GamesBeat

PS4, League of Legends, and Nintendo: These (and others) lack two-factor authentication

Xbox One's two-factor authentication.

Above: Xbox One's two-factor authentication.

Image Credit: Ryan Boren

With game developers getting hacked, everyone should worry about the security of their online accounts — but not every company makes it easy to lock down your personal information and games.

Despite the security risks, the developers of games like Eve Online, League of Legends, and World of Tanks have all yet to implement two-factor authentication into their games, according to the security website Twofactorauth.org. Two-factor authentication is a practice where a person needs a password as well as a separate code (often sent on demand to a mobile device) to log into their account. This method is one of the best ways to prevent unauthorized access — even when someone nefarious has your password. In addition to those games, Sony’s, Nintendo’s, and GOG’s online networks all lack this extra layer of defense against hacking.

Late last night, game developers Zoe Quinn and Phil Fish found several of their accounts hacked. People were able to get into Quinn’s Dropbox and Fish’s Twitter account as well as his company’s PayPal account. They could have potentially prevented the hackers from accessing their accounts if they enabled two-factor authentication on their accounts. While you’ll obviously want to lock down any accounts related to your money or social networks, your game-related accounts could have access to sensitive information as well.

With that in mind, here’s a list of some of the companies that currently offer two-factor authentication for their games and gaming networks:

Two-factor authentication in gaming.

Above: Two-factor authentication in gaming.

Image Credit: Twofactorauth.org

You won’t see Nintendo, Sony, or Microsoft on the list above. As we mentioned, only Microsoft offers the capability to lock your account on its hardware. The company introduced this in April 2013. What’s odd is that Sony, which experienced a massive security breach in April 2011, doesn’t have two-factor on its PlayStation Network. While Nintendo also doesn’t have two-factor on its network, the company ties most account information to its consumers’ hardware.

We’ve reached out to Sony and Nintendo about adding two-factor, and we’ll update this post with any new information.

For sites that don’t have two-factor, your best bet is a big, long password. Length is actually much better than complexity, and you can even use common, unrelate words that are easy to remember like “correct horse battery staple,” as explained in the brilliant XKCD webcomic. Just don’t use the same password for more than one account. Handy apps like LastPass can help you manage dozens of accounts.


Mobile developer or publisher? VentureBeat is studying mobile marketing automation. Fill out our 5-minute survey, and we'll share the data with you.