The Quick Indie Guide to Protecting Your Accounts

Hello! If a friend linked you here, it’s because they care about your online accounts from getting seriously steamrolled. While there’s always a degree of risk, these steps will cut that risk significantly. Where at worse, if one account becomes compromised, it doesn’t give the keys to everything else you have.

There are two parts to how I protect my online accounts. One is free but available for a few services. The other is buying a piece of software. Together they do change the philosophy of how you create and manage online accounts, but you’ll be much more secure by doing it.

Part 1: Two Factor Authentication (TFA)

The idea is having not only a fixed password to log in (one factor), but a code which is either given to you or using a secret algorithm to generate a one-time code (second factor).

When enabled, your login process will be something like this:

  1. Log in with your username & password.
  2. Site asks foryourTFA code.
    • Some websites will text or e-mail you this code.
    • Some websites will have you already pairing with a phone app.
    • Others will allow you to use an authenticator program on your phone.
  3. Enter in this code.
  4. Access!

As it’s nature, this is a per-service feature. Google, Facebook, Twitter, and a few others have it set up, but to make it all easy on you, use this website:

https://twofactorauth.org/

Authenticator Apps

Some services require texting you, e-mailing you, or use a custom application to download to your phone. Most others use a set of standards that allow you to pick your own application. For that, you have two apps you can use on your phone:

I use Authy as it’s more robust and a better interface. Most sites will only mention Google Authenticator, and Authy will support all that support Google’s app. Either way, you’ll be asked to scan a QR code to enable TFA. It’s a standard protocol between them, so you have a choice on which app works for you!

Part 2: Get a good Password Manager

I use 1Password. It’s great, well supported, and you’re buying an off-line software. You can use Dropbox, iCloud, or whatever for cross-device file system to move the data between. The PC/Mac license is $50 and free for iOS & Android. The mobile apps have paid Pro features, but the free offering will fit your standard needs.

While that is ~$50 between your phone and computers, it’s one-time fee. This is the best solution in protecting all accounts that don’t do two-factor authentication.

I also recommend buying from them directly (not though the Mac App Store) for desktop. It’s the only way to get the cross-platform license now or to upgrade to the cross-platform license later. They’re also super good at free upgrades.

There’s also LastPass if you want a completely cloud based turn-key solution, but I’m going to explain 1Password as that’s what I use. AgileBites didn’t pay me, I just recommend what I’m using to great success.

Step 0: What am I doing?

You will be changing every password in every service to complex passwords. Each account will be unique and no one service will have the same password as the other.

You won’t need to remember them but rely on 1Password to store and use them. You will have one password to unlock 1Password’s vault. A PASSWORD YOU SHOULD ONLY USE FOR 1PASSWORD.

Step 1: Install 1Password

Install the software, then install all the browser extensions on every browser you have installed on your computer. 1Password supports Chrome, IE, Firefox, Opera, and Safari.

Do this for every computer you intend to use.

Step 2: Change them passwords!

This is a step you’ll constantly do. At first it will be a bit time-consuming to update all of your commonly used accounts. Once you go over the hump, then it will be apart of your regular use.

When you go to a site, this will be the workflow:

  1. Login to the site and 1Password will ask to save that login. Do so.
  2. Go directly to the change your password function for the service.
  3. Instead of making up a new password, use 1Password’s browser extension to randomly generate a password! It will even copy the new password into the form twice.
  4. Submit the change password form.
  5. 1Password will ask to confirm the update to the account.

That’s it! You’ll keep doing that a lot, but you’ll eventually have a unique password for every account you have.

Final Notes

There will always be the looming threat of an account’s password getting leaked or discovered. Ultimately a leak of passwords will happen from some company stupid to store them in cleartext. But using these tips will prevent access to your other accounts just because one compromised account.

Changelog

When I make an update, I’ll note them here.

  • Aug 21, 2014: Initial Post
  • Oct 17, 2013
    • Changed pricing info for 1Password on mobile.
Dominique Pamplemousse

Good Old Games & Dominique Pamplemousse

As the producer for Dominique Pamplemousse (or ‘Professional Extrovert’ as Squinky calls me), I have to get the game in front of as many people as possible. With the IGF Grand Prize & other nominations, there’s a lot of opportunities presented to the game and it’s my roll to capture them. Course, we’re limited by budget (there is none) and time (I have little of).

Our sales are particularly high in Europe and Russia. Shocking as the game is English only and no advertising to speak of. Steam is a good partner and everyone at Humble is wonderful! I figured adding Good Old Games would compliment the Eurozone in coverage. The only contact I had was a Submit Your Game link. I gave a little bit of info in the form, and named drop our festival destinations along with the fact the game is already released.

I wasn’t expecting this kind of response: Continue reading

PAX Dev Logo

“Shipping the Empty Box” Confirmed for PAX Dev!

I will be presenting a lecture at PAX Dev!

