Support NeoGAF

[Vince_Russo]

Yup sony has serious issues with customers not activating 2FA.

Are you getting paid for this

Sony should make it mandatory by now -- like Google does -- since they CLEARLY have a real huge problem with this.

Admitting this is not going to make Sony lose the console warzzz ffs I love Playstation too, man. But god damn bro.

 

[TalonJH]

I got hacked on PSN yesterday too.

I've never been hacked before -- ever. I've had XBL, Nintendo ID, Steam etc. forever. It's OK to critique sony sometimes guys.

sony has serious issues with this. Hopefully the hackers don't bypass the two-step process.

I work on the internet so I have dozens of online accounts. I had never had a single account actually compromised til this year with Team Viewer. Time isn't an indicator here. It doesn't mean the last account was the one the on where my information was taken. Sony fucked up in 2011. That's a fact but until there is another actual breach it's on use to take care of our accounts. With Team Viewer, I fucked up. I didn't have 2 Step and my password wasn't the best because I needed other employees to be able to access the account. From then on, I started using Password managers with random generated passwords and 2 Step on all accounts.

 

[E92 M3]

If a GAF member's house gets robbed, do they post on GAF or contact the police first?

Based on all of the medical threads, they will post on GAF first.

--

Either way, there is no excuse to not have 2FA on for all important accounts. Stop being lazy.

 

[Silent Hill]

The hard facts are not shitty replies. Don't want sugar coating when your an account is compromised and need to act quickly.

No, they are shitty replies.

 

[Jindrax]

Seriously GAF sometimes you can be a bunch of dicks.
It may come to you as a surprise but a LOT of people don't know about the 2stepauth for PSN.

After I got hacked last week I called up all my buddies and literally nobody had it enabled because they didn't know it existed.... It may come as a surprise to you guys but we do have other things going for us that we don't read sony newsletters every week. Jeez

 

[exmachina64]

No matter how many of these threads we have, you still have people like OP not bothering to protect their account with two factor authorization.

I just don't get it.

Seriously GAF sometimes you can be a bunch of dicks.
It may come to you as a surprise but a LOT of people don't know about the 2stepauth for PSN.

After I got hacked last week I called up all my buddies and literally nobody had it enabled because they didn't know it existed.... It may come as a surprise to you guys but we do have other things going for us that we don't read sony newsletters every week. Jeez

Two-factor authentication isn't something you only enable for PSN, it's something you should have enabled for your bank account, your email, all your social media accounts, etc. If you don't know about it or don't want to activate it, just accept you're going to get hacked -- especially if you use the same password (or slight variations of one) in multiple places.

 

[TalonJH]

i have a landline phone & a macbook. neither does sms ...

Download Google voice onto your macbook and use that number.

 

[unapersson]

I work on the internet so I have dozens of online accounts. I had never had a single account actually compromised til this year with Team Viewer. Time isn't an indicator here. It doesn't mean the last account was the one the on where my information was taken. Sony fucked up in 2011. That's a fact but until there is another actual breach it's on use to take care of our accounts. With Team Viewer, I fucked up. I didn't have 2 Step and my password wasn't the best because I needed other employees to be able to access the account. From then on, I started using Password managers with random generated passwords and 2 Step on all accounts.

Password managers are the way to go. If you're sharing passwords between important accounts you may as well be "hacking" yourself.

 

[otakukidd]

Are you getting paid for this

Sony should make it mandatory by now -- like Google does -- since they CLEARLY have a real huge problem with this.

Admitting this is not going to make Sony lose the console warzzz ffs I love Playstation too, man. But god damn bro.

... It's not mandatory on Google.

 

[NewDust]

Are you getting paid for this

Sony should make it mandatory by now -- like Google does -- since they CLEARLY have a real huge problem with this.

Admitting this is not going to make Sony lose the console warzzz ffs I love Playstation too, man. But god damn bro.

