Yeah no, I am not giving Sony my mobile number I do not trust them to keep that info safe.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Somebody keeps trying to reset my PSN password.
- Thread starter Wowfunhappy
- Start date
Yeah no, I am not giving Sony my mobile number I do not trust them to keep that info safe.
xenorevlis
Member
HAHAHAHA, right over your head
skullmuffins
Banned
How often do you need to log into PSN when you don't have your phone with you?
Sword Of Doom
Member
This thread is nuts
The Last One
Member
This is like someone is trying to break into your house but you don't want to call the police.
theangrypirate
Member
No offense but you sound like you are clueless. Someone has your email address and password from a previous leak. They are trying to gain access to your account right now. Once they get access they are going to lock you out of your account and sell it so whoever buys the account and activates their ps4 on your account as their main console will get all of your media entitlements. Enable 2FA, make sure your password is unique. You will only have to use 2FA when you buy something on your console or when you sign in through the web. It blows my mind that people can protect themselves so easily and refuse to do so.
Wowfunhappy
Member
If someone has my password, why are they trying to reset it? This is what I'm not understanding.
styl3s
Member
I don't care how super awesome anyone thinks their password is because i have had personal accounts compromised while having the most complex fucking password.
Take the fucking 60 seconds it takes and click this link and setup 2 step. While you are at it set up 2 step for every other account to every other service that offers it including, no, especially including your fucking email.
StrikeFirst117
Banned
Turn on 2FA OP you done goofed, doesn't matter whether you think your password is good enough the fact is having an extra layer of security to your account doesn't hurt at all.
Wowfunhappy
Member
nullpoynter
Member
Annoying or not, enable 2FA. A little inconvenience is better than having your account compromised. Don't blame Sony when your account is finally compromised.
I have to agree with going 2FA before anything because of the fact that it really isn't that inconvenient. Better to have it now before it's too late when you have to go to Sony support and based off of what other people say, it's not going to be of much help in recovering your account worst comes to worst.
Unless you're constantly logging out or logging in from new devices, it shouldn't be that intrusive in the slightest for the email thing. I think the last time Google asked me for authentication was about a month and a half ago when the broken Windows 10 Anniversary Update came out and forced me to reformat my computer.
I have 2FA on my Gmail account and I haven't had to reauthenticate on any of my devices since my very first authentication. Same goes for PSN's 2FA.
I'm not sure what you're hoping to get out of this thread besides a lot of bewildered posts. I guess that's the point. Congratulations!
valkillmore
Member
And repeat.
Septimus Prime
Member
One issue with Gmail accounts, specifically, is that Gmail ignores periods anywhere within your email address (some yourname@gmail and your.name@gmail both route to the same place), whereas PSN doesn't.
What could possibly be happening is that someone else used a variation of your Gmail address with a period somewhere to sign up for PSN, which PSN would allow and treat as a completely separate account, and then forgot his password. So now he's probably trying to reset his password but can't because the emails are going to you.
I actually had (still have) this problem with me PSN account. Someone in Europe is doing what I described above with my email address, but it's not a big deal because his account is completely separate from mine (though I get his promotional emails from SCEE), and I have 2FA enabled.
Someone in India actually also did the same thing to create an Uber account, so I logged in and changed the credentials.
Again, someone in India did the same to me with eBay or some other auction site, and again I logged in, messed up all his listings, and changed credential information.
What could possibly be happening is that someone else used a variation of your Gmail address with a period somewhere to sign up for PSN, which PSN would allow and treat as a completely separate account, and then forgot his password. So now he's probably trying to reset his password but can't because the emails are going to you.
I actually had (still have) this problem with me PSN account. Someone in Europe is doing what I described above with my email address, but it's not a big deal because his account is completely separate from mine (though I get his promotional emails from SCEE), and I have 2FA enabled.
Someone in India actually also did the same thing to create an Uber account, so I logged in and changed the credentials.
Again, someone in India did the same to me with eBay or some other auction site, and again I logged in, messed up all his listings, and changed credential information.
I noticed a bunch of these emails this week on a seldom used email address that is not the address associated with my PSN account. What's also odd is that the links in the email are for the EU Sony site. I don't ever recall creating an EU account. It's possible I did and just don't remember. Anyway, this was enough of a reminder to turn on 2 factor authentication just to be safe. I've read enough horror stories about people being locked out of their accounts for months after they've been compromised.
