Never share your password with anyoneFirst off, never give out your password to share an account. When two people share an account, it links them in the ban system and if one account is banned, the other might be seen as related. But far worse, you're trusting someone with your password who may not keep that trust--they could misuse it themselves, or share it with someone else. Don't ever share your password for any reason.
This goes triple for anyone claiming to be a BYOND admin. Never give your password to anyone who is or claims to be BYOND Staff--the staff will never ask for your password.
We've also had users tell us their previous passwords when they contact us via the support form. Don't do this; it doesn't help you since we can't look up your old (or current) password, and it just compromises your security.
Look out for phishingThe weakest link in any security system is the human element. I can't even count how many users claimed they were "hacked" because someone stole their password via phishing. Phishing isn't hacking--phishing is the user being gullible. Keep a sharp eye out and don't be fooled by these common scams.
If you see a popup in a game ask you for your password, it's not ours. The BYOND pager asks for your password when you login, but Dream Seeker never will. And I shouldn't have to say this, but if the game uses passwords for other reasons, don't use the same password you use for your account--or any account. There's really no guarantee as to how a game will store any password info, and the connection used to send it to the server isn't the same kind of secure link used by our login system.
Phishing works most often by a threat: The phisher will pretend to be legitimate (in this case, they'll pretend to be BYOND Staff) and will say several bad things will happen to your account unless you reenter your login information at the link they give you. In some cases users have gotten fake emails telling them to set their password to a certain value, all while still threatening to do things like delete their hub entries if they don't comply.
Always, always view such emails with extreme suspicion. It's a pretty rare event that we'll ever tell a user to use a specific password, and when we do it's because we already made the change for them in response to an account recovery issue. (In those cases we also request changing it immediately to something we don't know.) We won't tell you to use a certain password you don't already use, because there would be no reason for us to do that. There's no reason for us to ask for your password either. And if you really needed to login again for some reason, you should go directly to the real BYOND site and login there--under no circumstances should you follow the link in the email telling you that if you don't do it bad things will happen.
Phishers also like to pretend there's time pressure, that if you don't respond immediately you'll face terrible consequences. Don't fall for this. We want you to take the time to investigate. If something smells even a little fishy to you, it probably is.
In the event you ever receive an email from BYOND Staff that you weren't expecting, you can always follow up by asking us to confirm it using our customer contact form. There's no harm in doing this. Usually such emails from us are in the form of: "We heard you were violating Terms of Service in such-and-such a way, so please cut it out." If an unsolicited email is asking you to login or wants to do something with your account info, that should raise a few red flags. Save the email and ask us about it. If it does turn out to be bogus, there's a good chance the phisher left some digital fingerprints behind.