Deactivate, then upon reactivation you will see the new option.
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
My psn account was stolen with 2 factor turned on; how?
- Thread starter carlos
- Start date
This is why i use the Microsoft authenticator. It backs up to iCloud for an easy restore. Like it miles above the google authenticator app.
Be careful with google authenticator. If your phone craps out randomly you will have to rely on those one time use codes to get back in.
Authenticator is better, but saying SMS is easily intercepted is a little much.
It is being sent to a different device and interception generally involves someone convincing your carrier to transfer the number. Quite outside the range of a random PSN account theft I would imagine
Yep, it is so so true. Especially in today's world. My daughter dislocated her elbow, they would only allow 1 parent in the Emergency room with her cause of COVID. This was told to me by a police officer in the Emergency room. I said "I understand, no problem, I will just go out and wait in my car." The cop thanked me for being so understanding and kind. When I went outside to go to my car, he followed me outside and thanked me again and apologized for the rules and just said it was refreshing to have someone not trying to challenge him and make a scene because of the restrictions. It was kinda weird, but i was just kind and respectful and understanding and he went out of his way to thank me for it.
I know that isn't the best example, I didn't get in the room with my daughter, but I didn't try to!
At the very least, this reminded me to switch my Sony 2FA from SMS to authenticator-based. *hugs 1Password*
I dunno if carriers have started to mitigate this, but for a long time hackers could just broadcast that their SIM was actually some other number roaming to a new country and phone networks would just honour it.
Would I not just restore my phone on a new device from the iOS level backup? As if I had bought a new device?
I can't believe you finessed your way into being escorted out of a hospital. Your charm is unmatched!
It won't have any of the account-level data that is important to you. You'd have to manually recover every account to start over. This method will only restore the app, but it doesn't have any backup mechanism.
Most people who fall into this trap are very sad, then switch to something like Authy.
Can't be stressed enough.
Generate your Recovery Codes and store them in a safe location. The bare minimum you should do when activating 2FA anywhere.
Generate your Recovery Codes and store them in a safe location. The bare minimum you should do when activating 2FA anywhere.
Google Authenticator let you transfer multiple times licenses you've entered in the app on another device (or with a plug-in for Chrome on a computer) but doesn't save anything on the cloud or locally.
Last edited:
Hm, I thought last time I upgraded my phone it was all pretty seamless cannot remember having to faff around with the Authenticator. Time to switch to Authy then I guess...
This is kind of a funny thing to bring up as a negative, given the thread we're posting in.
I quote you to remind people that you can acess recovery code on your PlayStation directly, in User/Account Peferences>Security>2FA.
Just reminding people to keep hold of their backup codes. I've heard horror stories of people losing those.
OP
OP
I dont know if this was directed at me, but I have the codes right here on the phone, on a textpad that is not backed up anywhere online.
Still pissed sony gave away the account. They cant keep falling for the old lost my phone sob story.
So if OPs account was social engineered to get 2FA removed from their account, how would using SMS 2FA be any different than an authenticator app 2FA if the thief can just call up chat and provide enough information to the support person and have them remove it? Yes I understand Authy 2FA is stronger than SMS, but how would Authy help in this scenario?
We don't actually know how the account was accessed.
??? Sony allows third party authenticator apps now.
In any way try to keep a second app somewhere else if you can.
Authenticator
Authenticator generates two-factor authentication codes in your browser.
chrome.google.com
Recovery is *the* weakness of 2FA. The answer to OP's "how" is "because someone abused a recovery mechanism to disable or retrieve your 2FA details"; GA's inability to recover easily is a security boon.
That's fair!
"somewhere else"?In any way try to keep a second app somewhere else if you can.
Authenticator
Authenticator generates two-factor authentication codes in your browser.
I checked Authy and see a lot of comments/reviews upset about there being a master password you can't change or reset, and if you forget it you're boned.
Is that true? I just went through hell getting my Pixel replaced and it was a pain getting Google Authenticator back into all my accounts, but I'm concerned about getting locked out of Authy, or worse, someone getting my password and then having keys to the kingdom.
Is that true? I just went through hell getting my Pixel replaced and it was a pain getting Google Authenticator back into all my accounts, but I'm concerned about getting locked out of Authy, or worse, someone getting my password and then having keys to the kingdom.
Even if they accessed your Authy account, they would also have to have your username/passwords for all the sites.
OP
OP
No sir, I did back in the ps3 days, but those were accounts specially created for that
I would recommend Authy over Google Auth. Google Auth has no backup option. You lose your phone, you're fucked.
Yep, that's why it's called "multi-factor" authentication. Just one piece is useless.
I just found out that my password manager has a 2FA option, so that's that decided.
My friend has really good PSN name because he got in early. He gets offers to sell it constantly, in addition to hack attempts.
Some asshole finally got it after getting the right poorly trained customer service rep who they phished enough info out of to reset passwords and 2FA. It was a huge mess, and it took a full week of condtant back and forth, because after an initial reset, they got control of it AGAIN, and literal VP of CS to authorize a unique lockdown on the account backend that only the highest people are allowed to fuck with.
Some asshole finally got it after getting the right poorly trained customer service rep who they phished enough info out of to reset passwords and 2FA. It was a huge mess, and it took a full week of condtant back and forth, because after an initial reset, they got control of it AGAIN, and literal VP of CS to authorize a unique lockdown on the account backend that only the highest people are allowed to fuck with.
Isn't PSN 2FA mobile phone only? OP wouldn't even be able to use an app like Authy (which I do know is safer and much preferred over phone based 2FA).
This. It's rather important for using authenticators and 2FA to prove you are who you say you are.
I don't wanna say Sony support is bad but it does kind of scare me how easily they give access to accounts.
I once had a backup account somehow stolen even though it had 2FA. It didn't really have much so losing it wasn't a big deal but I had no idea how it was possible to get into it. So I called them and giving them very very very little info I managed to get the account back.
I appreciated how easy it was to get that account back but... It scared me how easily I could've stolen anyone's account if I just got lucky and had their email or PSN name even, depending on the person I was talking to.
I once had a backup account somehow stolen even though it had 2FA. It didn't really have much so losing it wasn't a big deal but I had no idea how it was possible to get into it. So I called them and giving them very very very little info I managed to get the account back.
I appreciated how easy it was to get that account back but... It scared me how easily I could've stolen anyone's account if I just got lucky and had their email or PSN name even, depending on the person I was talking to.
No. It allows third party apps....this thread is full of people saying how to make it work.
On another device. It's like having a secure code for authenticator :-)