Locking down your account is as simple as setting up a security password when creating your account. But is the added security really worth it? Here’s what you need to know.
In recent days, it’s not odd to hear that someone’s account has been hacked or stolen by some unknown person’s seeking to use it for nefarious or malicious intentions. After the PlayStation hack in 2011, there’s been a needed addition to account security. Blizzard Entertainment did this years ago when they added 2FA devices via mobile and key-chain based keyfobs that allow you to grab a one-time code whenever you need.
Other systems include text messages, verification emails and even the ability to set up a one-time use code or facial recognition for your device. But there are still quite a few people out there who haven’t figured or even know how to use this system. Well, fortunately for you, a lot of companies are utilizing both two-step authentication and two-step verification formats.
Recently, I’ve personally taken to using 2FA on my Steam account, Microsoft account, PlayStation account and various other services that offer this little extra tidbit of security to ensure my private information isn’t stolen or my account isn’t used by anyone but myself.
Before we get ahead of ourselves, you may be wondering: Why should I use this feature?
It prevents anyone, but yourself, from accessing your account
Say your friend Little Timmy wants to use your PlayStation account and of course, being the good friend you are, decide to wander across the wastelands of West Virginia to let him use your account. You log him in, get him set up, and then you get home, log in for the evening when he’s done and you notice you can’t log in at all. He knows your email address, he knows your password and now, he’s locked you out – completely.
Somehow, he’s even wracked up a nifty little bill on some of today’s latest hits such as Call of Duty: Black Ops IV and Soul Calibur VI. Well, it wouldn’t normally be a big deal – if you had made the purchase – but now Little Timmy has complete control of your account. He’s changed your password, your name, your address, your billing information, the whole nine yards. He now has your account as his own.
While Little Timmy is the tamest of the situations all of this could have been prevented by adding that extra layer of security thanks to two-way authentication, which would have made it a lot harder for your pal to take over your account. After all, he would need your phone in order to verify the code that has been sent your way. This code is a one-time use code and has a limited lifespan before it is deactivated and a new one has to be requested.
Steam even added this feature in through their Steam Guard portion of the Steam mobile app and it’s required at almost any time if a Steam user wishes to login to a device their Steam account isn’t familiar with. The same can be said to my Blizzard account. If I want to log in, I need my keychain in order to obtain a one-time use code so that I can log in when I want.
Can it be hacked though?
Much as you may have already guessed, the internet itself is a dangerous place. There are shady people out there who want to steal your information and use it for whatever reason they wish. Even with enabling a 2FA system, you can still keep your accounts safe. Unfortunately, hackers are finding ways around this and some of them want you to know that they have access to your data, but it does take time for them to do it.
But there are ways to do it and there are people that will get in if they really want in through 2FA. Just remember, this is better than nothing and it does require them to go the extra mile if they really want your information. While it sounds like it’s a common attack, it isn’t and it does take time for such things to happen.
As a “best-kept-secure” practice, we still recommend – just as security experts do – that you make a solid password using numbers, letters, special characters, and making it as complex as humanly possible ontop of activating features such as 2FA.
Okay, okay. I get it. I need to enable a two-step system on my account. What next?
Now that you’ve got a simple idea of what 2FA actually is, the most important part is actually getting it enabled. Now, you do need to know two things before you do this. Some applications support this automatically such as Steam Guard on the Steam Mobile App for both Android and iOS. Some actually require your phone number so they can text you a one-time use code in order to confirm your account and they’ll send these out via text messages when you need them.
Now, we are going to break it down for each system (primarily Steam, PS4 and Xbox One at this time).
Setting up 2SV (Two-Step Verification) on PlayStation Network
First up, let’s talk security on PlayStation Network. First, you’ll need your account sign-in ID (your email address) and you’ll need your password along with your phone (make sure it has connectivity and internet access before you start.