I'm kinda with the OP that 2FA shouldn't be necessary here presuming the password is complex and only used for PSN.
That said, as someone who has had their primary PSN account of almost 10 years permabanned because someone stole my acct and logged in on a hacked ps3... you're stupid if you don't enable 2FA.
It was obvious it wasn't me that logged my PSN account into a hacked PS3 (hadn't used a PS3 in over a year), but it was... most unpleasant... to have >$1000 of my digital purchases removed from my possession.
There was no temporary ban, no warning, nothing. Just thousands of dollars of my purchases gone. I talked to 3 different people at Sony, all of which said that permabans are irreversible, and permabans are always applied for violations of TOS, which logging in on a hacked device is. From what I've read a chargeback = permaban, and that's what you're risking right now.
So, OP, do want you want.... but by not enabling 2FA you're risking your entire digital library.
That said, as someone who has had their primary PSN account of almost 10 years permabanned because someone stole my acct and logged in on a hacked ps3... you're stupid if you don't enable 2FA.
It was obvious it wasn't me that logged my PSN account into a hacked PS3 (hadn't used a PS3 in over a year), but it was... most unpleasant... to have >$1000 of my digital purchases removed from my possession.
There was no temporary ban, no warning, nothing. Just thousands of dollars of my purchases gone. I talked to 3 different people at Sony, all of which said that permabans are irreversible, and permabans are always applied for violations of TOS, which logging in on a hacked device is. From what I've read a chargeback = permaban, and that's what you're risking right now.
So, OP, do want you want.... but by not enabling 2FA you're risking your entire digital library.
You're also one of those people against seatbelts, aren't you?
Whoa, damn that Anniversary Update. I think my computer's going to install it again when I reboot. I'll just keep rolling back, then.
I'm one of those people that has to dick around with their phones often. I have my browser set to delete all cookies everytime I close it. So I'm constantly waiting for a text or using the authenticator app for Gmail, Youtube, Microsoft (outlook and bing rewards), Sony (now, but I rarely sign-in on my computer), bank, insurance, kickstarter, Amazon...
I still think it's worth it.
If your main devices have auto-login, it only sends a code once and that's it.
You say you constantly clear cookies, which has no effect on the PS hardware. Now for internet browsing, then clear the cookies of everything but PS Store
Heck, don't clear cookies that often and browse everything on incognito tabs, except the sites you visit often (or just PS Store).
You say you constantly clear cookies, which has no effect on the PS hardware. Now for internet browsing, then clear the cookies of everything but PS Store
Heck, don't clear cookies that often and browse everything on incognito tabs, except the sites you visit often (or just PS Store).
Not wanting to turn on 2 Factor is pretty stupid, OP. I understand you're not always by your phone, but do you really need PSN access when it's not by you? Not like you type a code in everytime you turn on your PS4.
Also enable it for your Gmail. That's kinda the key to all of your accounts. Enable it for your bank, enable it for Amazon. It takes 5 mins to do all of these.
Also enable it for your Gmail. That's kinda the key to all of your accounts. Enable it for your bank, enable it for Amazon. It takes 5 mins to do all of these.
Wowfunhappy
Member
The problem is that I clear my cookies CONSTANTLY.
2FA means needing to use my phone EVERY. SINGLE. TIME. I log in via a computer. If you don't clear your cookies, you probably have a much better experience with 2FA than I do. But that doesn't change the fact that it's a massive, massive pain for me personally.
I use a password manager. I have strong, randomly generated, individualized passwords for all my accounts. Unless Sony literally just gives my password out, no one is going to get it, so I don't understand why I should be subjected to the extra trouble.
Lighthouse
Member
It is annoying for me because the remember this computer option never works, but in this day and age its a necessity.
Wouldnt using a gmail alias as has been suggested in this thread solve your problem as the person trying to access your account would no longer have the email linked with your psn?
Regardless enable 2FA. Your PS4 will stay logged in, no cookies.
edit. They also give you some one time use codes for when you dont have access to your phone.
...So don't login to PSN on your computer? Use it only on your console(s) like you should be doing?
Activate 2FA so when they DO get through (and they will if they are persistent enough to social engineer you) they can't login to your account without your phone.
Stop being dumb because "I NEED TO USE MY PHONE TO LOGIN ALL THE TIME!!!11!1!" as an excuse.
