HOW YOU CAN PROTECT YOUR ACCOUNT
Use unique passwords
Use a different password for your Epic account than for your other accounts. This helps ensure that compromised passwords from other services aren’t used to access your Epic account.
Keep passwords private
Don’t trust shared systems. If you’re not on your own computer, don’t allow the device to remember your account information.
Enable two-factor authentication
Two-factor authentication (also known as 2FA or two-step verification) helps protect your account from unauthorized access by requiring you to enter an additional code when you log in. You can receive these codes via email, SMS, or an authentication app. 2FA is required for several products such as the EOS Developer Portal, Fortnite tournaments, and the Support-A-Creator program. Enabling 2FA will also immediately grant you the Boogie Down emote in Fortnite as a thank you for keeping your account safe.how to set up 2FA on your Epic accounts
Keep your email secure
Ensure that the email address listed on your Epic account is protected by a strong password and 2FA. Epic may send you critical communications such as password reset links, account update notifications, and code challenges. Keep these emails private, and ensure that unauthorized parties can’t read or modify your emails.
Use antivirus software
Use antivirus software and keep it up to date.
Create your own account
Buying, selling, and sharing accounts is against our Terms of Service and will result in an account ban.
Be wary of suspicious offers
Do not trust any suspicious offers for Epic Games products such as free titles or V-Bucks, especially if they ask you to provide your login details on external sites. Never log into external sites with your Epic credentials. Real offers will be displayed on the Epic Games Store or official Epic Games websites or social media channels.
If you are unsure whether an offer is legitimate, our Player Support channel can help.
HOW EPIC PROTECTS YOUR ACCOUNT
Epic proactively protects your account from compromise using a number of technologies. We identify and challenge automated login attempts with CAPTCHA puzzles, apply strict rate limits, and block suspicious login requests and account management actions. We prevent users from using credentials that have been exposed in publicly available data breaches, and prevent the use of common or easy-to-guess passwords. When changing or deleting your account, we also require access to the account’s primary email address to prevent unauthorized transfers, even if someone knows your password.
We automatically and continuously check all Epic accounts for signs of compromise. If a compromise is suspected, we require a password reset. Our support team can help players whose accounts have been compromised. We also block accounts that we suspect have been exclusively created for fraud and any tools which degrade the privacy or integrity of our platform, such as cheat tools or tools that create fake accounts.
We monitor financial transactions and gifting of in-game items for fraudulent behavior with first and third-party fraud prevention tools, and restrict users who have engaged in fraud from making purchases. We work with banks and financial institutions to process chargeback, fraud, and refund signals, and take action against accounts flagged for fraudulent activity. This includes preventing credit or debit cards associated with chargebacks or disputed payments from being used again within Epic’s ecosystem.
We operate a “bug bounty” program via HackerOne that pays security researchers for finding bugs or exploits on the Epic platform. This enables top researchers to help improve our platform and incentivizes hackers to directly report issues instead of monetizing them for financial gain. We have paid over $3 million in bounties to date.