Support NeoGAF

[Fbh]

Well about fucking time.

I can picture the intern behind this 7 years ago:

" Sir I've been watching GAF and other gaming sites and the hacking of PSN accounts is getting pretty frequent"
"Yes we know. But we have 200 people working on stability updates and you can't expect us to tell them to work on less important stuff"
"But sir people are losing their accounts and our shitty support isn't helping them"
"yes but do you think they even want to have an account on an instable console?"
" Wha... what if I work on it for free?"
"Ok but you can only spend 15 minutes on it during the week"

This is probably a series of very stupid questions, but with the upcoming 2FA I'm keen to know:

Normally, whenever I turn on my PS4 I log into PSN manually, and sign out whenever I'm about to turn the console off. For whatever reason I never like staying signed into a service if I'm not using it.

Assuming I don't want to be inundated with 2FA text messages every time I log in, would it be better to never sign out of PSN on my PS4? Is there any downside to this method? Does turning off the console count as signing out, so it won't look to friends like I'm still online when the console isn't even on?

When the console is off you are signed out and don't appear as online to your friends (same with rest mode)

The only "down side", if you want to call it that, of not singing out manually is that if someone breaks into your house and steals your console they would have acces to your account (because the console will log in automatically when they turn it on). But keep in mind that the chances of that happening are low and that even if it happens they would still need access to your original password and/or email adress in order to change the password. And the chances of all of that happening are lower than the chanes of some one hacking your account because of lack of security from not using two factors authentication

 

[Angel_DvA]

About time Soony...

 

[Vex_]

The threads didn't do shit. The people getting their accounts comprised and having to continuously go to Sony did.

Exactly.

 

[EmiPrime]

Those of you who think this will have a significant impact on account breaches don't understand human nature. Blizzard have the best 2FA around but when I played WoW I knew people who wouldn't enable it because they thought it was a pain in the arse when they went to Internet cafes. Most users don't know 2FA exists and among those who do, most won't enable it because they think it's a hassle.

Among your friends how many do you know use 2FA for their Email or their Facebook? I don't think I know more than a few people in real life who use 2FA and among those are my parents and that's only because I set it up for them.

 

[oSoLucky]

Those of you who think this will have a significant impact on account breaches don't understand human nature. Blizzard have the best 2FA around but when I played WoW I knew people who wouldn't enable it because they thought it was a pain in the arse when they went to Internet cafes. Most users don't know 2FA exists and among those who do, most won't enable it because they think it's a hassle.

Among your friends how many do you know use 2FA for their Email or their Facebook? I don't think I know more than a few people in real life who use 2FA and among those are my parents and that's only because I set it up for them.

I completely agree, but I would think that users who post on a gaming forum are more of the kind to use 2FA than not. Some take the number of threads created as a barometer of the amount of account breaches going on and that's misguided at best. As a whole, I don't think it's going to have a significant impact(and probably why Sony took so long), but I am still extremely glad it came about. This is one of the last services/games that I use that didn't have it implemented. I learned my lesson getting my WoW account stolen before their 2FA and some PSN charges in 2012 made fraudulently, but sadly, I know people who have had accounts "hacked" and still don't use 2FA.

 

[awilliams213]

Not going to complain just glad they are finally doing it.

 

[michaelius]

Stop victim blaming. You are part of the problem.

People have had unique passwords and still been hacked.

In case of passwords victim blaming is correct in majority of cases.

Even if they didn't use same password on different sites how many of them had password resistant to dictionary attack ?

 

[shandy706]

ABOUT
FUCKING
TIME!

these weekly threads of accounts being hacked had me nervous

.. ^^ This

 

[PodcastFips]

We have had two 'I've been hacked' threads in the last few days, this cannot come soon enough.

Two? I think we had 5 during the last week.

 

[Wace]

A bit offtopic, but still: is it only me seeing GitLab page here or is something really wrong with EU PS Blog?

https://blog.eu.playstation.com/

 

[TheSeks]

A bit offtopic, but still: is it only me seeing GitLab page here or is something really wrong with EU PS Blog?

https://blog.eu.playstation.com/

Not just you.

 

[Wace]

Not just you.

And now I wonder how many people will submit their PSN credentials on this page...

 

[PodcastFips]

And now I wonder how many people will submit their PSN credentials on this page...

That does not exactly look like a hacked page though.

 

[Wace]

That does not exactly look like a hacked page though.

No, it's not. But it fits so nice with topic of security. Anyways, created separate thread.

 

[TheSeks]

And now I wonder how many people will submit their PSN credentials on this page...

Apparently right after I posted that, the main site is back. So it seems they use a CMA on GitLab for their blog?

 

[Zack Zavage]

So Sony has finally taken a look at all those NeoGAF threads, at last.

 

[LordOfChaos]

Oh, a reddit mod wrote this as top comment, who is this guy who posted it?

"Marking this as rumour since there's no verified information here, until more concrete evidence is supplied."

OP title should be marked as rumour then at least?

Quoting because a lot of people seemed to blow past it - was this ever actually verified?

 

[bunkitz]

Awesome. More security is never a bad thing, especially not these days.

 

[Hidden One]

What about USA

 

[Pandora012]

A bit offtopic, but still: is it only me seeing GitLab page here or is something really wrong with EU PS Blog?

https://blog.eu.playstation.com/

It's normal on my end

 

[RealityCheque]

Going by the comments, some people who got their account hijacked seems to be quite happy about this 2FA news.