It's not console warzzz... It's people not realizing how security works and account breaches happen. And fwiw Google hasn't made 2fa mandatory.

 

[TalonJH]

i have a landline phone & a macbook. neither does sms ...

Download Google voice onto your macbook and use that number.

Edit:Actually, you don't even have to download anything now that I checked again. It works through the browser.

Password managers are the way to go. If you're sharing passwords between important accounts you may as well be "hacking" yourself.

Exactly.

 

[mrklaw]

Do you have 2 step set up on your EA account? It sounds like someone has your EA account password. You are receiving it through the save number because a lot of text services us the same number.



You should probably take the time to change the email to one you actually have access to anyway. If someone stole your account, you could have problems reclaiming it because of it. Don't send things to false emails. Create secondary emails and send it to them if you don't want anything attached to your main accounts.

Yeah i got home and logged in, and it sent a code from the same number.

Weird though - my origin account has not only a lastpass generated random password, but a unique email address I registered just for origin (probably after a security alert previously). So it should be very unlikely anyone has both of those. Changed the password just in case

Has there been any news of origin being hacked?

 

[Ninja Scooter]

This seems to keep happening like every 2 or 3 weeks.

This might come as a shock to you, but people's accounts/information getting compromised online happens every day.

 

[otakukidd]

It's not console warzzz... It's people not realizing how security works and account breaches happen. And fwiw Google hasn't made 2fa mandatory.

No place has mandatory 2 factor only people that it is if you force your employees to have it. No one does it with customers.

 

[BarringGaffner]

No, they are shitty replies.

They gave all the information you would ever need in 3 sentences.

I don't think we need threads created for something that can be googled in 1 second that effects one user.

 

[RedAssedApe]

... It's not mandatory on Google.

yep...you know how annoyed and pissy people would be if you made it mandatory on accounts that are free and potentially throw away accounts for many people?

people don't care about security and see it as an inconvenience until something bad happens to them unfortunately.

 

[Kazooie]

If it isn't clear to anyone who hasn't set up 2FA yet:

SET UP 2FA
SET UP 2FA
SET UP 2FA
SET UP 2FA

 

[Neuromancer]

We need another "Sony please fix your security" sticky thread too.

My account hasn't been comprised since the great hack of 2011, and I (and everyone else in the world) gave them plenty of shit for it then. I'd say they have fixed it.

 

[Kayant]

Also I will like to repost this - http://www.neogaf.com/forum/showpost.php?p=227503780&postcount=76

Enabling 2FA on accounts doesn't mean you should be lazy about not having strong unique passwords for every site.

If you can't remember things like similarly writing in down on paper or using a password manager will help you with storage/generate of passwords.

This might come as a shock to you, but people's accounts/information getting compromised online happens every day.

loool

 

[NewDust]

No place has mandatory 2 factor only people that 2 is if you force your employees to have it. No one does it with customers.

I know tell Vince_Russo.

 

[Jindrax]

They gave all the information you would ever need in 3 sentences.

I don't think we need threads created for something that can be googled in 1 second that effects one user.

Yeah careful GAF might reach capacity, too many threads OH NO

 

[RedAssedApe]

that being said sony needs to provide alternative options for the second factor

 

[TalonJH]

Yeah i got home and logged in, and it sent a code from the same number.

Weird though - my origin account has not only a lastpass generated random password, but a unique email address I registered just for origin (probably after a security alert previously). So it should be very unlikely anyone has both of those.

Has there been any news of origin being hacked?

Not that I know of but I would go ahead and generate a new password. It always seems like a hassle but it's just a couple minutes and I hate regretting not doing something later.

 

[louiedog]

... It's not mandatory on Google.

Fortunately.

It'd be a real pain in the ass going through two factor for my spam account that I really only ever open in an incognito window so it doesn't interact with my main account.

 

[Ninja Scooter]

We need another "Sony please fix your security" sticky thread too.

