Seriously. This needs to be forced on everyone. If you're on GAF you should know better.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
My PSN with a lot of money just got hacked and..
- Thread starter ephemeral
- Start date
So for most of them, it's just to cause unnecessary stress?! Like they actually get no monetary benefit out of it??? Seems really weird and unfortunate. Does 2FA use SMS or email?
60EffPeeEss
Member
It uses your phone. Sometimes compromisers even activate 2SV, which isn't very fun because we need to escalate the case for permission to remove it. We don't treat removal of it lightly due to it being a high security measure.
SlickShoes
Member
Plenty folk don't even know it's a thing, if you created your account before it was put in place then you would never know it exists especially if you have not had any issues.
OmegaDL50
Member
Even if you just buy PSN cards this still won't prevent the possibility of someone taking over your account if they somehow manage to login using your username / password if the chance comes up and they obtain that information.
2FA basically sends a randomly generated code that is prompt to your cell phone via the Playstation App (Not unsimilar to Steam Guard Authenticator), It's an extra layer of protection to verify the person logging into your Sony account is you and no one else.
Since the only means to get around the 2FA is if someone had access to your Cellphone and could use the text message recieved to then login your PS4 or whatnot.
However 2FA has some caveats with older Sony devices. It does not play nicely with PSP's and PS3 and Vita's require a special password from a specific Sony redirect website. One password for each device, so it comes to the issue of needing to manage several passwords if you have more than one Sony device, but using a Password manager allows you make this less cumbersome.
Still if your account and personal information is of value to you, then 2FA is most definitely worthwhile to use.
IdreamofHIME
Member
1st and 3rd people in this thread are 100% victim blaming.
Glad OP got their issue solved and has some pointed use this as a reminder to try to use 2FA on every account that allows it.
Use things like Authy for easier management + cross platform sync or Authenticator Plus for more control in terms of syncing to a cloud provider of your choice
ITT -
Individual account being comprised /=/ shitty overall security unless their is some kind of flaw in the system or mass compraise a.k.a PSN outage 2011.
Also people should been less harsh on people here. Just it's the account holder fault but there are cases as pointed out by SlickShoes were people don't know it exists.
Edit -
As corrected by Accoun email based can be forced.
Use things like Authy for easier management + cross platform sync or Authenticator Plus for more control in terms of syncing to a cloud provider of your choice
ITT -
Individual account being comprised /=/ shitty overall security unless their is some kind of flaw in the system or mass compraise a.k.a PSN outage 2011.
Also people should been less harsh on people here. Just it's the account holder fault but there are cases as pointed out by SlickShoes were people don't know it exists.
You sound like an expert.
2FA doesn't work like that at all.
You can't "Force" 2FA it's not setup like that. Only thing you can do is advice/promo it.
Edit -
As corrected by Accoun email based can be forced.
Both should be used if allowed. It's really only "insecure" if there is a bug in the system SMS is fine for majority of people because SMS 2FA is only "insecure" if you targeted and they contact your service provider and get details to transfer your sim and if that's the case you have more things to worry about.
What do you mean with garbage?
Good to hear that things worked out without any problems
Thanks everyone for your replies. It sure was more devastating than I ever thought it would be. I changed my password to an annoyingly long one along with the 2FA just in case. I always remove my credit card after buying a game but I've received a couple of voucher cards lately and I was afraid the "hacker" would've spent all of it on some fifa cards or something. He had a full hour before it got sorted but didn't use a penny, really strange. I'm glad he was a kind "hacker".
Lys Skygge
Member
Sucks OP. I enabled 2-step just a couple months ago because I feel like we have one of these threads once a week.
panama chief
Member
Aaaaaand thank you. Looked and it was not active on my account.
Sorry op. Account hacks are a struggle. Hope your account gets back into your hands with funds.
That is hacking...
And you're victim-blaming.
People like you should be ejected from society.
Shpeshal Nick
aka Collingwood
It's very unfortunate what happened but anyone savvy enough to be on GAF has no excuse for not having 2 factor enabled by now.
Phone-based 2FA, no. But I don't see why you couldn't do it with email-based 2FA.
I mean, IIRC this is what GOG did - sent everyone a mail saying that in X amount of time they're going to make 2FA opt-out instead of opt-in and instructions on how to eventually disable it.
The OP was most likely using the same password that appears on an easily purchased list of compromised accounts across multiple accounts, accessed the email account and taken it from there.
Poor IT security is wholly down on the user. While the person who committed the offence is the bad guy, the opportunity to commit the offence was enabled by the user.
Like saying on social media you're going out, leaving your house unlocked and the alarm code on a post-it next to the alarm.
spazchicken
Member
Thanks for explaining all of that. Yeah, I think I'm going to activate it.
That way, I'd probably feel better about putting my CC info on there.
SkylineRKR
Member
CC or PP without 2FA is suicide. I use neither payment method though.
I didn't know 2FA was a thing until my account was compromised and I looked up for solutions. I don't think the feature is being advertised all that clearly.
I didn't know 2FA was a thing until my account was compromised and I looked up for solutions. I don't think the feature is being advertised all that clearly.
I didn't use the PSN password on any other site, although quite similar. For example: Redhouse45 and on other sites Redhouse44?
It's annoying having to use different passwords for each site but I guess I'll have to make a change from now on. Luckily only PSN and paypal hold anything of value, I couldn't care less if they hacked my other stuff.
Either that or something like Neverwinter currency/items, anything that can be traded in-game. They tend to try to buy things they can move to another account, and then sell the items or the account itself for real money.
Yh true forgot email based ones.
