Our rules (see section 4: account management) prohibit the sharing of accounts. Our moderators have recently received an unusually high number of appeals from players claiming they never shared their account. However, our data indicates that these accounts were accessed by another party. We suspect that their credentials may have been exposed and one or more malicious actors may haven taken advantage of that. Unfortunately, such unintentionally shared accounts are often abused to disrupt the community. For example, by crashing or invalidating in-game lobbies.

We strongly encourage everyone to never share account credentials and to always use a unique password for each service. Especially when you can not (or did not) setup 2FA. If you are currently using the same password for FAForever and another service or fork of FAForever then please take a moment to update your password:

• 1. Navigate to https://www.faforever.com
• 2. Login to your account.
• 3. Navigate to https://www.faforever.com/account/changePassword
• 4. Fill in the form to update your password.

You are responsible for what happens with your account. By taking this step you help protect your account from being compromised through credentials leaked by other services. This happens more often then it should. To get a sense of how often this happens, you can review whether the email address you use for FAForever has been exposed in known data breaches via Have I Been Pwned.

As a personal example: one of my old email addresses is part of up to 10 data breaches. Out of those 10, 4 involved a breached password that was stored in plain text. With this type of data breach it becomes very simple to hijack an account when the same password is used across different services.

With kind regards,

Jip
President of the FAForever association