PAX Dev Logo

Shipping the Empty Box
Releasing [string:titleOfGame] on [array:platforms]

Working on [string:titleOfGame], you need to release it on [array:platforms-0] and perhaps on [array:platforms-1] in the future. You have [int:NULL] time till release. Build engineer and programmer John “Seg” Seggerson (Telltale Games, John McNeil Studio, Dominique Pamplemousse) will help smooth the multi-platform release by outlining build engineering tips for platforms on desktop, mobile, console, and beyond. Increase artist, writer, and programmer efficiency with a set of core specifications and planning applied to existing platforms and future platforms. Skills and knowledge that will reduce release headaches for your [int:sizeOfTeam] team!


This is the build engineering panel I’ve always wanted to do and finally getting to do it. My experience with Dominique Pamplemousse was releasing a game without having to worry about making the game. I needed to create the empty box to ship to Steam & Humble. This clean-room process made me think about the build process in this perspective, and finally got me to apply for this lecture.

Talking with my game industry friends, we couldn’t think of ever seeing a build engineering panel offered. Not just PAX Dev, but GDC as well. My hope was to get accepted to PAX Dev to focus getting the content together in time to apply for GDC. I got my wish!

The lecture will be in two acts. The first act will be guidelines for a build system from my experience. Going into specifics isn’t helpful because game engines are too different for me to cover. Instead I’ll be going to broad guidelines. The second act will be releasing my master asset list, a core asset list, and the philosophy behind it. This list will contain all assets for every platform I can talk about. Then another core assets needed to convert over to these targets. If I have time, I may make a NPM/Bower app to do these conversations.

Over the summer I’ll be working on the details of the lecture and have everything ready for submitting for GDC 2015. I’m super excited to work on this and get to attend PAX Dev & PAX Prime!

Making games is easy. Belonging is hard. #1ReasonToBe

The past few weeks I have been honored to be producer and ‘professional extrovert’ to my good friend, Deirdra “Squinky” Kiai’s IGF nominated work “Dominique Pamplemousse“.

There’s a lot I have to process in the experience which I will share later. But now I need to point the microphone to Squinky on a very important speech. The following link is the transcript to their talk at the #1ReasonToBe panel. Sitting in the audience, I cried as my dear friend had the courage to publicly share such a raw experience. I am extremely proud of them and honored to work alongside them.

Making games is easy. Belonging is hard. #1ReasonToBe

Steam WebAPI Proposal

Making an API: The Steam WebAPI Proposal

Steam WebAPI Proposal by Seg

Developing my updated portfolio, I realized I had a lot of API development experience that was internal and can’t be disclosed in the public. While I’m accomplished in interactive narratives, I needed to supplement my portfolio with my technical design aspect background.

I decided to make a proposal to extend the Steam WebAPI with information missing from the current offerings. I’ve worked with WebAPI and Steamworks with Telltale Games; Particularly the global statistical displays for Jurassic Park and Puzzle Agent 2. Recently I started contributing to Steam Condenser and discovered the Groups info was still in an XML format announced as deprecated by Valve. Yet there was no WebAPI method to fill the gap. I decided to dust off my API design skills and get to work!

I’ll go though some of the more detailed background of certain decisions, but do take a look at the docs!

Rules to Propose By

Setting some guidelines for myself helps my focus. The proposal is building upon an existing API in production, so the additions needed to make sense in the existing environment. At large, these guidelines were:

  • Use same variable names for exactly similar types.
  • Use existing Interfaces & Methods when logical.
  • Outputs should be similar to existing WebAPI returns in JSON, XML, & VDF.
  • Don’t be afraid to create new interfaces, methods, and variable types when justifiable.

ISteamHub

Creating a way to obtain information from the communities around Steam. Until recently, these were called Groups in the Steam Community system. As this proposal is looking forward to the future of the platform, I decided using the new moniker of “Hubs” was more appropriate.

Official Game Hubs vs. Community Hubs

Steam Community Hubs fall into two board categories. Hubs created officially for specific products, and all other hubs anyone can create. I wanted to treat each type equally while allowing the unique attributes to be searched for and exposed.

Searching for a Hub

When searching for a hub, there are a few use cases I planned for:

  • ISteamHub::ResolveVanityURL
    • Specific Group request via .
  • ISteamHub::ResolveAppID
    • Any group related to a specific AppID.
    • The official game group of a specific AppID.

The method ISteamHub::ResolveVanityURL is a direct carbon copy of the existing method, ISteamUser::ResolveVanityURL.

For searching based on AppID, I found ResolveVanityURL too confusing to roll in. I could use the same method but a different input parameter for an AppID and official flag, but that’s overcrowding the function’s purpose. The method ISteamUser::ResolveAppID allows searching based on AppID. An optional official flag filters if the request wants to include unofficial hubs.

Hub Information

ISteamHub::GetSummaries is the workhorse of ISteamHub. The method contains all other information I didn’t push out to other methods. Most information is straight forward, but some decisions are made for ease of use for WebAPI users.

The inputs will take either a full Hub ID number — known as guid — or an AppID number. Adding the AppID number allows for instant pull of the official hub without adding the extra ::ResolveAppID call.

