Account security, or keeping your Puzzle Pirates user account safe, is of great importance. When a player's user account is compromised, and someone uses it without their permission or to do things that the owner of the account wouldn't want them to do, the results range from in-game loss of property to an account ban. With release 2006-12-08 the "remember password" function was removed from the account login screen to increase security for shared clients.
The vast majority of account compromises are not actually due to "hacking," but due to the sharing of account or personal information. The following are steps you can take to keep your account safe. Please keep in mind that these precautions are not exhaustive and cannot cover all possible situations. You are the best, and last line of defense to ensure the security of your account. Always keep in mind that if something sounds too good to be true, it usually is!
- Do not give your account password to anyone, even if they are an Ocean Master, other employee of Grey Havens, or someone you otherwise trust. Grey Havens and the Puzzle Pirates staff will never ask for your password. We do not need to know your password and will never ask for it for validation purposes. Your password is meant to be for you alone, as the owner of your account, to know. If you share it with someone, that person is able to log on as you and have access to everything you own, including the entire contents of your Booty panel, houses, ships, shoppes, and stalls. In addition, they have access to all of the above that you share or manage for other players.
- If someone asks you or someone else for your password in-game for any reason, send in a complaint about them immediately.
- We do not provide support over instant message services (such as AIM, MSN, Skype). Do not give out your account information or password if you are contacted via one of these services. It is recommended that you not contact players using these services. If a player asks to speak with you out of game they may be doing so to compromise your account. Also note that even just revealing your Skype name (and possibly that of other similar services) bears the risk of a malicious player interfering with your gameplay due to a security weakness in the Skype protocol.
- If someone in-game or via email directs you to a website that asks for your account name and password, send in a complaint about them immediately and note the URL for the website in the complaint.
- We will never contact you, or ask you to contact us, from a free email service (such as Hotmail, Gmail, Yahoo). Any email from such a service claiming to represent Grey Havens or a member of staff should not be opened and deleted immediately. Official emails will arrive from @puzzlepirates.com addresses.
- If someone sends you a file they say can give you items, stats, or money in the game, do not accept it or open it! There are no free money/item cheats or bugs in the game. Any program claiming to improve your gameplay in some way is a scam either attempting to steal your login information, install malware on your computer or both. If you have opened it, remove it from your computer. Submit a complaint (or a petition, if the player is not in-game for you to complain), and enter in all relevant information about the scam and the scammer. Never download anything from untrusted sources.
- Do not use Teamviewer or similar programs. Anything that allows another person remote access to your computer is a security risk and not only do you risk access to your account, you would be responsible for any actions that they take!
- Do not share personal information with other people and only add players you know in real life to your social network profiles. Also, be sure to check your account settings to limit how much private information is shared The more information about you available means more information for an account thief to work with.
- Never log into another player's account, even if their request sounds reasonable. Not only is it against the rules but if that player is banned it could have negative consequences on your account!
- Remember to scan your computer regularly for viruses and keyloggers, and if possible, use firewall software. Always be sure to scan any files downloaded or received in emails, regardless of the source.
- You should only ever use your Puzzle Pirates account to log into the Puzzle Pirates client, Account page, the support page, the Puzzle Pirates forums or the YPPedia. You should never enter your Puzzle Pirates account name and password into any other program, website or forum Before entering your password always double check the URL bar to ensure you are logging into a legitimate Puzzlepirates.com website - especially if following a link.
Use Strong and Unique Passwords
Creating a strong and unique password is the first step in having a secure account. Account Thieves have a myriad of automated tools available to guess and verify commonly used or weak passwords without much time or effort. Having a weak password is just as bad as sharing your password with other players. Creating a strong password is easy and will help secure your account in the long run. Here are some do's and don'ts to consider when creating your account (and if you're reading this after creating your account, consider updating your password!)
- Include punctuation marks, numbers and a mix of capital and lowercase letters throughout your password
- Create a long password of at least 8 characters. The more characters in a password the more difficult it is to guess.
- Think of your password as a "passphrase" instead of a single word. Use a memorable short sentence to help remember a longer password.
- Make your password significantly different to your other passwords.
- Consider if using a password manager software would work for you. This allows for much stronger passwords than one could typically remember.
- Don't use words found in the dictionary. This includes words created by using common substitutions such as p4ssw0rd.
- Don't use personal information that someone may discover about you (such as your name or birthday).
- Don't use the same password that you use for other games, your email address or other services.
- Don't use repeatable patterns (asdf) or sequential numbers (1234), even in combination.
For more information on creating a strong password and why it's important please read this Password FAQ.
Secure your Email address
Associating an email address with your account allows you to receive important notices regarding your account as well as allowing you to recover a forgotten password. This also means that anyone with access to your email address also has access to your Puzzle Pirates account. Just as important as securing your Puzzle Pirates account is ensuring your email address is secure. To protect your accounts please keep these tips in mind:
- Do not give your email address to anyone. Whilst Puzzle Pirates is a social game it is a good idea to keep your main email address a secret.
- Substitute the provided security questions with different questions for enhanced security. If the answer to "What was your mother's maiden name" is actually your mother's maiden name then anyone with access to that information can recover your email password. Instead, use replacement questions and do not share with anyone what they are.
- Do not use security questions that other people can learn about you or that you would answer in a casual conversation.
- Make sure that the email address registered to your account is your own email address. Verify, from time to time, that the information on your Account page is up to date and correct.
I Was Hacked! What Do I Do?
Should you find that you have lost control of your account, and the account has not been banned or suspended, do the following:
- Attempt to regain control of your account by changing the password using the Puzzle Pirates account settings page. Make sure to change it to a brand new password, not one you have used before!
- If you find that you are unable to change your password using the above method, you may send an email using the Support Form providing identifying information and asking that control of your account be returned to you. PLEASE NOTE: If Grey Havens does not have billing information or even an email address registered to your account, it may be impossible to verify your identity, and the account may not be returned to you. This is why it is essential not to give out your account information in the first place!
- Puzzle Pirates Terms of Service - See section 9 under "Legal Text."
- Puzzle Pirates Account Settings page - Set your email address, password, and billing info here
- Password FAQ - Tips on creating a good password
- Forum thread on Account Security: Helpful tips to keep your account safe and secure.
- Account Security Recommendations for Steam users