Sony is Adding Two-Factor Authentication to PSN

[ffronw]

Sony is Adding Two-Factor Authentication to PSN

//cdn.themis-media.com/media/global/images/library/deriv/1314/1314575.jpgFive years removed from their high-profile hack, Sony is adding two-factor verification to PSN.

The Great PSN Hack of 2011. Anyone who was around gaming at that time remembers it. Over 70 million accounts were compromised, and Sony's online service was offline for 23 days. The outage cost Sony a reported $171 million.

Today, Sony announced that they would offer users a new tool to protect their accounts: two-factor authentication. "In order to further safeguard our users and their accounts, we are preparing to offer a 2-step verification feature," a Sony representative told Polygon [http://www.polygon.com/2016/4/20/11470660/psn-two-factor-authentication-playstation-network].

While Sony hasn't specified the type of two-factor they'll be using, the image in the tweet below would seem to suggest you'll have to enter a code texted to your mobile phone in order to log in.

[tweet t=https://twitter.com/tontsa/status/722664713113485312]

While you can certainly make the case that Sony should have added this feature long ago, it's good to see them finally including it.

Permalink

 

[RJ 17]

They should do it the way Blizzard does it and just have an app - registered with your PSN account - you get on your phone that generates a random verification code every 30 seconds.

 

[Dornedas]

What a great idea.
So the next time someone hacks PSN he will get the users mobile phone number as well.

 

[Poetic Nova]

I hope this is optional. Don't like giving away my phone number like that.

 

[minkus_draconus]

They should do it the way Blizzard does it and just have an app - registered with your PSN account - you get on your phone that generates a random verification code every 30 seconds.

One thing I found odd was even with physical and mobile authenticators battle.net was not using case sensitive passwords until a year or two ago.
For at least the first year (probably longer) after Diablo3 came out I could log into battlenet with uppercase or lowercase letters. No wonder so many accounts got hacked back then. I don't play WOW so I assume battlenet was this insecure from the start.

 

[WeepingAngels]

How long before we need to verify with a text, a retina scan and a thumbprint scan just to log in. They just keep applying band aids to the username/password system, stacking band aids on top of band aids. Password must include atleast one number and one letter, then it's one number, one letter and one capital letter and then it's all of the previous plus a special character, etc... You know the more rules you apply to passwords, the more likely people are to have a file containing their passwords which makes them even more vulnerable.


Here's a thought, what happens when you have all your passwords tied up with your phone and you decide not to use a cell phone anymore (or can't afford it anymore)? Is there a way to turn off all this extra security or are you just locked out of your own accounts?

 

[thebobmaster_v1legacy]

Um, from what I understand, the phone number is only if you forget your password or screw it up. It's not a secondary requirement to log in. That image on the tweet specifically says "The username or password is not correct", so I think it's basically the same sort of thing every email client I've used, or Steam for that matter, uses.

 

[Saelune]

Long as its optional. I don't use my phone and its such a fucking hassle. Fuck you Microsoft. Steam too. Let me trade dammit.

 

[Something Amyss]

I hope this is optional. Don't like giving away my phone number like that.

They usually are.

 

[FPLOON]

Huh... I choose a bad time to forget my PSN password...

Other than that, it would not be the first time I gave my number to someone I wasn't dating, let alone becoming friends with...

 

[Strazdas]

Sigh. Two step authentication isnt going to help at all when it comes to their servers being hacked. if their servers are hacking it already circumvented the verification. And i am quite angry with how everything seems to have two step authoetnfication nowadays. whatever the hell happened to just having good passwords you dont tell anybody?

They should do it the way Blizzard does it and just have an app - registered with your PSN account - you get on your phone that generates a random verification code every 30 seconds.

Insert every single person that does not use a network connected smartphone here.

Here's a thought, what happens when you have all your passwords tied up with your phone and you decide not to use a cell phone anymore (or can't afford it anymore)? Is there a way to turn off all this extra security or are you just locked out of your own accounts?

Usually you need to use two step authentication to disable two step authentication. so your shit out of luck. That being said, not using your phone anymore is not really an option in modern world. phones are such a necessity they are now added to powerty measurements and you are bellow poverty line if you dont have a cell phone.

 

[RJ 17]

They should do it the way Blizzard does it and just have an app - registered with your PSN account - you get on your phone that generates a random verification code every 30 seconds.

Insert every single person that does not use a network connected smartphone here.

And then promptly remove them since the authenticator is also available as a computer ap.