A strong password is good enough though.
Shao Kahn Brewing a Stew
Banned
Wow. Can I call you wow? Wow, remember that there are millions of website out there, and atleast a dozen of them have your email address.
Have you heard of the following website "Have I been pwned"? It's one of the nice websites that is telling folks if your data is out there in the wild.
https://haveibeenpwned.com
Nowadays, it's very easy to get someone's password via social engineering and via dozens and dozens of websites that have been hacked lately.
You know this "Two Factor Authentication" that everyone keeps talking about? It's basically there because companies have given up on making things secure, because eventually the password will crack. Nowadays, computers are good enough to crack passwords. 2FA is important because it adds a human element to this bruteforcing. No one can access your account, even with password, if you have 2FA activated.
Would you kindly do us all a favor and enable two factor authentication? It's for your own good and not ours.
Second, change your password for other services as well (periodically) no matter how secure your password is.
Third, when you account does hack eventually (if you don't enable two factor), then please cope with the reality that Sony is going to not care and will not return your account to you without complete lockdown.
Hope this helps.
Not unless that strong password has been hashed, publically available via hacks on other services or bruteforced.
Trust me, CENTURION1~ or F#M}KGR3H6 is not a strong password. A strong password is "A_$TRoNG_PASSw0rD_$1$_7118~", which none of you have.
skullmuffins
Banned
Why are you constantly clearing your cookies? Maybe stop that if it's forcing you into weaker account security.
Wowfunhappy
Member
So I think I figured out what was actually happening.
I went to PSN to set up an email alias, but as soon as I logged in, Sony prompted me to change my password. Not sure why, since I'd updated it relatively recently. I obliged Sony and gave it a new password.
...so, I'm assuming what was actually going on is that Sony was sending me password reset emails because it wanted me to change my password, not because someone else was trying to reset it.
Thanks for helping me Neogaf, albeit in a roundabout way.
I went to PSN to set up an email alias, but as soon as I logged in, Sony prompted me to change my password. Not sure why, since I'd updated it relatively recently. I obliged Sony and gave it a new password.
...so, I'm assuming what was actually going on is that Sony was sending me password reset emails because it wanted me to change my password, not because someone else was trying to reset it.
Thanks for helping me Neogaf, albeit in a roundabout way.
Silent Hill
Banned
So I think I figured out what was actually happening.
I went to PSN to set up an email alias, but as soon as I logged in, Sony prompted me to change my password. Not sure why, since I'd updated it relatively recently. I obliged Sony and gave it a new password.
...so, I'm assuming what was actually going on is that Sony was sending me password reset emails because it wanted me to change my password, not because someone else was trying to reset it.
Thanks for helping me Neogaf, albeit in a roundabout way.
Still, activate 2 step.
Shao Kahn Brewing a Stew
Banned
So I think I figured out what was actually happening.
I went to PSN to set up an email alias, but as soon as I logged in, Sony prompted me to change my password. Not sure why, since I'd updated it relatively recently. I obliged Sony and gave it a new password.
...so, I'm assuming what was actually going on is that Sony was sending me password reset emails because it wanted me to change my password, not because someone else was trying to reset it.
Thanks for helping me Neogaf, albeit in a roundabout way.
Wow.
Go turn on 2FA anyway. Don't come back with password vows (I'm keeping my eye on you!).
nullpoynter
Member
Maybe quit constantly clearing your cookies. You're making it harder on yourself.
Puppet Shadow
Member
Isn't there a way (or some browser extension) that lets you whitelist some sites, like PSN, so those cookies aren't wiped with the rest?
lol
So I think I figured out what was actually happening.
I went to PSN to set up an email alias, but as soon as I logged in, Sony prompted me to change my password. Not sure why, since I'd updated it relatively recently. I obliged Sony and gave it a new password.
...so, I'm assuming what was actually going on is that Sony was sending me password reset emails because it wanted me to change my password, not because someone else was trying to reset it.
Thanks for helping me Neogaf, albeit in a roundabout way.
Sony don't enforce password changes under normal circumstances. Someone was targeting your account and you still won't enable 2FA......
nullpoynter
Member
You learned nothing if you didn't enable 2FA...So I think I figured out what was actually happening.
I went to PSN to set up an email alias, but as soon as I logged in, Sony prompted me to change my password. Not sure why, since I'd updated it relatively recently. I obliged Sony and gave it a new password.
