• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

I'm a bit paranoid about losing my PSN account

Generic

Generic

Member
One of the questions Sony support asks when your account is compromised/hacked is the city/state where your PSN account was created. When I created my account I did put the right postal code, but my internet service back then (10 years ago) used dynamic IPs, which means my IP-location was all over the country. I'm not sure if Sony bases the location on the IP or the postal code.

Ps: I have 2FA on but my OCD is killing me :(
 
Last edited:
timmyp53

timmyp53

Member
Generic said:
One of the questions Sony support asks when your account is compromised is the city/state where your PSN account was created. When I created my account I did put the right postal code, but my internet service back then (10 years ago) used dynamic IPs, which means my IP-location was all over the country. I'm not sure if Sony bases the location on the IP or the postal code.

Ps: I have 2FA on but my OCD is killing me :(
Click to expand...
Why are you worried about compromise? Just follow best security practices on the web, watch what email and communications you have, never allow remote access, have a good AV program, and change your passwords across sensitive sites and email regularly . You can keep your 2fa backup codes Physically in your house as well.
 
Last edited:
kraspkibble

kraspkibble

Permabanned.
dont worry too much about it. you should be fine telling them your ISP and answering other questions.

you wont need to answer the questions if your account isnt compromised. practice good security. set up 2fa. not with sms/email but one time codes. set a strong password and if you arent using a password manager already you should do that. i only know 1 password and its the one for my pw manager. all my passwords look something like this:

uF7^@b2$$7M%4
mY1jn4@%1%!6O
2O@Sr5HZ%$8oP0!!

and i make sure i change them regularly. if an account supports 2fa its getting turned on.
 
Last edited:
HTK

HTK

Banned
Just make sure you have 2FA turned on bro. I have a 3 letter PSN name, every week I get a notification of someone trying to break into my account.
 
Generic

Generic

Member
timmyp53 said:
Why are you worried about compromise? Just follow best security practices on the web, watch what email and communications you have, never allow remote access, have a good AV program, and change your passwords across sensitive sites and email regularly . You can keep your 2fa backup codes Physically in your house as well.
Click to expand...
I'm worried about being hacked.
billyxci said:
dont worry too much about it. you should be fine telling them your ISP and answering other questions.

you wont need to answer the questions if your account isnt compromised. practice good security. set up 2fa. not with sms/email but one time codes. set a strong password and if you arent using a password manager already you should do that. i only know 1 password and its the one for my pw manager. all my passwords look something like this:

uF7^@b2$$7M%4
mY1jn4@%1%!6O
2O@Sr5HZ%$8oP0!!

and i make sure i change them regularly. if an account supports 2fa its getting turned on.
Click to expand...
Question: why is 2FA based on one time codes better than sms?
 
spawn

spawn

Member
As long as you have 2FA you should be good man. I've had my PSN since 2009 and once had someone try to log-in, but 2FA saved me
 
cash_longfellow

cash_longfellow

Gold Member
HTK said:
Just make sure you have 2FA turned on bro. I have a 3 letter PSN name, every week I get a notification of someone trying to break into my account.
Click to expand...
My guess - HTK? 😂🤪
Edit - Bruhhh, that is the longest I have ever laughed at the triggered emoji 😂
 
Last edited:
  • Triggered
Reactions: HTK
cash_longfellow

cash_longfellow

Gold Member
I got hacked one time way back. I only noticed because on my ps4 feed it said I recently watched whatever the hell that free Sony superhero show was around ps4 launch. I had also apparently played Limbo that night. I knew neither happened because I was busy with my girls 🐈 all night that evening 🤪. Been 2FA ever since and being nice to PlayStation support on the phone made it simple to get my account back. Just be pleasant and honest if it happens. Only one failed attempt since I turned on 2fa.
 
OOGABOOGA

OOGABOOGA

Banned
Just hack it back
2r8F9rTBenJR53djxFsSuL5odkWt8ccbVuLuE5Ns2aJ15XTeiT28Qigj9cq8VusvTUcHPbNoGkX1W8LF8XEhgLnycrQNoNtQ4aVC2QEuMaE3q1s5ezCacQB5cvqHQMr2y
 
Fbh

Fbh

Member
I've "lived in Alaska" for over 10 years now even though I've never set foot in the USA. I just hope they never crack down on people who aren't in the US having US accounts.
To be fair back when I created my account Sony had no local PSN service and the manual in some of their "latin american" verisons of games told you to create a US account. They had a time window to migrate accounts when they opened the local PSN but I missed it.

