For a More Secure Experience
2015.08.04
The following are important points for users to note in setting up their security features and in password management, in order to prevent damages as a result of unauthorized logins (hijacking), etc.
■ Why are unauthorized logins a problem?
LINE uses the pre-registered email addresses and passwords for each user for account verification in cases of smartphone model replacements and for access to LINE or LINE-related services from a PC or other sub-devices. When email addresses and password combinations become known to third parties with malicious intent, unauthorized logins can occur. LINE implements the various countermeasures detailed hereafter, but the reality is that when the correct account information has been entered it is difficult to distinguish an authorized user from an unauthorized user.
■ How do “third parties with malicious intent” find email address and password combinations?
The most typical cause is the use of the same email address and password for multiple services. Recently, there have been many cases of personal data leakage from other services as a result of cyberattacks. Many unauthorized logins and misuse of accounts using the leaked account data (email addresses, passwords, etc., necessary for login), have been confirmed. When setting the password for LINE, avoid using passwords used for other services, and always be sure to use an original password. Also, unauthorized logins to the user email account can also raise the possibility of access to various user data. For this reason, email account passwords must be managed with caution.
Caution must also be exercised for the following:
-Use of passwords that can be easily guessed
-Exposing/giving passwords to a third party or accidently entering on third party site
-Installing suspicious apps/connecting to suspicious access points
LINE uses encryption methods that render registered passwords un-decodable, making it impossible to obtain user passwords, even by its employees. Appropriate management by the user will eliminate nearly all possibilities of unauthorized login.
■ Activities at LINE
LINE implements measures to prevent unauthorized logins and to minimize damage, even when user email addresses and passwords registered with LINE are leaked to third parties.
Measure |
Overview |
Login notices |
The user is notified of logins to the PC-version of LINE or web-based LINE services such as LINE Store via Talk. This helps detect unauthorized logins that users are not aware of and prevents escalation of damages by logging users out of the PC-version of LINE or by changing the password. |
Terminal check during login
|
Terminals logging into the PC or iPad versions of LINE can be checked and logout is possible with this feature. If there are notifications of logins by non-users or of failed logins, prompt log outs can be made by using this feature. |
PIN codes |
In order to block unauthorized logins to LINE by third parties with illegally acquired user email addresses and passwords, LINE requires PIN code verifications with four-digit numbers, in addition to email address/password verifications (or Facebook verifications), when changing terminals to be used for LINE access. |
Verification number for PC/iPad LINE
|
When accessing LINE with a PC/iPad for the first time, a verification number displayed on PC/iPad LINE upon first-time access (only) must be entered on the smartphone-version of LINE. This blocks logins via PC/iPad LINE unless the user has the smartphone used for the relevant LINE account on hand, thus preventing unauthorized third-party logins. |
Login permission |
The user is also able to grant or reject login permissions to PC/iPad LINE or Web LINE services through the user settings. |
Anti-phishing |
As anti-phishing measures against unwelcome communication from users one has not friended or suspicious messages attempting access personal data, LINE offers features such as "report feature," "blocking," "blocking messages from non-friend user," "ID-based block on friending," etc. |
In addition to the above, various measures are being implemented, such as detection of accounts engaging in unauthorized behavior such as mass message transmission unlikely in normal use, analysis of attacks possibly from malicious third parties, isolation and repeat verifications, investigation and monitoring by specialized divisions, etc.