Sony Finally Adds Two Factor Verification To PlayStation Network

In this day and age, the more layers of security you can apply to your digital life, the better. Chances are that your personal details have been leaked one way or another (and if you’re reading this, probably via the 2011 PSN hack), but it’s still good to see Sony adding two factor verification to PlayStation Network, even if it is a case of better late than never.

Two factor verification is a fairly simple system, retaining the same email address and password login that we currently have, but then triggering an extra step to ensure that it’s really you trying to log in. In this case, you’ll have to add a mobile phone number to your PSN account details so that, when you log in, the system can then send you a six letter and number code via text message to input.

– ARTICLE CONTINUES BELOW –

With a lot of legacy devices hooked into PSN, this system only works like this for PS4, Bravia TVs, web browser and the PlayStation app. For all other devices, including PS3 and PS Vita, you’ll then need to create a device specific password.

It should also be noted that auto-sign in still works, so you won’t have to go through this rigmarole every time you turn your PS4 on, if you don’t want to.

For more information and to set up 2FV, head over to the dedicated page on the Playstation site.

– PAGE CONTINUES BELOW –
Written by
I'm probably wearing toe shoes, and there's nothing you can do to stop me!

22 Comments

  1. Don’t think I’d like the telephone method to be fair. Via email or smartphone app might be handy. XBL has something similar, but it only applies to Web-based logins. it’s a bit of hassle but something that adds a nice level of extra security.

    • Not sure why you don’t like the idea of getting a text message on your smartphone, but prefer the idea of having a dedicated app. There’s better security that way, but it’s not more convenient.

      Also, since auto-sign ins still work, the hassle of 2FV is largely kept to the web browser side of things, it would seem.

      • A telephone number is just an extra detail for companies to either misuse or lose.

  2. Shame it doesn’t work on the PS3/Vita.

    And while the chances are probably quite small, there’s a potential issue if you change your phone number. You might not be able to get the code in that case, and might find you need it to log in to your account and change the phone number.

    But there are backup codes available on the website. Print them out and keep them somewhere very, very safe. Unlike the way Google do it, there doesn’t appear to be an option to generate a new set of backup codes either. So it looks like you’re stuck with a single set of 8 single-use backup codes. Keep them safe, never use them unless you absolutely can’t get a code sent to your phone, and hope you don’t have to do it more than 8 times.

    • It doesn’t work for PS3/Vita, but you have easily revoked unique passwords.

      And yeah, just make sure you keep that backup code safe or, you know, do the due dilligence when changing you mobile number.

      • The problem with these things is it’s easy to forget they exist. You’ll have logged into everything, got all the authentication codes, and then forget it’s there.

        And then you change your mobile number for whatever reason, and one slips through because you’ve got 4000 logins and half of them have some form of 2-factor system in place. Then 6 months later, you suddenly need to login and realise you didn’t change the mobile number on one of them.

        So yeah, if for some strange reason you need to change your mobile number, take care to change everything. But PRINT YOUR BACKUP CODES. And keep them VERY, VERY SAFE.

      • I’ve printed my codes and popped them in my fireproof box along with our passports, my kids birth certificates, my marriage certificate and my 100m swimming badge.

      • My brain inserted an extra comma there. I was wondering if it’s really wise to keep your kids in a fireproof box.

      • Haha!

  3. The more secure the better. But there was an article on the TV programme a week or two ago showing that the sending of codes by text message isn’t that secure. It showed how you can hijack the phone number to get the texts sent to any phone you like and there’s no security in the text message system, it’s the same as it was when first setup over forty years ago when security wasn’t an issue.

  4. Is this mandatory? I don’t want to use my phone number.

    • Not mandatory, but if you don’t use it, don’t complain if someone steals your account.

      Or be sensible with picking sensible passwords and don’t reuse them. And if you ever think “Well, that email seems legitimate, if somewhat full of bad spelling and grammar”, then you’re an idiot.

      • Just had a look at the site and i see it’s optional, ta.
        I only use strong passwords, usually a random string of numbers, symbols and letters which i memorise. I also only use vouchers so not too worried about financial theft but even so if my account became compromised i would be pissed.
        Maybe i’ll pick up a second PSN-only sim card.

  5. I never get mobile signal at my house so i hope this is optional.

  6. Read this story in a few places and a lot of the comments have been along the lines why a SMS and not an app.

    I was just wondering why is this an issue for people? Surely and app or an SMS are basically going to be the same thing? Only situation I can see this being a problem is if you change phone numbers often….

    • Read my post above, SMS is not a secure system.

      • No system is 100% secure, and never will be.

        But do the benefits of adding the extra security of 2-factor authentication outweigh the dangers of adding it via a potentially insecure system?

        Leave it turned off, and all someone needs is your email address and password. Turn it on, and they still need that same information plus they need to go to the trouble of accessing the SMS with the authentication code in some way. At which point, any hypothetical bad person will just say “Sod it, let’s move on to the next one that hasn’t turned it on”.

        It’s not 100% secure, but it’s more secure than not having it there.

        The only downside is in the incredibly unlikely even that something bad happens, Sony could well just say “Well, you had the 2-factor stuff turned on, we sent a code to your phone, so not our problem”. Of course, if you don’t have it turned on and bad things happen, they could say “It’s your own fault, you should have turned all the security on”.

        So they’ve got you either way, but turn it on and you’re less likely to have problems. Just more trouble if you do.

      • Agreed. It’s an additive situation not a replacement. Also, it makes sense that Sony might save themselves a lot more trouble with the number of people who’ll embrace SMS compared to the reduced numbers of someone downloading an App. That’s not native to someone’s mobile so won’t be as popular.

      • Although I have to agree I like the Microsoft system with an app that you verify your log in with surely once someone has your password details etc they can just download the app pretend to be you and install the app? giving them a way into your account…

        I don’t remember needing anything other than the password for my account o set up the app for M’softs 2 step verification…

      • Also its a pain in the arse having an app sitting my app drawer that is only going to get used once in a blue moon….

  7. I love two-step verification when it’s a text. Google is happy using it so I’m guessing the hijacking of a number is very rare. Also, it’s only half of the verification process which means they have to guess/hack other things as well.

    Can’t say I’m overly fond of having an app per piece of software I want to secure – unless there’s a secure app that covers them all. If there is, the makers of the Operating System should sort it out. None of this 3rd party unsupported nonsense with something so important.

    *goes to copyright 2Step as an app name*

  8. It’s worth any minimal risk associated with giving your number out, I think.

    I understand not wanting to give your number out though.

Comments are now closed for this post.