Sony Finally Implements 2FA for PlayStation Network

Written by

Sony, five years after a massive hack exposed user data for 77 million people, has finally implemented two-factor authentication for the PlayStation Network.

There hasn’t yet been an official statement on the development, but a Twitter user saw a reference to 2FA in the latest 4.80 firmware update for the PlayStation 3. A Sony representative then went on to confirm that implementation plans are indeed underway, and that "more details will be shared at a later date."

The 2011 PlayStation hack exposed the personal information of the entire PSN user base, including users' account names, dates of birth, email addresses and credit card details. The incident, which Anonymous took credit for, forced the company to shut down its entire system for almost a month.

After that, November 2014 brought the news that Sony Pictures Entertainment’s corporate network had been taken out, and vast quantities of Sony Pictures’ data had been stolen, including confidential personal and salary details. In addition, hackers leaked online upcoming Sony Pictures films including Fury. It was reported that Sony had stored passwords in a folder called, unambiguously, ‘Passwords.’

2FA has gained a higher profile, thanks to the slew of recent breaches that demonstrate how easy it is for attackers to compromise credentials of all stripes. And, there is little doubt that cyber-criminals are becoming more adept at compromising personal data. From Ashley Madison to TalkTalk to the Office of Personnel Management, millions of users were victims of online crime. These attacks have also precipitated aggressive measures. For example, in November Amazon had to force-reset accounts due to fears of a password leak.

“From email to social media to your online bank account, just about every online identity requires a password. In this high-tech age, passwords are a way of life. Many, however, are making some low-tech choices—as evidenced by the 35% of individuals who write down passwords,” said Craig Lund, SecureAuth CEO. “Cyberattacks cost millions of dollars a year, hurt individuals and lead to long, drawn-out lawsuits. Just ask the FBI, Target or IRS. It’s in everyone’s best interest to make it difficult for attackers to cause damage—now we just need to reframe what defines safe when connected online.”

It's about time that Sony added 2FA to the mix. Microsoft, in contrast, has been providing two-step verification to its Xbox Live users since 2013. The feature is also used on Battle.net and Steam.

Photo © oneinchpunch/Shutterstock.com

What’s hot on Infosecurity Magazine?