ Special Word and Pin Security
Your Special Word (SW) is what stops everybody and their mother from accessing your account, and so it is of primary importance. However, many are lazy when it comes to ensuring that this first line of defense is built to withstand attacks. Don't be one of those people.
POOR PW securityThere are some things that you should never, never do, regardless of what site you're logging into.
- Never have a PW that is a simple sequence of numbers or letter. 123456, 111111, 654321, abc123, qwerty, qazwsx, and asdfghjkl may seem like secure PWs, but they are among the very easiest to guess.
- Never have a PW that is a common or popular PW phrase. There are lists across the internet that have the top 50, top 100, top 500 PWs used. You know what the number one is? "PW (the actual word, which we're not allowed to say on Neopets)". Seriously. "Iloveyou", "monkey", and "michael" are all common ones as well.
- Never use PWs that relate to information others can easily obtain about you. For example, my birthday is January 17th, 1984. A PW of 01171984 would be super easy to guess. I'm also obsessed with the colour purple and rabbits, so any combination of those two words would be foolish.
- Don't use the same PW everywhere. While Neopets has never never ever in the history of ever been hacked, many other places get hacked every day. If you intend on spending time (and perhaps money) anywhere, use a PW that is unique to that site.
- Avoid writing down your PW Professionals will tell you that having a physical copy of your PW somewhere may be a serious security breach. If you absolutely feel that you must write down your PW, at least don't be obvious about it. Write down PW hints rather than the PW if you can. Keep the paper or file in an unusual location. It is up to you to keep your PWs safe.
GREAT PW securitySo, now that you've gotten through what NOT to do, I expect you're curious about what you should do. There are a number of different methods to creating stellar PWs, which we'll get to momentarily. First, a few things you should always do if you want to have good PW security.
- Change your PW frequently. About once a month is the suggested time frame. Make sure you also do this for the email address associated with the account in question.
- Make your PWs long. Greater than 6 characters is recommended, but as you can see, you can easily make memorable PWs longer than a dozen characters. Be cautious however – some sites have PW length limits.
- Utilize numbers, letters, and symbols. In other words, use all of them together. Now, some very bright people will tell you that numbers and symbols aren't strictly necessary. They're essentially right, but I strongly suggest you use them anyway. First, numbers and symbols make a PW harder for another human to guess. Second, a lot of sites, including Neopets, require them. Rather than doing what everyone else does (adding a 1 or a ! to the end of your PW) you might as well learn to use them well.
☆ Special Word & Pin CreationIf you've gotten this far, you're already ahead of the game! Now we'll work on making the very best PWs you possibly can!
Excellent Special Words
There are a number of methods you can utilized to create words that are easy for you to remember, but impossible for others to guess or accidentally stumble upon.
Method 1: Mastering Mnemonics
Mnemonics are tools that help you remember things. You use them all the time, and the first-letter mnemonic is one of the most popular. Unless you're a space geek (which is a pretty darn awesome thing to be!) you probably use a mnemonic to remember the order of the planets of the Solar System. The one I learned was "My very educated mother just served us nine pizzas." Yes, Pluto was still considered a planet.
Anyway, you can apply this to PWs to create a great one. Use a phrase you're familiar with - a favorite saying or song lyric will work nicely. For this example, I'm going to use
Mary had a little lamb her fleece was white as snow.
- Take the first letter of each word
- Capitalize characters. In this case, I chose those that my friendly neighborhood toddlers tend to emphasize.
- Add numbers and symbols. How about some numbers at the beginning, middle, and end of the phrase? I'm going to choose today's date.
Ooo, and symbols. How about... well, question whether or not that's really a little lamb, and fleece as white as snow is probably worth bank. Thus:
Method Two: Common Words
No no, not common phrases. Common words. There are a number places on the internet that you can access lists of, say, 500 most common words in any language. Choose several of them, but stick to words that are at least four characters long. For this example, I chose the following.
In my head, that's children standing in the street, shaking their tailfeathers. Thus, I might update this PW to the following:
Yeah. Phew! Now, as we did in method one, change your capitalizing and add numbers and symbols.
Yup. Again, a PW that is unique, easy to recall, and incredibly difficult to guess. Good for you!
A note: I created these PW just for examples on this page. Do NOT use them. That would defeat the purpose.
Method Three: Full SentenceFull Sentences can be easier for you to recall than the previous two methods – however, they can also be the easiest to guess. Remember, some short and well known phrases are some of the most common PWs. A good idea is to write a unique sentence that does not begin with the words "I" "you" or "the". For this example, I wrote the following sentence.
And put the baby together
As we did in the previous methods, now add capitalization, numbers, and symbols. I've also shortened some of the words – night becomes nite and the like. You can also extend words if you need to – I becomes eye, T becomes tea, etc.
Here you are again with a PW that you can recall, and that are truly painful to try to guess.
Pin NumbersYou've fewer options to make your pin difficult to guess, but there are still a number of things you can do to make it hard.