We need another "set up 2FA when available, update your passwords and take some accountability" sticky apparently too. This is nothing unique to Sony. The methods being used to "hack" people's accounts are the same ones used to "hack" into people's email accounts, credit card accounts, Facebook accounts, twitter accounts, etc...on the regular. There is no magical "Sony video game security" solution to this.

 

[horkrux]

Are you getting paid for this

Sony should make it mandatory by now -- like Google does -- since they CLEARLY have a real huge problem with this.

Admitting this is not going to make Sony lose the console warzzz ffs I love Playstation too, man. But god damn bro.

I know this is not a common problem, but if they made it mandatory, I wouldn't be able to copy purchased games from PS3 to my hacked Vita anymore.

So I'm gonna be selfish and say: Get your shit together people and enable it yourselves ffs.

 

[Trace]

that being said sony needs to provide alternative options for the second factor

Like what exactly? SMS number is the most secure because the hacker doesn't have access to your phone. Email doesn't work, hacker might have password for that. Being logged in obviously doesn't work.

 

[Muffdraul]

I remember seeing comments back and forth, "2FA sucks, I hate having to use my phone every time I log in." "No dummy, you only have to do that the first time you log in on that specific console." Well, that's indeed how it works on my PS4. But on any occasion when I want to use my PS3, I have to go through the goddamn text message "one-time" login code rigamarole, every single time. Pretty annoying.

 

[Transistor]

I got hacked on PSN yesterday too.

I've never been hacked before -- ever. I've had XBL, Nintendo ID, Steam etc. forever. It's OK to critique sony sometimes guys.

sony has serious issues with this. Hopefully the hackers don't bypass the two-step process.

Except your PSN did not get hacked.... You got phished through another method

 

[Ninja Scooter]

Except your PSN did not get hacked.... You got phished through another method

You mean someone isn't running around doing this to everyone's PS4?

 

[TalonJH]

that being said sony needs to provide alternative options for the second factor

Agreed, I just prefer to use an app rather than text.

 

[otakukidd]

Like what exactly? SMS number is the most secure because the hacker doesn't have access to your phone. Email doesn't work, hacker might have password for that. Being logged in obviously doesn't work.

SMS is only secure in that the hacker probably isn't going to spoof your simcard in your phone. If that happens then you have a lot bigger problem than your PSN account being hacked. The best thing to allow are tokens or authenticator apps like Google authenticator. The people would have to steal the phone or token to get into it then.

 

[Ponn]

Ok but you make it sound like you're the one who's being inconvenienced. Surely you can understand why that kind of tone is aggravating to the op.

It's not about being inconvenienced, its aggravation of seeing these threads week after week on GAF and people just plain not clicking on them or worse clicking on them, reading what to do and being to lazy to do it. Every option has been discussed to death, every excuse people bring into these threads have been debunked and answered time after time. It's an aggravating part of human nature. Average person not reading GAF ok I can give you a pass for missing the importance of 2FA but even if you don't read GAF every day we have literally had this exact same thread every week for almost a year. It's aggravating to see so many people who should know better fall victim to the human nature of hubris on such a small thing and open themselves up to such a disruption in their lives. It's probably amplified for me having worked in customer service positions and seeing similar disregard for information, instructions, warnings, protection, etc. It's disheartening and frustrating.

 

[Jotaka]

Noob Mini-Guide to Password Security

Your e-mail account is the MOST important account you have in your online life. It's the ultimate stronghold you must keep safe against unauthorized access.

Create an account in an e-mail provider with good history of cyber security against hackers.
Suggestions: gmail.com (Google) or outlook.com (Microsoft)

Password:
The two keywords for a good password is: UNIQUE and LONG (minimum length of 12 characters)
- For this purpose create passphrases instead of a passwords.
- Use part of lyric, part of a quote. You can check this link about diceware, a method to create a passwords:
http://world.std.com/~reinhold/diceware.html
- Don't use this same passphrase EVER again in other websites. Each and every site must have its unique password.
- Mix words from other languages in the passphrases (extra layer on diceware approach).

