Black and red image of a knight. Art by Perplexing Ruins
Levelling Up Defences: Cybersecurity Tips for TTRPG Creators

Here are some tips to help you as an indie TTRPG creator strengthen the cybersecurity and availability of your digital life.

  • Two factor authentication
  • Password manager and unique passwords
  • Have I Been Pwned
  • Phishing
  • Backups

Defend Your Accounts

Two factor authentication (2FA). Switch this on as soon as possible. When you login you’ll also enter a code from an authenticator app on your phone (any app works and the common ones are Microsoft AuthenticatorGoogle Authenticator, or Authy).

If someone manages to breach your password, they won’t be able to login without the additional 2FA code.

Save backup 2FA codes if offered them, as if you lose your phone you’ll be locked out of your account. I save these in my password manager.

2FA Must Haves 
EmailDiscord
PayPalItch.io
TwitterFacebook
PatreonInstagram

Password manager and unique passwords. Start using a password manager (like LastPass or Bitwarden) to store and generate your passwords. This makes it easier to have a different secure password for every account.

Set a strong primary password in the password manager (like three random unrelated words: ForestPinkPetrol!) and set complex unique passwords on every account (minimum of 20 random letters and numbers or as long as the website allows).

Re-using passwords is bad because if one gets compromised, every other account that uses that password is also vulnerable.

Breach Alerts

Have I Been Pwned. Get alerts if your email address is leaked or involved in a hack by registering with Have I Been Pwned.

HIBP is a free service that notifies you if your email address is compromised in a data breach, like what happened with Nvidia recently.

If you’re using unique passwords, you’ve got less to worry about if this happens, as only that one password is breached!

Repel Rogues

Phishing. Emails that try to steal your username and password. Keep an eye out for suspicious emails and follow your instincts if something doesn’t look or sound right. Watch for these warning signs:

  • Your name isn’t included or it’s just part of your email address
  • Urgent or time-sensitive
  • Obvious typos or visual errors
  • Sender address doesn’t match the content

If you accidentally enter your username and password, having 2FA switched on helps immensely as they (hopefully) won’t have your phone to get the 2FA code.

Resurrect Lost Data

Backups. We’ve all been there. You worked 5 hours on a new layout only to realise you were in an old file and you just saved over your previous book.

Cloud backups have saved me from countless situations like this. Start using DropboxGoogle Drive, or Microsoft OneDrive. Not only do you get a decent amount of storage space for free, you can also restore previous versions and easily move work across different devices.

Make sure to save often and turn on autosave if available.

Shore Up Defences

All of these tips help increase security and make it harder for attackers to steal your data or compromise your accounts but nothing’s foolproof.

Keep an eye on your accounts and passwords and know what to do if your accounts get hacked or your data is breached.

Further Resources

More detailed cybersecurity and business continuity consultation is available.

Please email colin@byodinsbeardrpg.com for rates.

Text licensed under CC BY-SA 4.0

Art

Perplexing Ruins