Note: iOS 9 + Facebook users w/ trouble scrolling: #super sorry# we hope to fix it asap. In the meantime Chrome Mobile is a reach around
hot  /  reviews  /  videos  /  cblogs  /  qposts

Tips for securing your Xbox Live account

7:00 PM on 01.14.2012 // Chris Carter
  @DtoidChris

[Dtoider Magnalon has some great tips to protect your Xbox account from being hacked. - Kauza]

Lately, we've been hearing stories of an increasingly alarming Xbox Live hacking issue, and the lack of care and concern that Microsoft has exhibited in some cases. Sure, just being hacked is beyond inconvenient, but users also risk losing access to their accounts for extended periods and the horrible possibility of having to speak with Xbox support. Yikes.

In light of all of these issues, I thought it would be a good idea to share some security tips. Read on to learn the best ways to avoid having to put yourself through a Microsoft nightmare.

Choose a strong password

There are many schools of thought in regards to passwords. My philosophy is "you can never be too complex as long as you take the time to remember it". While this comic comically indicates that a longer simpler password is more secure than a shorter complex one, a longer complex password is not out of the question; provided you're willing to learn it. The comic does have a point though - passwords under ten characters, even in "l33t speak", are easily compromised. If you're not comfortable with complex passwords, let Xbox Live be your first exercise.

Make sure this password is only used for Xbox Live - a number of people are claiming that they use the same password for their EA account, which is linked to their Live account - this may be causing issues (the same can be said for Activision's Call of Duty Elite, and Ubisoft's uPlay). To avoid spillage, make sure you change this password every so often. You can change it every month, or every few months if you wish.

Additionally, it doesn't hurt to update your information and secret question/answer, so that you can recover your information from Xbox Customer Support in the instance you forget your password.

Do not link your Credit Card or PayPal to Xbox Live

As a general rule, you can buy cards at major retailers for both subscriptions and Microsoft Points (MSP). This is easily the most secure method of conducting business over Xbox Live.

However, in some cases you will need to link some method of payment - for instance, Microsoft will require you to input a method when buying the Xbox Live Gold Family pack, or any other special offer found through Xbox Live or Xbox.com exclusively. You can subvert this requirement by grabbing a Visa Credit Gift Card from pretty much anywhere. Unfortunately you'll have to pay $2-5 in fees to nab this card, but as long as it has an expiration date and CVC number on the back, you're good to go.

As a last resort, for people who are against limited payment options, linking PayPal can be acceptable as long as it's not linked to your bank account, but I'd recommend the above two options. Keep in mind that Microsoft stores all old credit card information - you can clearly see it on your Live homepage in account settings - while this is most likely encrypted (and a hacker would only be able to view the last 4 digits of the card), it's still a security issue, so link cards at your own risk.

If you're having issues with removing a card, even with auto-renewal off, it is most likely because this card is associated with your Xbox Live subscription. To get out of this, attach a pre-paid Visa card (after you link it to the account as the "second" payment method), then switch your account over to that card, then delete your primary "real" card.

Beware of Social Engineering

This goes beyond the typical "do not respond to random Xbox Live messages of people asking for your password promising Call of Duty prestige levels". Social Engineering can be as simple as someone you know finding your password written down near your computer. It can be as complex as someone stalking you over the web using your alias, Gamertag, or description in your Xbox Live Gamer Profile, to find PII to use against you in a hack attempt. People will also attempt to find information through means such as community profiles, Facebook, Twitter, Raptr, or other such gaming communities.

To be blunt, make sure you're not putting too much information out on the web. There's an old saying - "once it's on the web, it isn't coming out". Watch how much PII you put into your Xbox Live Profile. While you may think it's ok to state your exact address and full name, the wrong party can easily use this information to either steal your account by calling Xbox Live customer Service, or locate more information about you online.

I've literally seen people take pictures of their Government IDs and share them over public Facebook posts to show how proud they are of their new job. Always make sure you're thinking twice over what you put on the internet.

Beware of Software Attacks

Social Engineering is a security compromise based on human interaction and trickery, but software and machines can also compromise your account. Keyloggers are malicious programs that can detect keystrokes and passwords, and enable hackers to access your information. Internet pirates are probably familiar with "keygen" software and other such programs - these can be Trojans, and install software on your machine. Additionally, things as harmless as Windows Media Player videos and Internet Links can install software as well through loopholes in WMP and IE. As a general rule, do not use IE, and do not use WMP - when you download a video, attempt to open it in a third party program (I use VLC).

However, despite how hard you try, 99% of the computers in the world will get a virus or two in their lifetime, but there are a number of ways to combat these breaches. You can install a host based firewall/intrusion detection system (Windows comes with one for starters); Adware/Spyware removal; and Anti-Virus software.

A word of warning: be careful with Anti-Virus software - often times the software will prey on users, and will be malware itself - even reputable companies. For instance, I refuse to use Norton because of how much it can make a mess of your system. I like Malwarebytes and AVG - both have free versions that offer less protection. Ensure that your firewall is constantly running, and your software runs automatic updates and checks (at a convenient time, like when you're at work or asleep) every day. The key is to keep the software updated, to avoid zero day attacks.

