How Secure is Your Online Poker Account?

Online SecurityMany players fail to take advantage of the security mechanisms provided by poker sites to protect their accounts. So how secure is your online poker account?

There is a common misconception that online poker sites are responsible for the security of players´ accounts. However, whereas most sites secure player databases against the unauthorized disclosure of personal information, and encrypt connections between players and servers, the sites themselves have no control over who logs into an account and what they do once they have control of the account.

A lot of online poker sites will suspend accounts when they detect suspicious behavior – or when it is reported to them – but in reality it only takes a few minutes to empty an online poker account, so it is often a case of shutting the stable door after the horse has bolted. Sadly, if this happens to you, the online poker site has no legal or moral responsibility to replace funds stolen from your account.

How Big is the Problem of Unsecure Accounts?

The scale of the problem is difficult to quantify. Online poker forums and chat boards often see a flurry of activity after a player has posted a message claiming to have had their account hacked; but forum members and chat board contributors account for a small percentage of the overall poker community – many of whom might be unwilling to share their stories publicly. There could be hundreds or thousands of players whose accounts have been hacked. It´s impossible to know.

Naturally, claims of hacked PokerStars accounts appear more frequently than any other site because PokerStars has more real money poker players than any other site. However, PokerStars provides more security mechanisms than any other site for players to protect their accounts. Consequently, the assumption is that players are not taking advantage of the opportunities to secure their accounts due to a lack of knowledge (that the mechanisms exist), naivety, or laziness.

How Easy is it to Hack an Online Poker Account?

That depends on the strength of the security mechanisms you have in place to protect your account. Based on a very small sample, we found most players log into their online poker accounts with just a username and password. With the exception of anonymous tables, usernames are displayed for everybody to see. As for passwords, most passwords can be cracked within minutes using “brute force” attacks in which hackers try sequences of letters, numbers, and symbols until they find the right one.

If you are only using a username and password combination to protect your account, check out how long it would take a hacker to crack your password and access your account by using this online tool. Then consider that, when this online tool was published, the brute force software available at the time was only capable of processing nine million keys per second. Now, according to this video, brute force software can process closer to 40 billion keys per second – so divide whatever result you got by fifty!

The Consequences of Having an Online Poker Account Hacked

The most obvious consequence of having your online poker account hacked is that the hacker will gain control of your account. He or she will not be able to withdraw funds to a source that has not been used to fund the account (i.e. their credit card or bank account), but they could make player-to-player transfers to their own account or (because P2P transfers leave an audit trail) chip dump the funds in your account to another player. This is harder for poker sites to detect or prove as fraudulent activity.

More serious consequences exist if you use the same password for other online activities (i.e. email accounts, social media accounts, etc.). Bearing in mind that a hacker will already have access to a lot of your personal information via the “Account Details” section of the poker software, he or she could gain access to other accounts and use the unauthorized access to commit identity fraud. This could land you in serious trouble with your bank, your insurance company, or your employer.

Mechanisms to Better Secure Your Online Poker Account

Frequently changing your password is not going to prevent a hacker gaining access to your account if they are able to crack most passwords within minutes using a brute force attack. Therefore it is strongly recommended you take advantage of the security mechanisms provided by your online poker site to better secure your account.

PokerStars' RSA Security Token

Depending on what poker site(s) you use, a variety of security mechanisms are available. For example:

  • Bovada and Ignition recently introduced the necessity for players to use a four-digit PIN code when making withdrawal requests or any changes to their accounts.
  • PokerStars offers both a free SMS Validation service and a PSA Token you can buy with StarsCoin through the Rewards Store.
  • Party Poker has a cash-out security feature that – once activated – requires you to answer a security question before processing cash-outs and P2P transfers.
  • 888Poker provides a service that sends you an email with a PIN code each time you attempt to log into your account.

Other sites also offer security mechanisms to better secure your online poker account. If you cannot find them easily on your poker site´s website, get in touch with the site´s Customer Support who should be able to help you. Remember to always use unique, complex passwords for each online account you have, and be sure to implement every security mechanism available to you. If you fail to secure your online poker account, and it is subsequently hacked, you have nobody but yourself to blame.

Jacqueline Packett
Jacqueline Packett