Which is kind of like thanking someone for deciding to stop kicking you in the ass.

 

[schwabdizzle]

Let me use Hotpin

 

[EmeraldSwords]

ABOUT
FUCKING
TIME!

these weekly threads of accounts being hacked had me nervous

They weren't hacked..

 

[5taquitos]

Yo AusGAF, is this shit live yet?

 

[Daggoth]

Yo AusGAF, is this shit live yet?

Nothing new under PS4 / Account / information / security.

 

[endlessflood]

So the source is a random poster on reddit?

 

[etta]

Wait, what's happening?
Not live yet, and there was no official source?

 

[Neuromancer]

Great news if true.

I may stick with point cards anyway since I get credit towards Best Buy reward certificates from buying them from there.

 

[E92 M3]

Hopefully Sony doesn't leave a loophole that can be socially engineered.

 

[storafötter]

I am kinda worried about an sms authentication system because I have a European phone number but an American account. Hope they dont lock it to American numbers.

 

[Curufinwe]

Great news if true.

I may stick with point cards anyway since I get credit towards Best Buy reward certificates from buying them from there.

I either do that, or buy the codes from Amazon. Either way I earn some kind of reward points.

 

[i-Jest]

THANK FUCK!

(Please be real)

 

[ComputerBlue]

About damn time. Hopefully it comes to the rest of the world sooner vs later.

 

[EmiPrime]

I completely agree, but I would think that users who post on a gaming forum are more of the kind to use 2FA than not. Some take the number of threads created as a barometer of the amount of account breaches going on and that's misguided at best. As a whole, I don't think it's going to have a significant impact(and probably why Sony took so long), but I am still extremely glad it came about. This is one of the last services/games that I use that didn't have it implemented. I learned my lesson getting my WoW account stolen before their 2FA and some PSN charges in 2012 made fraudulently, but sadly, I know people who have had accounts "hacked" and still don't use 2FA.

More inclined for sure but still a minority sadly. Luckily the more these topics come up the more awareness of 2FA spreads even if a fair amount of ignorance about computer security and untruths about PSN get spread with it.

 

[Nheco]

that's why psn store is unavailable (at least trough browser)?

 

[Struct09]

SMS only is disappointing, but it's better than nothing.

SMS is only insecure if you aren't good at knowing where your phone is.

Plenty of companies use SMS, either as an alternative to an authenticator app, or just because most of their customers probably aren't smart enough to understand how authenticator works. Most banks use SMS for 2-factor. Paypal uses SMS for 2-factor. All the companies you mentioned allow SMS as fallback, if it was so insecure, why would it be allowed?

Sadly it can be insecure even if you know where your phone is. It's been shown that SMS messages can be intercepted or redirected, and recently the NIST has deemed that SMS is not sufficiently secure for 2FA. It's definitely better than nothing but we really should get people used to using authenticator apps.

 

[oSoLucky]

Has there been any evidence supporting these claims yet? I'm not going to get my hopes up just yet.

 

[Primethius]

Has there been any evidence supporting these claims yet? I'm not going to get my hopes up just yet.

My question as well.

 

[shotgunbob04]

I expect Sony's 2FA to have the texting service be region-locked, based on the fact that every 2FA I've used has required a US number for a US account.

 

[dallow_bg]

Has there been any evidence supporting these claims yet? I'm not going to get my hopes up just yet.

I asked the same thing but doesn't look like it.

 

[Ashler]

Picturing it right now... can't enable 2-way auth because my cell phone number's country code is not the same as the registration country, lol.

 

[joeposh]

Finally. Someone has been trying to force their way into my account for several weeks now -- spamming me with password reset requests. I've been worried they'll eventually find the winning combination if extra steps aren't taken.

 

[Aurizen]

Guys! #BetterPSN is a success!

 

[Shifty]

Right.

How can they fuck this up? Place your bets ladies and gentlemen.

 

[theangrypirate]

What about USA

It's being tested in lower traffic regions first. If all goes well USA will be enabled the last week of August.

 

[Asmodai48]

Whatyearisit.gif

 

[Zedark]

Nice, good thing they finally added this. Was getting ridiculous how easy and often people became victims of hacks on PS4 because of the omission of this feature.

 

[mrklaw]

Those of you who think this will have a significant impact on account breaches don't understand human nature. Blizzard have the best 2FA around but when I played WoW I knew people who wouldn't enable it because they thought it was a pain in the arse when they went to Internet cafes. Most users don't know 2FA exists and among those who do, most won't enable it because they think it's a hassle.

Among your friends how many do you know use 2FA for their Email or their Facebook? I don't think I know more than a few people in real life who use 2FA and among those are my parents and that's only because I set it up for them.

The sort of people that actively look for 2FA are also more likely to have unique usernames/emails/passwords per site or use a password manager. So they'd need it less because these breaches are likely just reusing user/pass from other hacked sites

Although 2FA will help some people as it is often - like here on Gaf - cited as valuable so that will rub off on some people who will continue to use the same details across other sites but will be more secure with this as a fairly effective sticking plaster


...right up until the moment we find out Sony will let you change the mobile phone number simply by logging in and not putting that part behind 2FA itself..

 

[YianGaruga]

Don't really care how many people will use it, if someone doesn't have it and gets hacked at least its their own fault.

I just want my own account to be safe(er)

 

[sechsterangriff]

So, no support for token/authenticator apps or devices? What's the point then?