Still don't know why they make such a big deal about changing regions. It's not like they offer regional pricing and they could always do stuff like needing a locally issued credit card to validate the change or something like that.


Anyway, I wouldn't worry too much. 2FA is pretty safe.
 
Shifty

Shifty

Member
Generic said:
Question: why is 2FA based on one time codes better than sms?
Click to expand...
Eh, this is a whole thing.

Technically speaking it's more secure to tie generation of a one-time code to an authenticator app, because it effectively turns your phone into the physical key used to access your account.
The only way it can be compromised is if someone steals the phone from you, or if the authenticator app itself is compromised on the developer side.

Tying it to an email address introduces additional attack vectors - if your email account gets compromised (i.e. through a device you have logged into it, or the email provider itself being hacked), the attacker can access your PSN in the same way you would.

SMS is a bit more of a grey area. The same logic as email applies, since I believe there are setups out there that allow an SMS account to be shared between multiple devices, but most folks have a traditional one-SIM-one-device deal that puts it on the same footing as an authenticator app - i.e. a prospective attacker would have to physically steal the phone in order to gain access access to it.

That's the unbiased take. Personally, I think the rise of authenticator apps is not an entirely altruistic measure given that we live in the age where every company under the sun wants a place in your phone's app tray and a piece of your mindshare.

None of the ones I've encountered so far have been badly behaved (i.e. none of them push ad notifications or whatever other crap usually comes with halfassed corpo shovelware), but I favour SMS where possible because I resent being forced to install third-party software in order to use a service that otherwise has nothing to do with my phone.
 
Last edited:
timmyp53

timmyp53

Member
Generic said:
I'm worried about being hacked.

Question: why is 2FA based on one time codes better than sms?
Click to expand...

Shifty said:
Eh, this is a whole thing.

Technically speaking it's more secure to tie generation of a one-time code to an authenticator app, because it effectively turns your phone into the physical key used to access your account.
The only way it can be compromised is if someone steals the phone from you, or if the authenticator app itself is compromised on the developer side.

Tying it to an email address introduces additional attack vectors - if your email account gets compromised (i.e. through a device you have logged into it, or the email provider itself being hacked), the attacker can access your PSN in the same way you would.

SMS is a bit more of a grey area. The same logic as email applies, since I believe there are setups out there that allow an SMS account to be shared between multiple devices, but most folks have a traditional one-SIM-one-device deal that puts it on the same footing as an authenticator app - i.e. a prospective attacker would have to physically steal the phone in order to gain access access to it.

That's the unbiased take. Personally, I think the rise of authenticator apps is not an entirely altruistic measure given that we live in the age where every company under the sun wants a place in your phone's app tray and a piece of your mindshare.

None of the ones I've encountered so far have been badly behaved (i.e. none of them push ad notifications or whatever other crap usually comes with halfassed corpo shovelware), but I favour SMS where possible because I resent being forced to install third-party software in order to use a service that otherwise has nothing to do with my phone.
Click to expand...
What shifty said and also SMS is not too hard for bad actors to perform successful social engineering attacks. Whether it be by convincing victims via well crafted communications, that they are sony via email/sms, or the rarer case where bad guy convinces the phone carrier to take over your phone line/sim.

Since you are paranoid i think you will be ok.

Edit: 1 benefit of utilizing 2FA with auth apps is that you can swap devices much easier depending on the application. If you lose your phone with sms you will have a lot of trouble unless you have contingency plans.
 
Last edited:
ManaByte

ManaByte

Gold Member
Shifty said:
SMS is a bit more of a grey area. The same logic as email applies, since I believe there are setups out there that allow an SMS account to be shared between multiple devices, but most folks have a traditional one-SIM-one-device deal that puts it on the same footing as an authenticator app - i.e. a prospective attacker would have to physically steal the phone in order to gain access access to it.
Click to expand...

