Sony is Adding Two-Factor Authentication to PSN

ffronw

I am a meat popsicle
Oct 24, 2013
2,804
0
0
Sony is Adding Two-Factor Authentication to PSN

//cdn.themis-media.com/media/global/images/library/deriv/1314/1314575.jpgFive years removed from their high-profile hack, Sony is adding two-factor verification to PSN.

The Great PSN Hack of 2011. Anyone who was around gaming at that time remembers it. Over 70 million accounts were compromised, and Sony's online service was offline for 23 days. The outage cost Sony a reported $171 million.

Today, Sony announced that they would offer users a new tool to protect their accounts: two-factor authentication. "In order to further safeguard our users and their accounts, we are preparing to offer a 2-step verification feature," a Sony representative told Polygon [http://www.polygon.com/2016/4/20/11470660/psn-two-factor-authentication-playstation-network].

While Sony hasn't specified the type of two-factor they'll be using, the image in the tweet below would seem to suggest you'll have to enter a code texted to your mobile phone in order to log in.

[tweet t=https://twitter.com/tontsa/status/722664713113485312]

While you can certainly make the case that Sony should have added this feature long ago, it's good to see them finally including it.

Permalink
 

RJ 17

The Sound of Silence
Nov 27, 2011
8,687
0
0
They should do it the way Blizzard does it and just have an app - registered with your PSN account - you get on your phone that generates a random verification code every 30 seconds.
 

Dornedas

New member
Oct 9, 2014
199
0
0
What a great idea.
So the next time someone hacks PSN he will get the users mobile phone number as well.
 

minkus_draconus

New member
Sep 8, 2011
136
0
0
RJ 17 said:
They should do it the way Blizzard does it and just have an app - registered with your PSN account - you get on your phone that generates a random verification code every 30 seconds.
One thing I found odd was even with physical and mobile authenticators battle.net was not using case sensitive passwords until a year or two ago.
For at least the first year (probably longer) after Diablo3 came out I could log into battlenet with uppercase or lowercase letters. No wonder so many accounts got hacked back then. I don't play WOW so I assume battlenet was this insecure from the start.
 

WeepingAngels

New member
May 18, 2013
1,722
0
0
How long before we need to verify with a text, a retina scan and a thumbprint scan just to log in. They just keep applying band aids to the username/password system, stacking band aids on top of band aids. Password must include atleast one number and one letter, then it's one number, one letter and one capital letter and then it's all of the previous plus a special character, etc... You know the more rules you apply to passwords, the more likely people are to have a file containing their passwords which makes them even more vulnerable.


Here's a thought, what happens when you have all your passwords tied up with your phone and you decide not to use a cell phone anymore (or can't afford it anymore)? Is there a way to turn off all this extra security or are you just locked out of your own accounts?
 
Nov 28, 2007
10,686
0
0
Um, from what I understand, the phone number is only if you forget your password or screw it up. It's not a secondary requirement to log in. That image on the tweet specifically says "The username or password is not correct", so I think it's basically the same sort of thing every email client I've used, or Steam for that matter, uses.
 

Saelune

Trump put kids in cages!
Legacy
Mar 8, 2011
8,411
16
23
Long as its optional. I don't use my phone and its such a fucking hassle. Fuck you Microsoft. Steam too. Let me trade dammit.
 

FPLOON

Your #1 Source for the Dino Porn
Jul 10, 2013
12,531
0
0
Huh... I choose a bad time to forget my PSN password... :p

Other than that, it would not be the first time I gave my number to someone I wasn't dating, let alone becoming friends with...
 

Strazdas

Robots will replace your job
May 28, 2011
8,407
0
0
Sigh. Two step authentication isnt going to help at all when it comes to their servers being hacked. if their servers are hacking it already circumvented the verification. And i am quite angry with how everything seems to have two step authoetnfication nowadays. whatever the hell happened to just having good passwords you dont tell anybody?

RJ 17 said:
They should do it the way Blizzard does it and just have an app - registered with your PSN account - you get on your phone that generates a random verification code every 30 seconds.
Insert every single person that does not use a network connected smartphone here.

WeepingAngels said:
Here's a thought, what happens when you have all your passwords tied up with your phone and you decide not to use a cell phone anymore (or can't afford it anymore)? Is there a way to turn off all this extra security or are you just locked out of your own accounts?
Usually you need to use two step authentication to disable two step authentication. so your shit out of luck. That being said, not using your phone anymore is not really an option in modern world. phones are such a necessity they are now added to powerty measurements and you are bellow poverty line if you dont have a cell phone.
 

RJ 17

The Sound of Silence
Nov 27, 2011
8,687
0
0
Strazdas said:
RJ 17 said:
They should do it the way Blizzard does it and just have an app - registered with your PSN account - you get on your phone that generates a random verification code every 30 seconds.
Insert every single person that does not use a network connected smartphone here.
And then promptly remove them since the authenticator is also available as a computer ap.