Purpose
This article goes over several security measures and practices users can take to keep their Gala Games and Entertainment account information secure. This article also aims to explain to the reader how to make safe decisions regarding the privacy of their private keys, passwords, transfer codes, and anything else that may put them at serious risk of losing their assets.
Assumptions Made
This article assumes the reader understands the information in the following articles:
Sign Up for a Gala Games and Entertainment Account
Summary
This article will cover various best practices users can take to ensure their account information is safe and secure. These recommendations are listed in no particular order.
2FA
Two-Factor Authentication is an extra login credential/password that should be added in addition to a username, password, or Transfer Code. This example explicitly uses a person's cell phone and a 2FA application to present a user with a series of 6 randomly generated numbers that refresh roughly every 30 seconds. Enabling 2FA allows for extra security for protecting a Gala Games and Entertainment account.
Please see What is 2 Factor Authentication (2FA) and How to Enable it.
Passwords and Complexity
This password section will help users create unique and secure passwords for a Gala Games and Entertainment account login or a Transfer Code.
Note: The Gala Support Team does not recommend reusing passwords. Please make sure to use different passwords for Gala Games and Entertainment Account, related email, etc.
When creating a password for a Gala Games and Entertainment account and a Transfer Code, do not use the same password for both. A benefit of having two different passwords is retaining control and security over the account. If one of the passwords is compromised, the perpetrator cannot manipulate the assets without the second password.
Length of Passwords Matter
When creating a password, it is recommended to have at least 16 unique characters. The longer the password, the harder it is to guess, and the harder it will be to get access to an account.
Complex Passwords Are Important
Simple passwords such as 12345678 are easily guessable, putting them in a vulnerable position. Using a longer and more complex password like G00dLU(kg@L@g^mE$#1! will be harder for a person to guess.
Note: Please do not use the passwords listed in this tutorial to secure a Gala Games and Entertainment account.
Keep A Password Secure
The complexity and length become obsolete if the user loses access to the password. A written record of an account's Transfer Code and login credentials in a safe location is vital to ensure an account's security and accessibility.
Watch Out For Password Data Breaches
From time to time, websites may have data breaches, and as a result, many accounts may become compromised. Users can use sites such as Have I have Been Pwned to determine if an email address or username used for any given website has been compromised. Using a unique password not used on other sites for an account password and Transfer Code is highly recommended.
Phishing Websites
When opening a link, it is crucial to ensure that the URL is spelled correctly and does not lead to an unfamiliar or fake site.
A person can see that this is the games.gala.com site by looking in their web browser and reviewing the website address as seen below.
Below is an example of a fake website.
Note: Please do not visit this website. It is presented for educational purposes; this site will try to steal a person's account information.
The website may look just like the Gala Games site, but the URL at the top indicates the website is fake.
Always double-check the URL to ensure it is a safe site before entering private information!
Some websites may also ask users to connect their MetaMask wallet to access a website. Always double-check you are visiting a legitimate site and read what is being signed before confirming.
Please bookmark our official websites:
Gala Website: https://gala.com/
Gala Games: https://games.gala.com/
Gala Music: https://music.gala.com/
Gala Film: https://film.gala.com/
Malicious Actors Posing as Gala Games and Entertainment Employees
Users may receive direct messages in Discord that look similar to the example below.
The culprits claim to be from one of the support staff to get your account information; please report these users immediately. Gala Games and Entertainment will never direct message a person first about an issue.
Users can verify Gala Games and Entertainment employees by making sure they have one of the following roles under their username:
- Gala Support
- Gala Games
- Primarchs of the Crimson Sun
- Sages of the Red Flame
Phishing Emails
Users may receive phishing emails that usually have the following characteristics:
1. Incorrect email address
The Gala Games and Entertainment team has a specific domain at the end of their email @gala.games or @gala.com.
Others may claim to be from Gala Games and Entertainment but have a different domain or it may be spelled differently.
2. Urgency to open a link or attachments
Malicious actors will use social engineering techniques such as intimidation and urgency in contacting a person in messages and emails. Those messages contain verbiage such as "act immediately, or you will lose access to your funds"
Typically, links or attachments are used to phish for information. A link can direct a user to a malicious website, typically asking for the Recovery Phrase, login credentials, Transfer Code, and other personal information. Unsolicited attachments such as zip, exe, Docx, pdf, wav, etc., may contain malware that can steal information from your computer.
3. Poor spelling and grammar
Users may receive emails from third parties that they have won a prize and must act fast, or they will miss out. These emails may link to websites that look like the official Gala Games and Entertainment site and may contain spelling errors.
Bad actors may lure users into clicking a link using verbiage such as a "too good to be a true giveaway" These are often ways to get the credentials for an exchange account as they often ask a user to sign into an "exchange account" using their credentials to enter.
On the desktop, users can see whether an email came from a legitimate source or not by checking the received email's information. By clicking the arrow shown in the screenshot below, a user can see that bitrue.com signed this email. When an email is signed, it means that that domain has certified that the email is legitimate. If an email is fake, it may be from a different third party signer that is not the same as the sender they claim to be from.
Staying vigilant against these attacks is vital for security. If an email looks suspicious, don't click it and ask in the Discord if it is a legit email.
What Information Can be Shared
This section will be divided into two. The first section will discuss what is generally safe to share with others, and the second section will discuss what you should never share with anyone.
What Can Be Safely Shared
1. $GALA Address
Example: 0xeF4436eD5628d3383c84ec66e6B87934AAaCa0e3
Why is this safe to share?
It is similar to a home address. If a person wants to send or receive a package, an address is needed to have mail sent and delivered. This is a similar concept to how an address works in the blockchain. People need an address if they want to send or receive $GALA or NFTs, but it is not something a person may want everyone to know. It's a person's choice to choose who knows their wallet's address.
What Should NEVER be Shared with Anyone
1. Password (User Created)
2. Transfer Code (User Created)
3. Recovery Seed Phrase (Automatically Generated List of 12 words)
4. Private Key (Automatically Generated List of Characters)
Why are none of these safe to share?
If this information is shared, there is a high likelihood of losing $GALA, NFTs, account access, and any other currencies held in that wallet. This information is like the keys and the title to a car. Whoever holds the keys can drive the car, including malicious actors. Whoever holds the title can claim ownership.
Under no circumstances will Gala Games and Entertainment employees ever ask for any of this information. Gala Games and Entertainment employees will never message first.
If someone asks for any of the information mentioned above, please report them to our moderators on Discord at: www.galagames.chat
A user can also contact Support by visiting https://games.gala.com/contact-support