As a former network and security admin, I always try to use double-factor authentication wherever I go, especially if the data that I’m protecting is important to me. I use the Steam authenticator to sign into my account, which is also protected by Steam Guard. I have Google’s double-factor schemes all turned on for my account and mobile devices. And soon, I’ll be able to enable it on my PlayStation account as well. Sony, the company least famous for its security policies and protecting customer data, has two-step authentication planned for PSN accounts available on all its devices, and it’ll be rolling out pretty soon.
The latest update to the PlayStation 3’s software, version 4.80, landed just yesterday for users. It seems to be the first device targeted for the rollout, which now seems quite logical considering how many millions of these things are out there (at the last count in March 2016, about 85 million units sold since launch). If you enter your login details incorrectly on the PS3 with the latest update, you get this message:
The functionality isn’t quite ready yet, and a Sony representative confirmed to Polygon that the feature was coming, but they were still preparing for it. It’ll likely take effect after the maintenance period scheduled for the US regions.
This is at least ten years too late considering how many other internet-facing companies have support for two-factor authentication, but it’s still a welcome change. Sony’s message talks about a text message, but I wonder if there’s ever a chance that they’ll create an authenticator into their PlayStation mobile application. Steam does this already for their Steam Guard authenticator, and it’s quite useful. Blizzard’s Battle.net authenticator also works well, and is quite secure.
This should solve the issue of accounts being compromised easily, and signing in and adding a console to your account should be much harder for a hacker to do. The other problem it would solve for Sony is that of account sharing, although if you trust the other person using your account, you can just tell them the password when it comes through in the text.
If you haven’t already done so, have a gander through the list of applications and services on 2FA.org and see where you can enable it and improve your security. No application or service that has access to your data is ever completely secure, but the more layers of protection you have, the better your chances are of surviving identity theft.