Your account got hacked? Here are some future tips so it won't happen again.

Great post for a great topic. I'd like to add to this, specifically on the password issue.

• Regardless of how strong your password is, if you reuse it, it is inherently weak. Different passwords for different services, always.

• Without going into too much detail, as a rule of thumb, the longer the password, the better.

• Similarly, passwords rooted in reality (anything anyone who knows you knows about you) are inherently weak.

• Remembering long, obscure passwords that are unique to each service is too difficult for almost everyone. My best suggestion is to use a password manager. There are many to choose from, including LastPass, KeePass, and Apple's upcoming iCloud Keychain, etc.; however, my personal choise is 1Password from AgileBits. Yes, it's expensive to fully implement across all of your devices, but AgileBits has fantastic support, applauded security, and great design and implementation. Make the decision for yourself, but I implore you to improve your password security in one form or another.

• If you decide to go the password manager route, you only need to remember a handful of strong, secure passwords.

• TheBeastDam raises a great point in two-factor authentication. You should enable it on any service that offers it. Gmail, paypal, and Apple are a few that spring to mind. There has been some discussion about the actual usefulness of Apple's two-factor auth, but something is better than nothing.

Good reading on the subject of digital security:

• How Apple and Amazon Security Flaws Led to My Epic Hacking - Mat Honan
• How I Resurrected My Digital Life After an Epic Hacking - Mat Honan
• The Diceware Security Blog
• http://arstechnica.com/security/

Great advice. I just use gmail with phone verification so if other than my pc logs in my email, it sends a code in my phone to enter. Of course all my passwords are different but the only weird ones which I remember are my email and my paypal. Also, I have different email for games and another for the rest, all housed under the roof of outlook.

I want to add. Take lots of evidence that you own before hand and make physical copies. I have an envelope filled with it. I printed out the email with my first purchase on steam, some other purchases, keys I've activated, everything.

Also the email I have link on steam is linked with 2 other emails all with different passwords with steamguard on also so they'd have to get all 3 of my emails to get to my steam account.

Don't know your password (yeah, I mean it), use an offline password manager like keepass. Let it generate your passwords for you, and use it only when required (it also auto cleans the clipboard, and uses AES 256 bit compression, so veery secure app).

Also alter your passwords regularly.

Another useful thing could be if you're not using an english keyboard or you have modified it so you can enter "exotic" characters, use them: most of the strange or composite characters aren't present on your average account thief or their brute-force characters list.
Also change your password periodically if you're particularly paranoiac or you fear somebody could have had access to wherever you write your password (the best place is always your brain at any rate - nothing's really forgotten if you take care to remember it).

Very good advices. You shoud take into account and add the suggestions below but make it shorter and simpler so that people that aren't very good at english have a chance to understand. Also a bit of formatting would be good, as well as a section that would list the steps to take if one thinks one's account security has been compromised.

Not trying to tell you what to do, just suggesting. Nevertheless, good initiative and good job !

It doesn't matter how big password you have, none actually hacks other peoples steam accounts, they just send keyloggers all over the place and take passwords, so no matter how big it is, he's gonna have it. Best way to do it is have Steam guard on and Gmail with 2-way protection on (Send you code to your phone if you want to access email)

But what if someone asks really nicely for my password and promises he won't muse it for anything bad?

"4. Install firewalls and anti-virus software so even if you download a trjoan, a keylogger etc. (with or without your knowledge) it will stop you from running it"

No shame in buying a good anti-virus, its maybe $20-40 a year and well worth it over the free ones

And steamguard,etc.

You could mention the incognito mode that exists in some browsers.

You forget the common sense.

One thing I think Valve should maybe do is give everyone the option to receive a unique lock code, similar format to a key.

If you realized your account had been compromised, you go to a page on Steam, put in your account name and lock code and your account is locked until support gets round to dealing with your problem. It could be in the same place as where you report to support.

This way you can minimize the damage that the hacker can do while waiting for support.

