There are a multitude of ways that someone can get your password. The most obvious is if you give it to someone! This is very important. NCSOFT employees will never ask you for your password while trying to help you. Therefore, you should never give it to someone claiming to be from NCSOFT support or any NCSOFT employee. To reiterate, you should never give your password to anyone.
An account thief could guess your password if they know something about you, so remember to use caution in online group environments. The more information you share about yourself, the easier you make it for hackers to guess your login(s) or password(s). The best thing you can do is pick a random password that you will be able to remember, but that is not remotely related to you. Many people place numbers in their passwords to make it even more difficult for someone to guess a password. For instance: F1L3tRansfer. This is the phrase "file transfer" with random capital letters, a 1 in place of the I and a 3 in place of the E in the word "file." You may also choose a random string of letters and numbers such as: b23fz5d. These are more difficult to remember, but probably the least likely to be guessed.
The most common way for people to get your password is by retrieving it using the Account Management tools on the **NCSOFT website**. If you share your e-mail account with someone and use that e-mail account on your game account, it is possible that they could retrieve your password if they know your account name. (A similar thing can happen if you use certain instant messenger programs and share your account with someone…they could easily get access to the free e-mail account that you get with IM programs.)
Another way for computer criminals to get a password is to go through a list of all possible passwords, given they know an account name. This might seem tedious, but hackers do it with the help of computer programs that quickly cycle through all potential letter and number combinations. Should this happen (while unlikely, it does happen), the infiltrator needs your account name next. You should guard your account name if you can; avoid making your user name something that is readily accessible or easily guessed. For instance, don't use the name of your main character as your account name.
Remember, if someone has remote access to your system, it is very possible that they will be able to get your password if you have the password saved on your computer. There are two things you can do to prevent this from happening: never leave a save password box checked and keep your system clear of any viruses, malware, and keyloggers. Leaving a save password box checked means the password will be stored somewhere on your local drive. While this makes logging into websites or games easier, it also gives hackers a head start in getting your password(s).
Another way someone can gain access to your username and password is through a Phishing E-mail. The practice of “phishing” is the most common strategy used by account thieves. Many cases of people claiming they were “hacked” can actually be traced back to phishing scams. These emails and websites pretend to be official NCSOFT communications to trick you into willingly handing out your login information. Here are some signs that you may be dealing with a phishing attempt:
Most phishing emails will make urgent appeals in regards to your account being under investigation for hacking/cheating and ask that you provide personal information to avoid these penalties. These e-mails will almost always ask you to click on a provided link and enter your username and password. These links will normally take you to a webpage that has been created to look almost identical to an official NCSOFT webpage. Once you click on the link and enter your login information, the “account thief” will than use that information to take control of your account. Please remember, NCSOFT will never send you an e-mail asking you to log into a site using your account login name and password. Additionally, if you receive a phishing e-mail, it is recommend that you contact NCSOFT and report the e-mail.
Some phishing emails will also mask, or “spoof” their sending address, making it appear as though the emails are being sent from NCSOFT. When in doubt, you should always check the email’s header information to verify the sending address.