...so, I'm assuming what was actually going on is that Sony was sending me password reset emails because it wanted me to change my password, not because someone else was trying to reset it.
Thanks for helping me Neogaf, albeit in a roundabout way.
BasedKiliK
Member
OP, I'm unsure of what you're trying to accomplish here exactly if you won't take the advice repeatedly given. Nearly everyone has suggested 2FA (seriously, I major in cybersecurity and have an occupation in networking support; as a consumer, you need to turn that shit on). You do realize Sony isn't going to do jack shit with your number other than use it for this purpose, and cookies on a PS4? That's not quite how it works. It's "set it and forget it" once you get it going the first with auto login.
If it's really that much of a concern then use a Google Voice number for the 2FA or something (I don't know if this actually works).
But you're basically looking for another solution that doesn't exist.
You were prompted to change it because someone's trying to BREAK INTO YOUR ACCOUNT.
If it's really that much of a concern then use a Google Voice number for the 2FA or something (I don't know if this actually works).
But you're basically looking for another solution that doesn't exist.
So I think I figured out what was actually happening.
I went to PSN to set up an email alias, but as soon as I logged in, Sony prompted me to change my password. Not sure why, since I'd updated it relatively recently. I obliged Sony and gave it a new password.
...so, I'm assuming what was actually going on is that Sony was sending me password reset emails because it wanted me to change my password, not because someone else was trying to reset it.
Thanks for helping me Neogaf, albeit in a roundabout way.
You were prompted to change it because someone's trying to BREAK INTO YOUR ACCOUNT.
Wowfunhappy
Member
I get rid of them for privacy reasons. It's not so much that I'm paranoid and more that I don't want websites/ads tailoring what I see, because I worry it gives me a biased worldview.
Might try whitelisting, but I don't really want Sony (or all the other sites that offer 2FA) to store cookies either.
I don't have a PS4. I have a PS3 and a PSTV, and I'm all-physical on both, aside from some Project Diva DLC. It's the web browser that would be annoying.
But you're right—since I don't log into PSN that often, it wouldn't actually be that big a deal to turn on 2FA for Sony specifically. I mean, I still don't want to give them my phone number (not because I think they'll use it, but because I don't trust PSN to not get hacked again), but it wouldn't b the end of the world...
...Except that it woudn't just be PSN. If I was actually following everyone's advice, I would also turn on 2FA for Twitter, and iCloud, and Dropbox, and Tumblr, and the tons of other services I use on occasion. The time spent would add up. And for what? I have a password manager that auto-generates passwords that are both strong and unique to each service. No one is getting those passwords unless there is a data breach, and if there is, it's isolated to the one service (and I change my password as soon as I hear about it).
I DO have 2FA on my email just because of how central to everything email is.
I really don't want to argue with everyone over this, and it wasn't the reason I made this thread, but I do hope some people can understand where I'm coming from. It isn't that simple for me.
nullpoynter
Member
You know, there are ways to block ads and prevent sites from tracking you without always dumping your cookies. There are browser extensions for that.I get rid of them for privacy reasons. It's not so much that I'm paranoid and more that I don't want websites/ads tailoring what I see, because I worry it gives me a biased worldview.
Might try whitelisting, but I don't really want Sony (or all the other sites that offer 2FA) to store cookies either.
Toni
Member
I get rid of them for privacy reasons. It's not so much that I'm paranoid and more that I don't want websites/ads tailoring what I see, because I worry it gives me a biased worldview.
Might try whitelisting, but I don't really want Sony (or all the other sites that offer 2FA) to store cookies either.
So...did you activate 2-step verification yet?
BigEmil
Junior Member
Is your psn email the same as steam email? From when you got hacked on steam they might've got your email as you made a thread before
http://www.neogaf.com/forum/showthread.php?t=1166135&page=1
http://www.neogaf.com/forum/showthread.php?t=1166135&page=1
I get rid of them for privacy reasons. It's not so much that I'm paranoid and more that I don't want websites/ads tailoring what I see, because I worry it gives me a biased worldview.
Might try whitelisting, but I don't really want Sony (or all the other sites that offer 2FA) to store cookies either.
Do you change your IP address every day too? Some ads and profiles are tracked through IP address.
Infinite Justice
Member
Wait...