Enable the 2nd Factor Authentication/Two Step Verification when sign in on either services. Don't forget to save BACKUP codes to access in case your smartphone is not accessible (lost/broken/out of battery)

If you want make your life simpler use a password manager. It will manage for your the UNIQUE and LONG passphrase (or in this case random letters) aspect for you.
e.g:
https://www.lastpass.com
https://www.dashlane.com
https://1password.com/
http://keepass.info

When you are creating your masterpassword for these programs you must use a very strong passphrase.



Check if you are already compromised, go to:

https://haveibeenpwned.com

Time to change your old passwords


Extra Notes:
- Don't enable the security question because you are just opening another hole that a hacker can exploit to get access to your account
- Biometric Security (Fingerprint) is a bad idea: If someone get your fingerprints you are fucked for entire life because you can't change your fingerprints for another. And you leave fingerprints everywhere make very easy to collect them.
- Security Key: it is a usb device, a physical 2nd factor authentication that can be used with your gmail account, lastpass and many other sites and services.

 

[Trace]

SMS is only secure in that the hacker probably isn't going to spoof your simcard in your phone. If that happens then you have a lot bigger problems that your PSN account being hacked. The best thing to allow are tokens or authenticator apps like Google authenticator. The people would have to steal the phone or token to get into it then.

Ohh Sony doesn't have an authenticator app? Weird thought they did. Yea they should definitely add that as an option.

 

[icespide]

You mean someone isn't running around doing this to everyone's PS4?

they tapped directly into the trunk line and opened up all of the sockets

 

[Zera_Bloodwinter]

I didn't even know 2 factor was offered. Just set that shit up. Sorry OP but this helped secure my own account. Hopefully you can get your back ASAP.

 

[RedAssedApe]

Like what exactly? SMS number is the most secure because the hacker doesn't have access to your phone. Email doesn't work, hacker might have password for that. Being logged in obviously doesn't work.

that should be the user's prerogative if they want to be able to use e-mail address for 2fa. i have 2fa on my important e-mail addresses too

people have also mentioned authenticator apps/tokens which most other services let you setup. i an app for 2fa on my phone/tablet for:

amazon, dropbox, facebook, google, microsoft, snapchat, ubisoft, my work, lastpass, blizzard, twitch, etc.

 

[TalonJH]

Ohh Sony doesn't have an authenticator app? Weird thought they did. Yea they should definitely add that as an option.

I should probably check. They didn't when it first came out.

 

[bombshell]

I remember seeing comments back and forth, "2FA sucks, I hate having to use my phone every time I log in." "No dummy, you only have to do that the first time you log in on that specific console." Well, that's indeed how it works on my PS4. But on any occasion when I want to use my PS3, I have to go through the goddamn text message "one-time" login code rigamarole, every single time. Pretty annoying.

PS3 (and Vita) 2FA codes are not one-time use. They are device passwords that you only need to generate once.

 

[WAR recon zero]

I live in Colombia. I set up the 2fa and today i tried to login from the pc and the sms never came

It's fucking annoying. Fortunately I could get a backup code but I cannot get sms for some reason.

What is this free google voice number magic?

 

[justsomeguy]

Always forgot to activate 2FA. Did it now, thanks for the reminder.

Where do I go to enable 2fa? Just opened my ps4 a day ago, couldn't see anything obvious.

 

[DarkestHour]

I just recently enabled the 2FA on my PSN account. To be honest, there's nothing standing out saying "HEY! GO TO YOUR ACCOUNT SETTINGS AND DO 2FA!" You'd think Sony would spend more time letting us know instead of serving advertisements to us on the home screen.

Where do I go to enable 2fa? Just opened my ps4 a day ago, couldn't see anything obvious.

Go to Settings on the PS4. Then go to the Account settings. Easy to setup. Save your backup codes.

