GamesBeat

PS4, League of Legends, and Nintendo: These (and others) lack two-factor authentication

Above: Xbox One's two-factor authentication.

Image Credit: Ryan Boren

With game developers getting hacked, everyone should worry about the security of their online accounts — but not every company makes it easy to lock down your personal information and games.

Despite the security risks, the developers of games like Eve Online, League of Legends, and World of Tanks have all yet to implement two-factor authentication into their games, according to the security website Twofactorauth.org. Two-factor authentication is a practice where a person needs a password as well as a separate code (often sent on demand to a mobile device) to log into their account. This method is one of the best ways to prevent unauthorized access — even when someone nefarious has your password. In addition to those games, Sony’s, Nintendo’s, and GOG’s online networks all lack this extra layer of defense against hacking.

Late last night, game developers Zoe Quinn and Phil Fish found several of their accounts hacked. People were able to get into Quinn’s Dropbox and Fish’s Twitter account as well as his company’s PayPal account. They could have potentially prevented the hackers from accessing their accounts if they enabled two-factor authentication on their accounts. While you’ll obviously want to lock down any accounts related to your money or social networks, your game-related accounts could have access to sensitive information as well.

With that in mind, here’s a list of some of the companies that currently offer two-factor authentication for their games and gaming networks:

Two-factor authentication in gaming.

Above: Two-factor authentication in gaming.

Image Credit: Twofactorauth.org

You won’t see Nintendo, Sony, or Microsoft on the list above. As we mentioned, only Microsoft offers the capability to lock your account on its hardware. The company introduced this in April 2013. What’s odd is that Sony, which experienced a massive security breach in April 2011, doesn’t have two-factor on its PlayStation Network. While Nintendo also doesn’t have two-factor on its network, the company ties most account information to its consumers’ hardware.

We’ve reached out to Sony and Nintendo about adding two-factor, and we’ll update this post with any new information.

For sites that don’t have two-factor, your best bet is a big, long password. Length is actually much better than complexity, and you can even use common, unrelate words that are easy to remember like “correct horse battery staple,” as explained in the brilliant XKCD webcomic. Just don’t use the same password for more than one account. Handy apps like LastPass can help you manage dozens of accounts.

More information:

Sony is a Japanese multinational conglomerate corporation headquartered in Kōnan, Minato, Tokyo, Japan. Sony Corporation is the electronics business unit and the parent company of the Sony Group, which is engaged in business through... read more »

Microsoft Corporation is a public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through ... read more »

Sony Computer Entertainment, Inc. is a major video game company specializing in a variety of areas in the video game industry, and is a wholly owned subsidiary and part of the Consumer Products & Services Group of Sony. The company was... read more »

Powered by VBProfiles


Mobile developer or publisher? VentureBeat is studying mobile app analytics. Fill out our 5-minute survey, and we'll share the data with you.
1 comments
Thomas Adams
Thomas Adams

I find it weird that WildStar gets a green check mark when their publisher NCSoft to this date does not want to implement 2FA. At least not for accessing the so called "master account" which you need to purchase game time, redeem codes etc. They still "whitelist location" and call it a day. Problem is what they refer to as my location is just my current IP address which they store somewhere. Now, in many parts of the world ISPs forcefully disconnect consumers every 24 hours and provide them with a new IP address after the reconnect. The purpose is to make it impossible for ISP consumers to run server services at home.

In this scenario which applies to me as well NCSoft's approach to security is almost ridiculous.

GamesBeat is your source for gaming news and reviews. But it's also home to the best articles from gamers, developers, and other folks outside of the traditional press. Register or log in to join our community of writers. You can even make a few bucks publishing stories here! Learn more.

You are now an esteemed member of the GamesBeat community. That means you can comment on stories or post your own to GB Unfiltered (look for the "New Post" link by mousing over your name in the red bar up top). But first, why don't you fill out your via your ?

About GamesBeat