Use Ccleaner!

on other services just remember to print codes if it allows and only supports gauth. I forgot to print codes on dropbox and when i lost my phone i locked out myself from my own account for good.

google is specially strong on that apart from gauth and printable codes, it allows to register actual phone numbers that can be sent sms or voice called (which i found fantastic)

if you have a secure computer at home you can also set up chrome with a gauth to help if you lose your phone

1. Use lastpass. Use a nice long password.
2. Use 2 step verification in lastpass.
3. Set tough password for steam.
4. Set steam to remember your password.

Profit?

Steam client will log in automatically, lastpass will log in to steam api in browsers. Would be hackers need your phone to get any of your passwords.

You could also run your browser and shady programs in Sandboxie, which prevents them from doing any changes to your computer.

I use tin foil hat to protect my computer from viruses. Like, a real big one.

Also, write down the cd keys you activated on your steam account, support might ask for that as a proof that you are the real owner of the account.

Use Steam Guard. Keep used steam keys as said above me by (SexyFelga). Some person hacked my account and the way I got it back was with the Modern warfare 3 key.

Let me also add a few tips that aren't so well known:

1. Be careful who you give your email to. Many sites use an email for a login and if you aren't careful who you give that email to you could well be hacked. Email addresses often get sold, and not just for lists to send you spam and ads, they also get sold to people who will steal accounts. Even if you use different passwords for your email and other accounts, just not being careful who gets your email can be enough. I would recommend to have an email that you use for signing up for stuff you aren't completely sure of or set up one of those one time use emails. Then have an email you only give to trusted people and websites. I've had my Paypal hacked twice, and all it took to stop it was to change the email used to log in, all the other tips given by OP did not work.
2. Don't use a secret question that people can find the answer to online. It's not a secret any longer if people can dig through your Facebook and find the answer. Also, don't use something that is common. Like if there's a question about your favorite food, even if you don't post it anywhere, if you answer pizza, I guarantee a hacker will be able to get access to your account with that. Answer something less common or pick another question. Another idea is to pick a question and have your answer be another question. Like pick favorite food, but answer with your mother's maiden name, just make sure you remember what you did.
3. Be careful what info you give out online. There's a lot of people out there who will use social networking tactics to steal your account. They will search social media sites and even call into support lines to try and get any information they can so they can steal your accounts. Never post your full address and phone number anywhere online. Most companies are very aware of these tactics and make an effort to protect your info, but you should make the same effort to ensure that no one but you can verify your account.
4. To add to the never log in to a public computer bit, also don't store passwords on any shared computers. You may log in at a friend's house and then later find your friend stole your account. Take it from someone who deals with stolen accounts a lot, never trust anyone else with your account and do not share an account. It doesn't matter if this person is your spouse, friend, family, whatever, they can have their own account. The only exception to this if you are a minor, in that case your parents or legal guardian are permitted access to your account.
5. Be wary of phishing scams. They aren't just websites pretending to be a trusted site. They also can be websites with offers that are too good to be true. If it seems too good to be true, it probably is. If you aren't sure, then ask. Many of these sites are sneaky and will pretend to be affiliated with a trusted website so they can get your login details, credit card information and personal information.

So, what about people like me who don't want to trust those password generator thingies, and I can't think of a new password? I have only had one account hacked and that was my Facebook and I was given a notification immediately so I locked them out, and changed my 10 character password (with numbers symbols and letters) to a 21 character password. But I currently have 3 passwords I use, one is a crappy one for sites that don't allow symbols (believe it or not they still exist) and then my two safe ones... The 10 character is used for most sites, and the 21 character is for like two or three sites... Anyone know what I could do to remember or come up with new passwords?

I have a 20 character password that I use for any service as my base password. After Using that password as the base, I then take something I will definitely not forget and that is in some way connected to the service the password is used for and add that + a unique special character string. So I have like 30+characters and still easily remember them because I got the base password in all of them. It is certainly not the most secure thing, but I just want it to be hard to brute force. I got a decent firewall and antivirus, javascript blocker and a really strict rules set for my browser. Add regular malware scans on top, and I'm a happy camper.

and always change your password .

That's all nice and dandy, but you can't just never log in to your email at university. It's pretty much required, and I'm not going to change my password every time...

I mean, many of these tips are good, but some of you may be overdoing it :p