- Don't use a number that's easily guessed. These include numbers associated with you, such as your birthdate or digits, or well known numbers, such as titles of books or movies.
- Change your pin number frequently. Again, about once a month should suffice.
- Use a number unique to Neopets.
- Just like your SW, don't use a pin that you use in other places, such as your bank pin or voicemail.
Other than that, your digits are up to you. If you drink or eat things from packaging, why not grab the first few digits from the UPC code? Random numbers from a wikipedia page? How many times you can snap your fingers in a row? Or, use a random number generator - again, easily found across the internet.
Congratulations! With your PW and pin dramatically more secure, you've taken a first step towards an impenetrable account!
☆ Keeping it SafeThere are some big rules for navigating Neopets that will help you keep your accounts safe. Are you familiar, first, with the Neopets security page? If not, click that link and familiarize yourself. Now then, a few basic rules
1. If it seems too good to be true, it is.Someone on the boards is offering that super rare expensive item for next to nothing? Someone is offering to take care of your pets for you while you're away on vacation? Someone can triple you NP for you in just a few days?
Back vile toad!
Scammers are as prevalent as scaramanders in Neopia, and they prey on the greedy, hopeful, and unwary. There are a huge number of scams, but they all essentially boil down to the same thing: hand over your nps or your special word.
If you think it's an amazing deal, it's probably a scam. If you're not sure (or if your desire for that rare and beautiful item are too much) ask your fellow Neopians. The Help Chat will help you reorient yourself to safety!
For more on specific scam tips, check out the pages in the Sitely.
2. Look before you loginFake log-in pages are an easy way for someone to get your special word!
If you were browsing Neopets and find yourself suddenly at a log-in page, watch out! Make sure that the URL is correct by typing it in yourself: www.neopets.com, aka the Neopets home page.
3. Know thine enemy.Cookie Grabbers! Keyloggers! Trojans! What can a humble Neopian do against such dastardly foes?
First, we're no longer just talking about account security, but about computer security as well. You need good browsers and good virus protection! Spend some time learning about these things, and it will make your overall internet experience better. (Links here when I get some, totally)
Lucky you, there are some super hero Neopians out there who have written pages to help you protect your account from villains! Check the Sitely for links to some of them!
4. Utilize Available TechnologyFor as many scammers and nogoodnicks that exist out there, there are also a whole bunch of people who want you to never fall prey to them. Some of those people produce awesome things. Check the Sitely for links to some of them!
☆ FAQOh, every page has to have an FAQ. If you do have a question or concern, feel free to neomail me. If it seems like a good question, or is asked often, it will probably be added to this.
These PWs aren't easy to remember!This is the concern I receive most often. First, these example PWs are probably longer than you're going to use, and that's just fine. However, you can memorize any string of random characters through use. My wireless PW is 22 random characters, and I can type it in without thinking much about it. On another dramatic end, I recently saw Penn & Teller memorize a series of nails in a nail gun. Point is, your brain can in fact do this. It is your job to make it meaningful enough to you that you remember it. These are just some tools to help you make it fantastic, rather than mediocre.
Hey, weren't you hacked?Yeah. Why do you think I started this page?
It's not a hacking, strictly speaking. However, yes, some villain did get access to my account, and used it to clear me out. TNT acted quickly and beautifully, so not all was lost. It was because my PW was a number different than a PW on a non-secure site which was (actually) hacked. It feels worse because I knew better than to do that, and had indeed considered changing my PW a number of times. Never did, and I paid the price, to the tune of several million NP and unknown time lost. So, learn from my mistake.
☆ Sitely & Linkback
A collection of links!
Links to other pagesThe following sites have a great variety of useful information about insuring that your time spent in Neopia is as safe and secure as possible. I strongly recommend taking the time to read through them, so that you are prepared. Do you have a good page that should be listed here? Send me a neomail!
Neopets Security PageThe Neopets security page is a basic security page with which you should be familiar.
LupeMoneyCounterThis page lists a number of common scams and ways to identify them. Some of these are strictly against the Neopets rules (and therefore reportable) while others fall into a sort of grey area. Familiarizing yourself with these common scams is well worth your time.
CG DefensePunchback Bob has a well done page exploring cookie grabbers/xss scripts in depth. This will help you know what to look for.
NoScript DefenseAlso linked above, Sciano's page about this Firefox addon can help you to protect your account against cookie grabber scripts.
Who Knew? Frozen AccountsWhat if the worst happens and someone's cracked your account? Well, hopefully Neopets support staff have frozen your account to help keep it safe. You'll need to know a lot of information to get your account back though. Shimmeringbliss has a short, sweet, and effective guide to doing this.
Newbie GuideThis fantastic page is a full guide for those of you new or newish to Neopets. Know about the site may well help you not be a victim of scamming.
Akaunts' Accounts FAQStrictly speaking, this is only sort of associated with account security. This is a petpage dedicated to explaining what is and is not permissible on side accounts.
Link back to me?Please spread the word! Everyone deserves a safe account.
Button by Rico (linked in the navi).