It looks like Sony is finally gearing up to add two-factor authentication to the PlayStation Network — some five years after a massive data breach compromised the details of millions of users, including potentially exposing users’ credit card data.
The company yesterday confirmed to gaming news website Polygon it is “preparing to offer a 2-step verification feature”, in order to bolster security for PlayStation Network users, although it did not put a timeframe on the rollout.
We’ve reached out to Sony with additional questions and will update this story with any response. Update: The company declined to answer specific questions, but provided the following statement: “In order to further safeguard our users and their accounts, we are preparing to offer a 2-step verification feature. More details will be shared at a later date.”
Two-factor (or two-step) authentication (2FA) works by looping in another security layer — by requiring not just a username and password to be entered to access a service but, for example, a one-time code that is generated on a user’s mobile device.
On the gaming front, Microsoft added 2FA as an option for Xbox users a full three years ago so Sony is most definitely the security laggard here.
Indeed, 2FA has become an increasing staple of digital security in recent years, with multiple mainstream online services now offer the feature — including the likes of Twitter, Gmail, Snapchat and Slack. (Twofactorauth.org keeps a handy running list of sites’ and services’ 2FA status.)
The 2011 hack of Sony’s PlayStation network is not the only time the company has suffered a serious hacking breach in recent years. Back in late 2014 hackers leaked a huge cache of email data stolen from the company’s movie division, Sony Pictures Entertainment, leading to huge embarrassment as sensitive personal and commercial data was dumped online.