PlayStation Network getting two-factor authentication, Sony confirms

[Aranea Highwind]

Sony is making a long-awaited effort to shore up security on the PlayStation Network — the company is planning to add two-factor authentication to the service, Sony confirmed to Polygon today.

 

"In order to further safeguard our users and their accounts, we are preparing to offer a 2-step verification feature," a Sony representative said.

 

The spokesperson did not offer a time frame at this point, saying only that "more details will be shared at a later date." Sony updated the PS3's firmware to version 4.80 yesterday, and users noticed that if they entered incorrect login information, the system mentioned two-step verification — which isn't currently available on PlayStation Network accounts. Those accounts are used on PlayStation 4, PlayStation 3, PlayStation Vita, the web, the PlayStation mobile app and the PlayStation Portable.

 

Two-step verification, also known as two-factor authentication, is a process that requires users to enter two different "factors" when logging into a service. Generally, this means "something you know" (your existing login details) as well as a second piece of information from your phone, typically a six-digit code generated by a mobile app or received in a text message ("something you have").

 

Once you sign in with your correct username and password, you must also type in the second code in order to complete the login process. Two-step verification is much more secure than a password alone, since it means that a hacker would also need your phone — a device that is in your possession — in order to access your account.

 

http://www.polygon.com/2016/4/20/11470660/psn-two-factor-authentication-playstation-network

 

[crimsonidol38]

Good to see that change. Hope other features that are featured by services like Steam (e.g. removing games from your library permanently on your own choice) will come, too. 

[BlindMango]

Awesome! It will be nice to see this

[Maxximum]

Great! This will reduce the amount of PSN Accounts' loss

Edited April 20, 2016 by ee28max

[amebapiko]

Nice to know they are implementing something that's really a necessity these days for services like this, hopefully someday ID changes will come. 

[Lance_87]

Ahem... i thought PSN accounts already had secret questions/answers and PIN codes other than the usual passwords?

[Kishnabe]

Finally.....why did it take so long....especially after so many account problems.

[Satoshi Ookami]

This is good, albeit standard (thus, way too late), process but... there's a little problem.

If you have the PSN credentials saved and have auto-log in enabled, it won't log you off, thus, nothing happens for already compromised accounts...

 

But definitely a step forward for future

[MMDE]

Well... then there's the pass the hash security issue...

[NotAFoxAnymore]

As long as it doesn't cause them to have the same loophole that the Xbox version had/has. There was a security loophole that caused me to be unable to access my account at all (I don't even remember it well enough to explain since this was in 2013). Furthermore Xbox support didn't even attempt to help me in any of the 5 times I live chatted with them or the 2 times I called them. Though that's what caused me to say fuck it and buy a ps3, so that's partly why I'm even here today

[Arkthur]

I can't waste 2 seconds on some half-assed security method. Lame SONY, lame.

[Superstarmaste1r]

I can't waste 2 seconds on some half-assed security method. Lame SONY, lame.

Sounds like I nay do more work on trying to sign in just to work which it may make it worse for me as well which is sucks.

EDIT: Actually I was kind of wrong where I read that ps3 has another update that it's only for that where it's cool where it's kind of like Google they said it's like that,but I am hoping it'll only say that if you forget a password instead of constantly saying a message saying "Do you want to add your phone number to remember you" every time I signed in where at this moment my account may not be stolen or wherever than that one incident on 2013 something IDD happen by Sony themselves where contacting the support website is a better option to do it.

Edited April 20, 2016 by Superstarmaste1r

[StrickenBiged]

It's a step in the right direction which will hopefully lead to fewer horror stories about PSN accounts being compromised. 

 

Ideally, they'd take a few more steps too to protect people's money; like requiring you to enter your PAYPAL password, rather than your PSN password when making purchases via that service, and un-linking credit cards from the account if the sign in is on a console that the user has not used before. 

[NotAFoxAnymore]

I can't waste 2 seconds on some half-assed security method. Lame SONY, lame.

 

You'd be losing a lot more than 2 seconds if your account got hacked. Either way it'd probably be optional.

[Arkthur]

You'd be losing a lot more than 2 seconds if your account got hacked. Either way it'd probably be optional.

That's 2 seconds per log in. If you enter your account an average of 10 times per week, thats 80 seconds a month. 960 seconds per year, ain't nobody got time for that.

[Guest]

How about they just have a phone/google authenticator app

 

Or maybe we should just get some sort of PSN card with chip and we just have to enter it/swipe it on the Ps4k...

Edited April 22, 2016 by ERGOPROXY-DECAY