 

[TalonJH]

I remember seeing comments back and forth, "2FA sucks, I hate having to use my phone every time I log in." "No dummy, you only have to do that the first time you log in on that specific console." Well, that's indeed how it works on my PS4. But on any occasion when I want to use my PS3, I have to go through the goddamn text message "one-time" login code rigamarole, every single time. Pretty annoying.

Are you using the codes you get from your phone or did you create a device key. For the PS3 and Vita, you need to create a device key and enter it. Then you won't need the text for them. It's what the included i the original information for 2-step but I don't think they've talked much about it otherwise. Hope that fixes it for you.

 

[justsomeguy]

I just recently enabled the 2FA on my PSN account. To be honest, there's nothing standing out saying "HEY! GO TO YOUR ACCOUNT SETTINGS AND DO 2FA!" You'd think Sony would spend more time letting us know instead of serving advertisements to us on the home screen.




Go to Settings on the PS4. Then go to the Account settings. Easy to setup. Save your backup codes.

Thanks buddy

 

[Joni]

that being said sony needs to provide alternative options for the second factor

The alternative is using a strong and unique passwords. They won't all admit but all the people that got hacked used their psn password somewhere else. Every single one of them.

I've never been hacked before -- ever. I've had XBL, Nintendo ID, Steam etc. forever. It's OK to critique sony sometimes guys.

Aside from the fact that you did get hacked somewhere before. That is how they got your password. You also didn't set up 2FA despite Sony sending out an alert about it long ago and the other topics should have warned you considering they all said the same.

 

[bubaglobalj]

I finally activated two-step verification

 

[EmiPrime]

If you have a 30 character unique password nobody is getting into your account. You're not worth the effort.

If you have that AND 2FA well, the only way in is via social engineering and again, that's not worth the effort unless you're a celebrity someone wants to screw with or someone really hates you in which case your PSN account is the least of your worries.

You have the tools to secure your account, if you get "hacked" (you didn't technically get hacked) it's all on you. Anything else is FUD spreading and ignorance.

 

[Muffdraul]

PS3 (and Vita) 2FA codes are not one-time use. They are device passwords that you only need to generate once.

Are you using the codes you get from your phone or did you create a device key. For the PS3 and Vita, you need to create a device key and enter it. Then you won't need the text for them. It's what the included i the original information for 2-step but I don't think they've talked much about it otherwise. Hope that fixes it for you.

Thanks guys, I am definitely missing something here. The steps I go through are this:

1. I boot up my PS3 and I have to log in manually, even though I always make sure the "Sign In Automatically" box is checked. My email address is filled in automatically but I have to enter my password.

2. It tells me my log in info is incorrect and that I have been texted with a one-time use log in code. It says that after I have logged in by entering that code as my password, from then on I will be able to log in using my real password. I think it even recommends using the Sign In Automatically option. Again, I always make sure that box is checked.

3. After I've logged in using the fresh texted code, it's all good. And I know my password is correct, because it works fine when I use it to update my account info. But the next time I boot up the PS3, I have to start over at step 1.

It seems like I'm missing something about this "device key," I don't recall them giving me any instructions on how to set that up. I guess I assumed that's what I was doing. What am I missing here?

 

[EmiPrime]

Thanks guys, I am definitely missing something here. The steps I go through are this:

1. I boot up my PS3 and I have to log in manually, even though I always make sure the "Sign In Automatically" box is checked. My email address is filled in automatically but I have to enter my password.

2. It tells me my log in info is incorrect and that I have been texted with a one-time use log in code. It says that after I have logged in by entering that code as my password, from then on I will be able to log in using my real password.

3. After I've logged in using the fresh texted code, it's all good. And I know my password is correct, because it works fine when I use it to update my account info. But the next time I boot up the PS3, I have to start over at step 1.

It seems like I'm missing something about this "device key," I don't recall them giving me any instructions on how to set that up. I guess I assumed that's what I was doing. What am I missing here?

Vita and PS3 need a per device password. Go to the 2FA setup page and generate a unique password for your PS3.