Have your account sign-in ID (email address) and password ready since you will be required to log in to your account. You’ll need your mobile phone on which you can receive text messages and access the internet (to verify your codes). Next, head to Settings, scroll down to Account Management, click on Account Information, head to the Security setting and then click 2-Step Verification. Here, you will need to click Set Up Now in order to begin the process.
Once here, make sure you enter your cell phone number correctly then select Add. Once you do you will be sent a verification code via text. From there you will need to enter the code into the PlayStation 4’s verification section to authorize your mobile device for 2SV/2FA on your account.
From here on out, you will receive a code whenever you attempt to log on a device. This prevents unwanted purchases, unwanted users from accessing your account and it ensures that you have an extra added level of security to your account overall.
How to Enable Two-Step Verification for your Microsoft Account
Now, Microsoft’s isn’t near as easy as PlayStation’s by any means. Microsoft’s system is complex, it’s deep and it’s embedded in layers of security protocols due to all the apps they use, all the programs that they have running across all their services. Because of this, you may run into some issues and may need to take some extra steps to ensure you can still use your Xbox 360 or Windows Phone 8.
With that in mind, here’s what you need to do and we’ll discuss App Password’s here shortly as well.
As you already know, 2FA is an optionally available added layer of security for any service you use. You can turn it on or off at any time. In order to activate it for your Microsoft account, you’ll need to log into your Microsoft account on a Windows device or through the official Microsoft website (you can access this via Xbox.com as well).
Here, you will sign in to your account, validate your identity via a code they send you and then proceed with the activation of two-step verification. You’ll need to enter your phone number, just like before and prove you are who you are. From there, it’s enabled. But now, you’re going to find you have a minor problem. Your Xbox 360 won’t log you in and now you’ve been locked out of your account.
Now, you need to set up your app passwords, which is what the next bit of set up will do once you’re guided through it. You’ll need to set up App Passwords, which are long, randomly generated passwords that you’ll only use once in order to replace your previous password (the one you use to log with your Microsoft account).
Note that 2FA only requires a code when you log in on a device that your account doesn’t recognize such as a new Xbox, computer, phone, etc. You can go to Microsoft’s security site (link provided) to set up or disable 2FA if you have or haven’t enabled it already.
And now for Steam Guard for your Steam Account
Now Valve and their Steam team are ahead of the curve. Steam Guard is activated by default in order to provide some of the best security on the market. By default, Steam already sends an email to your Steam account’s associated email address once you’ve restarted Steam at least twice since you joined.
Now the best part about all of this? All you have to do in order to enable Steam Guard n your smartphone is simply down the mobile app on the App Store or Google Play in order to get started. There’s nothing else you need to do from there. Literally. You already have it and Steam is glad to provide it to you by default.
We highly suggest you leave this feature enabled at all times as it does prevent account theft and or unwanted access from people you may or may not know.
Since it’s still extremely popular – 2FA on Fortnite
Now we all know that kids are extremely susceptible to scams and or handing out their information. It’s not that kids don’t care or know what safety is. Sometimes, even us adults get a little carried away with our games. Because of this, it’s highly suggested even with Fortnite that you add 2FA to your Epic Games/Fortnite account.
In order to do this here’s all you need to do.
- Go to epicgames.com and log into your account.
- Open account settings by hovering over your username in the top right corner.
- Select password and security.
- At the bottom, click on the button labeled enable two-factor sign in.
Now you will need to accept the code you are emailed every time you wish to log in on PC. While this sounds like a hassle, this is a great way to lock down your account and help keep unwanted users out. Along with that added layer of security, you also get a nifty little Boogie Down dance emote to show off your love for your Fortnite account. How cool is that? Well… We think it’s cool anyway.
About the Writer(s):
Dustin is our native console gamer, PlayStation and Nintendo reviewer who has an appetite for anything that crosses the borders from across the big pond. His interest in JRPG’s, Anime, Handheld Gaming, and Pizza is insatiable. His elitist attitude gives him direction, want, and a need for the hardest difficulties in games, which is fun to watch, and hilarity at its finest. You can find him over on Twitter or Facebook.