While this may seem like it's the ramblings of a paranoid android, keep in mind that you can never be too secure.

Feel free to follow as little or as much of this as you're comfortable with.



Chris Carter, Reviews Director, Co-EIC
 Follow Blog + disclosure DtoidChris Tips
Chris (Magnalon) has been enjoying Destructoid avidly since 2008. He finally decided to take the next step, make an account, and start blogging in January of 2009. Now, he's staff! -----------... more   |   staff directory



 Setup email comments

Unsavory comments? Please report harassment, spam, and hate speech to our community fisters, and flag the user (we will ban users dishing bad karma). Can't see comments? Apps like Avast or browser extensions can cause it. You can fix it by adding *.disqus.com to your whitelists.

 Quickposts
Status updates from C-bloggers

Niwannabe avatarNiwannabe
All right, you guys, time for the important questions. Fuck, Marry, Kill: Tharja, Sully and Sumia?
Fuzunga avatarFuzunga
The time has come for me to play Earthbound.
Pixie The Fairy avatarPixie The Fairy
As the Ultimate Waifu gazed down upon the Earth from her Celestial Throne, she sighed, for mainly shit-tier waifus were being chosen. But one fairy gazed into the stars, declaring her love, sacrificing dreams and spiders on an alter of glitter for her.
ikiryou avatarikiryou
When a new Destiny article comes out
Alphadeus avatarAlphadeus
Thanks to my girlfriend, we own a PS4 now. ID is Ikaruszino. I don't own any multiplayer games (yet) or have PS Plus (yet :p), but feel free to add me so in the future maybe we can play something.
Bardley avatarBardley
My absolute finest moment in all of Metal Gear. Also, the first time I had driven a truck.
JohnSmith123 avatarJohnSmith123
Ok. That EDF 4.1 game is really really good. You can even sing and shout "EDF!" with your soldiers! Holy crackers.
StriderHoang avatarStriderHoang
I want to goad my wife into playing RE Revelations 2 with me but I don't know if she can deal with the whole 3D spatial movement thing, even if she plays the supporting character.
Lawman avatarLawman
Heads-up: Mega Man soundtracks are free right now at the Capcom Store. Guessing it's a glitch. All of them are digital downloads, except for Mega Man 9, which is a physical CD that requires money for shipping. Link in comments.
Solar Pony Django avatarSolar Pony Django
My Brawl in the Family books finally came! It took a while but Matthew (guy who made the series) has been super busy so I totally understand. =D
Dreamweaver avatarDreamweaver
Here's what a typical dinner with me looks like: Stouffer's chicken parmesan, Lay's potato chips, and a cold can of Mountain Dew, all eaten on a cold set of tiles. That's right, ladies, THIS is what you'd be missing out on. Eat your heart out, @SayWord.
thelivinglegend avatarthelivinglegend
Not digging the difficulty of Xcom 2 so far. I always thought the first one was tough but fair, but this seems that at times it won't matter what strategy you use, you'll end up losing and having to restart. Seems more trial and error than tactical.
Barry Kelly avatarBarry Kelly
How's everyone finding XCOM 2? My first campaign isn't going well, half a dozen deaths so far and a sea of hospitalised vets in the roster :(
Pixie The Fairy avatarPixie The Fairy
Just tried the SFV kiosk demo. Impressions: Charlie is weird now. Chun Li now down-to-forwards her signature kick. Ryu, Ryu never changes. How to V-Trigger? Hah, Capcom does not explain such things! Needs more Rathalos and Feylines.
Ckarasu avatarCkarasu
For anyone wondering: Digimon Cyber Sleuth is pretty good. A bit easy, so play on hard mode for challenge, but it's like playing Final Fantasy 10, but with Digimon. You can even get Black Wargreymon if you buy it this month. Clearly, the best Digimon.
CoilWhine avatarCoilWhine
I bought Bloodborne and $30 in PSN moolah to top off my Playstation shopping spree.
ChrisHannard avatarChrisHannard
I just made a thing of beauty.
Fuzunga avatarFuzunga
Nordic just saved a bunch of games from being delisted. Some pretty good ones! [url]http://www.nordicgames.at/index.php/article/galactic_ip_rescue_operation_aka_new_franchises_acquired[/url]
Atleastimhousebroken avatarAtleastimhousebroken
Weird brutal death metal song about Majora's Mask (Reminds me of Gorguts)! My life is complete! Lyrics in comments. https://profoundlorerecords.bandcamp.com/track/tales-of-the-majora-mythos-part-1
Dreamweaver avatarDreamweaver
I SWEAR the Goddess is trolling me. I HATE having dreams where everything's finally okay with my life, only to wake up and realize it's all been a delusional lie. I'm starting to think this is a sign that maybe I should just keep sleeping forever... T^T
more quickposts


Contest!


Seriously

Invert site colors

  Dark Theme
  Light Theme


Destructoid means family.
Living the dream, since 2006

Pssst. konami code + enter

modernmethod logo



Back to Top


We follow moms on   Facebook  and   Twitter
  Light Theme      Dark Theme
Pssst. Konami Code + Enter!
You may remix stuff our site under creative commons w/@
- Destructoid means family. Living the dream, since 2006 -