Depending on how willing/computer minded you are you can get a password manager to assist with creation of storing passwords.
pogothemonkey
Neo Member
Dumb question here but is two step authentication only applicable if you have a mobile phone? Are there no alternate security measures that can be enabled?
ScaryShark
Banned
If you don't have two factor on your account and your account gets compromised, you are to blame.
I don't know how anyone could read GAF even semi-regularly and not have it on their account. Just pure negligence and laziness.
VibratingDonkey
Member
Unique randomized passwords is what password managers are for.
I use KeePass, which is open source and local, not cloudbased, meaning it's arguably more secure, but less convenient, accessible.
And also you really, really should keep multiple regular backups on multiple storage devices.
I used to keep just one backup that I kept overwriting. One time when I made that backup, the database had been corrupted. Meaning I overwrote the previous backup, a working database, with a corrupt one...
Luckily the built-in recovery feature managed to unfuck that situation.
KeePass, 1Password and LastPass were the ones I chose from some years ago. There may be other valid options nowadays.
Quick "best password manager" google seems to form the consensus that LastPass remains a top choice.
If your account gets compromised you are not to blame. The person to blame is the person who did the hacking mate.
I get what you're trying to say, but let's just remember who is actually doing the hacking here ...
onemanasylum
Banned
Not defending but....Sony is not responsible for your account getting compromised. The culprit is out there.
Tyraniboah
Member
Perhaps he was trying to sell the account or something. It's a good thing you don't have to worry about finding out lol. I try to do Steam/eShop/PSN/XBL cards for any purchases I make now and I'd recommend that for every digital purchase if possible. Save yourself the trouble. I use PayPal if I have to. Can't put credit card info out there anymore. One of my old and inactive cards was used on Walmart's website just today so now I'm even more paranoid.
60EffPeeEss
Member
Yeah, you're right, we see shitloads of Neverwinter purchases too. Too bad for them though. We see the serial number on their purchases and their PS4's get banned.
Accessing an account or system you aren't authorised to is hacking. It's pretty much the definition to it. It doesn't matter the methods used, whether it's through brute force cracking, using tools and exploits, social engineering or simply guessing passwords.
And the legislation for computer misuse / hacking in EU, US and elsewhere will treat this as a crime. Because it is one.
I completely agree that everyone should use 2 factor and ensure they use unique passwords for each account, but you can't victim blame away the fact that if someone does compromise an account of yours, you're a victim of crime.
Kaleinc
Banned
2 step is pain in the ass and should never be mandatory.
Head.spawn
Junior Member
Search 'LastPass', 'Keep Pass', 'KeePassX', 'Dashlane', '1Password' etc etc... Do some research on whay works best for you.
These program/apps can help you generate a secure password, lower your risk of getting your stuff snatched since you won't be typing it in and are godsend for managing unique username/passwords for tons of sites.
I personally use LastPass. Has great extension integration with Chrome/MS Edge as well as solid support on Android where you can enable a stupid amount of log-in security features (finger print, passcode generation, password, email authentication and SMS authentication.... hell, you can enable ALL of them).
Either that or bust out a pen and paper.
miller.skippins
Banned
Unless it's a bank or government services, no consumer services are crazy enough to make 2FA mandatory...even Giants like Amazon, Google, apple makes 2FA optional.
Melchiah
Member
Remember to activate the password request on purchase. I've had my card on PSN for nine years, and I haven't had any issues with it.
retardedrockstar
Member
enabled that now!
and make sure to get the backup codes. I have seen too many people ignore them and then regret it later.
Dash Kappei
Not actually that important
Me and my brother both have secondary accounts that we share with each other and live thousand miles away wouldn't it be inconvenient to enable 2FA in this particular case?
I'm decently computer minded, the only reason I used the same password everywhere is since it was easy to do, and literally no risk of forgetting a password. Since Chrome remembers passwords everywhere I'll go ahead and actually change the passwords on important accounts.
I'm currently activiting 2FA on dropbox and everything else that I can think of. I prefer that over using a separate program to store my programs but I'm aware your solution is a lot safer.
Backup codes? Didn't notice any but I'll google it, thanks.
Never been a fan of PayPal, read some horror stories online so I try to use it as rare as possible. Like I mentioned earlier I had received a bunch of voucher codes but I'm waiting til Christmas to use them, otherwise I would never leave money on an account.
How do you set this up?
Shin
Banned
Bulk email everyone that signed up for PSN to activate it, problem solved.
https://www.playstation.com/en-us/account-security/2-step-verification/
Ha I see. Yh that would still be better than using the same password atm because in this day and age of things getting compromised right,left and center my trust in companies keeping my data safe is low.
In terms of backup codes. You will find that in your account settings somewhere can't recall where atm. These are used when your account is locked account for whatever reason.(Not having your device for example)
You should always grab these when setting up 2FA most services give this to you when you set it up.
retardedrockstar
Member
Papo Swing
Member
Can't some post be stickied that says something like: "if you are one GAF and are dumb enough not to use 2sa, welcome"
Mr. PlayStation
Member
Not the right place to ask but still does anyone have a working link for the active chat support at US PSN? I am unable to watch PS videos(movies I own) on my mobile device, says you need to deactivate at least one other device. I have tried searching everywhere and there ain't an option to deactivate a mobile device!
DarknessTear
Banned
Is there a way to have 2fa without the ability to receive texts on your phone? Like a key app similar to what they have for MMOs or something? I can't afford to pay my bill anymore and 2FA is still active.
Head.spawn
Junior Member
Sony really needs to get with the times and switch to an Authenticator Code Generator app.
SMS for 2FA needs to go away.
To answer your question though, no. This is all they offer, which is pretty sad. You could maybe try getting someone to set-up Google Voice for you and then changing settings afterwards?
This work?