SMS spoofing - Wikipedia

en.wikipedia.org en.wikipedia.org
www.vice.com

The Hackers Who Can Hijack Your SIM Card Using Only Your Phone Number

Meet the hackers who flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victims' weakness? Phone numbers.
www.vice.com www.vice.com
 
Last edited:
Shifty

Shifty

Member
ManaByte said:

SMS spoofing - Wikipedia

en.wikipedia.org en.wikipedia.org
www.vice.com

The Hackers Who Can Hijack Your SIM Card Using Only Your Phone Number

Meet the hackers who flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victims' weakness? Phone numbers.
www.vice.com www.vice.com
Click to expand...
Interesting, thanks for posting this. The wiki page makes it sound like the equivalent of sending spam email from a fake address (i.e. relying on users handing out sensitive info to someone posing as a service provider), but the Vice article is quite explicit about how an SMS-based breach would be a genuine threat regardless of a user's security practices:

First, criminals call a cell phone carrier’s tech support number pretending to be their target. They explain to the company’s employee that they “lost” their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering—perhaps by providing the victim’s Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years)—the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card.
Click to expand...

The notable point to me being that the social engineering attack is made against the service provider, not you, so being savvy isn't enough to protect against it.

It's contingent on the attacker already having the information necessary to pass the mobile carrier's security checks, but that's also not something you can guarantee against unless you've never handed out your details ever. And even then, government databases aren't impenetrable.

So I suppose - begrudgingly - that the app solution is the most secure. Stupid information age :messenger_unamused:
 
Last edited:
ManaByte

ManaByte

Gold Member
Shifty said:
So I suppose - begrudgingly - that the app solution is the most secure. Stupid information age
Click to expand...
Always use an app. The MS authenticator is probably the best (better than Google) because it can be backed up to both OneDrive AND iCloud in case you change devices.

But I think PSN (at least in the US) only allows SMS 2FA.
 
The_Mike

The_Mike

I cry about SonyGaf from my chair in Redmond, WA
Shifty said:
If you could lose a PSN account by moving house, you can guarantee GAF would have had tens of "help me i'm locked out" threads from our technically illiterate contigent by now.

You'll be alright.
Click to expand...
So the average Gaffer is so rich that we move to new homes a dozen of times each year?

Bring me my god damn piece of the cake!
 
RoadHazard

RoadHazard

Gold Member
No, that's not how that works. Almost everyone has a dynamic IP, they could never base it on that.

And people also move, as has been noted.
 
Last edited:
RoadHazard

RoadHazard

Gold Member
ManaByte said:
Always use an app. The MS authenticator is probably the best (better than Google) because it can be backed up to both OneDrive AND iCloud in case you change devices.

But I think PSN (at least in the US) only allows SMS 2FA.
Click to expand...

That was the case, but they support Google Authenticator now (or the equivalent - I personally use Authy, which is cloud-based and thus cross-device).
 
Last edited:
timmyp53

timmyp53

Member
PSN has supported third party authenicator apps for a awhile now. I use google authenicator because its the only one that allows exporting of keys/tokens to another device manually. I really dont trust backing up my mfa solution to the cloud. I just have the keys stored on multiple devices in my home and can sleep easy even if 1 device were to become inaccessible.
 
ReBurn

ReBurn

Gold Member
I created my PSN account when PSN launched and I've moved 3 times since then. I know what city and state I lived in when I created it because I remember where I was when PS3 launched. Is this really a difficult thing to remember?
 
You must log in or register to reply here.

Similar threads

2023 and I'm unable to change my PSN account region
3
352
RavenSan replied
PSN has come a long way
Opinion 2
58
3K
SkylineRKR replied
My first 3 months with a PS5 is kinda a mixed bag...
2 3 4 5
200
12K
TropicanaTwista replied
  • Poll
PLAYSTATION 6: Potential Innovations, Features, Business Strategies & More (Speculation)
Opinion Analysis Platform 2 3 4
180
12K
Loxus replied
Thinking about getting rid of my physical media for New Years 2024
42
2K
Mr Hyde replied
Top Bottom