Why Account Security is Important
The world and many things in it are increasingly moving online, and with this change comes the need for heightened awareness and security of one's personal information. Cloud Imperium Games offers a few different free options to help our players better secure the integrity of their RSI accounts and thus any personal information that it may contain.
We encourage all players to use good account security practices and so this guide will go over the basics. Such practices are important to:
- Protect a player's contribution into CIG and the Star Citizen project.
- Protect a player's personal information that may be available within an RSI account.
- Once the game has moved out of testing phase into live release, protect the integrity of the in-game economy.
Security Features for RSI Accounts
We are always reviewing our security and protection methods to ensure that our players' accounts and information remain safe. On a basic level, we have some requirements that an account password must meet in order to be accepted as valid. Should a chosen password not meet these requirements an error should be presented explaining why it does not. While we do not require a password be updated after a certain amount of time has passed, we recommend that players do change their password periodically.
As part of our ongoing security efforts to prevent unauthorized account access, RSI now utilizes a system that reacts to unusual login activity and as a result, may prompt for additional precautions on some login attempts. If you see more security prompts than normal it is likely due to these additional security measures.
We also offer two different methods of applying Two-Factor/Multi-Factor Authentication (2FA/MFA) to an account, both of which are free of charge.
- Email Two Step Authentication - The system will send an authentication code to the player via email that they will then need to use to access their account.
- Mobile Authenticator App - A downloaded smart phone or mobile device app that can be used for free, which will generate login codes for your account.
At the moment, MFA is not required unless a player wishes to reclaim or gift any of their pledges. This may change in the future. As an extra layer of security, if unusual login activity is seen we may enable email MFA on an account as a precaution if it was not active previously.
Repeatedly failing an authentication check or multiple consecutive login failures from incorrect passwords or usernames will result in access to the account being blocked for a time. If this happens, check back later and considering doing the Account Recovery process to ensure you have the proper login information.
What is an Account Compromise?
When we say "Account Compromise" in the context of Star Citizen, we are speaking about an RSI account that has been accessed by someone who did not have permission to do so. Once access has been gained, the rogue party will typically do what they can to take what they need for themselves or attempt to secure the account against recovery to strip of value later.
Players call this an "account being hacked" even if there was no hacking involved, but it's a familiar, easily understandable term for the situation. Most cases of rogue account access that we have seen is due to compromised account credentials from elsewhere being used to access an RSI account. This means a combination of a player's email, username, and/or password was already known by the bad guys and thus they could walk right into an unprotected account.
Other causes for account theft are a compromised email account, a security vulnerability in a player's computer or operating system from out of date software, or a malicious program like a virus or keylogger to capture login details and send them to a third party.
This is why MFA is so important as it adds an extra defense against such measures.
Should a player find themselves in the unfortunate position of finding their account stolen from them, they can head to our related article for instructions on what to do next.
Why do Account Compromises Happen?
The biggest reason: money.
This is not a problem that is unique to Star Citizen and is an issue for the gaming industry at large. Like in many other online games, there is a market for rare, limited edition items, or for any items that may be seen as powerful or a status symbol for their owners. If there was not a market for such items then there would be no reason to steal players' game accounts or the items or game currency contained in them.
In Star Citizen the items in question are ships, hangar flair, and such. These things are in a unique position of having a definitive real money value attached as they are granted from pledges made by players to financially support the ongoing development of Star Citizen.
Account Security General Tips and Best Practices
- Use a strong, unique password.
Avoid using the same password that you use elsewhere on the internet. Be sure to include numbers, letters, and special characters in your passwords.
- Enable Multi-Factor Authentication.
CIG offers this through email or device applications available on mobile App Stores.
- Keep your anti-virus and internet security software up to date and scan regularly.
There are multiple free options available online and Windows Security will be available on all Windows operating systems.
- Keep your operating system up to date.
Many compromises occur because of vulnerabilities in operating systems that have not been kept up to date.
- Don’t share your account with friends or family.
Allowing others to access your account compromises its security. Not even RSI agents will ask for your account password, so do not reveal it to anyone.
- Only trade with players you know and trust.
As with many things, if an offer sounds too good to be true, it probably is.