Regardless of input, the output is the same information as applicable. Some fields like `avatar` include entries that are for both Game hubs and community. Since the expectation of image sizes are different, the same field didn’t make sense. It’s a different image size, thus a different expectation of behavior. A “NULL” is much easier to work with than an image sized incorrectly than expected.

Hub Announcements

ISteamHub::GetAnnouncements is patterned directly after ISteamNews::GetNewsForApp as both offer similar returns of data. The unique aspect with Announcements is the privacy settings for groups. I made an assumption that one can make a WebAPI Key show or hide announcements based on the settings made.

Hub Events

I feel the event system needs a bit of tweaking in general and used the proposal to outline issues around event types. The existing ones feel irrelevant or even condescending.

As part of the spec, I included a rewrite of the type’s description text and added a new “OnlineEvent” title. “OnlineEvent” allows for events that refer to a URL for video streaming or other type of online event. For example, The International event for DOTA2 can be included as an event with a direct link to the online stream. This type also opens the ‘eventurl’ field for the event creator to include a URL.

Hub Member Status ISteamHub::GetStatus

The old Community XML stats included the number of members who were online, playing a game, and total membership. The refresh rate for this information is a lot more in flux than ISteamHub::GetSummaries information, so a new method made sense.

I also included playeroftheweek. While not as frequently changed as the other bits of info, Player of the Week is more frequently updated than summary info.

ISteamApps

The next phase was developing out information from the Steam store. There isn’t a way for applications to procedurally work with applications available on the platform. I would love to see various widgets and other fun things with this information!

Same Interface, New Methods

The ISteamApps interface already exists, so adding a few new methods to it seemed appropriate. I also didn’t have a previous method to base my designs on, so I went and made something new. I also threw every bit of information possible with a Steam App having filled out most of this information before for many Telltale Games titles.

Separating Media

I pulled media related to a call out from the omnibus that is ISteamApps::GetAppData, besides image URLs. Calling for screenshots and trailers of a project is a lot more request heavy, so pulling it out to a different method made sense.

Movies were a bit of a mystery as far as what data is available to share, so the given information is a bit basic but would function.

Pricing not included.

I’m not knowledgeable enough of the Steam platform to make a decent specification for pricing. While I could have made something, I like making a specification that closely pairs the existing implementation of pricing. I don’t have visibility on how Steam runs pricing so it’s a method I had to skip… FOR NOW.

Seg's Resume Website

New Resume & Portfolio

I created a new website featuring myself!

Seg's Resume Website
http://theseg.github.io/

I needed a home to showcase myself professionally, so I started working on this site. While this blog fits to my occasional musing of writing, this is a more professional site highlighting my career of the past few years.

It gave me a chance to play around with Twitter Bootstrap and Font Awesome, which are now my new BFFs. Not only do they make development easier, it also scales very well for smaller screen devices like mobile phones. It’s also hosted on GitHub Pages. I wanted to stick to basic HTML this time around since it’s been such a long time. I also used LESS for CSS. While I’ve used SASS before for Umloud.org, Bootstrap uses LESS which made the workflow smoother. Finally, I used CodeKit to compile LESS and minify JavaScripts. Such a wonderful tool that I even paid money for it!

This isn’t the only website I released over the weekend, but it’s certainly the most important! A special thanks goes out to the number of people who’ve gave a lot of feedback during my process. Thank you all so much!

Steam WebAPI Proposal

Steam WebAPI Proposal

A few weeks ago I stumbled upon the Steam Condenser project. It’s library to make sense of the Steam Community, Source, GoldSrc and Steam master servers information for PHP, Java, and Ruby. They’re still using the deprecated XML data which Valve replaced with the Steam WebAPI. I’m starting to work on converting the PHP library to WebAPI, when I discovered the community data was stuck in XML and no replacement.
Steam WebAPI Proposal

So I made a public proposal to the Steam WebAPI.

I wanted a public demonstration of my API development work. I’ve done a lot of this stuff before, but it’s all private and can’t be shared. While this is just a proposal and lacks the consulting with Valve employees, it does demonstrate my skill under the limited circumstances. Course, I wouldn’t mind working with Valve on this. Or working at Valve on this. :D

I also found there’s no good way to get game information — including pricing and other data. There’s gameplay stats and the news feed, but there’s no way of getting the kind of data you’d get at a store page. That’s my next step!

LucasArts

LucasArts Closes

Disney announced the closure of LucasArts as a game development studio and publisher. It will now be operating as a licensing house of Lucas properties for video games.

LucasArts

First a quotable quote from me in case anyone wants the soundbite:

LucasArts in the 80′s and 90′s helped shape me into the interactive media artist I am today. My time at Telltale Games was as close to working in that environment, and I hope shaped positively the careers of future men and women of interactive media. – John “Seg” Seggerson

I am the product of the adventure gaming genre of the 90′s and squarely in the SCUMM engine camp. Besides Myst, Sam & Max and Monkey Island titles are the most influential titles in my life. They shaped how I created my career and thus my life itself. The news of the closure wasn’t unexpected, so I have already made peace with the fate that occurred. But this is a time to reflect on the importance LucasArts has made in my life.

Continue reading