OP
OP
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
PSA: Activate your Two Step Verification on PSN, folks (Bad Story Inside)
- Thread starter GrubChub
- Start date
OP
OP
No. I haven't shared anything for FOREVER and changed my password afterwards.
It's good that you have a unique and secure password on your email. It's your most important account. With access to that, an attacker could simply reset the password to most of your other services. Unfortunately, email can be broken into from anywhere in the world. 2FA should be something you physically carry on you. You *can* use email when places give you the option, but it's the least secure option. Email <<<<<<<<< SMS << App < Physical security key
OP
OP
Yeah, I personally like Steams app. Never had an issue since adding it to my account and get a notification almost instantly when logging in somewhere else. It's great.
Everyone should grab their Recovery Codes after enabling 2FA (anywhere). In case of no phone or other emergency. Don't see it mentioned enough.
How can you access the recovery codes? I'm pretty sure when I set it up a few years again I just ignored that part lol
You could probably disable it, then enable it again. And this time, pay attention 😆
Yeah, I activate 2FA for every account I have that supports it. I use Google Authenticator for my Microsoft account (and Google, and Ubi, and a lot of other stuff), but maybe I should do some investigating why Authy is better...
I'd be screwed in OP's situation, because I made my PSN account on a PSP like... 2006? 2007? I have no idea where that thing is.
I hope things get sorted for you, OP! Thanks for posting this thread too, since whenever someone posts a PSA thread like this it convinces some people to finally sign up themselves for 2FA (like... every time).
Yeah, it's always good to have. I don't think I've needed to use any (maybe one once, for some reason I can't remember) but it's always good to have them around. I have a folder with them all "printed" out as PDFs, and I plan on actually printing them out and stuffing them somewhere too as a backup.
I'd be screwed in OP's situation, because I made my PSN account on a PSP like... 2006? 2007? I have no idea where that thing is.
I hope things get sorted for you, OP! Thanks for posting this thread too, since whenever someone posts a PSA thread like this it convinces some people to finally sign up themselves for 2FA (like... every time).
Thanks guys, went and checked my old 2sv activation email to get the codes, I had totally missed the thing about the 10 emergency codes!
My condolences OP. Something similar happened to a friend of mine. He got slightly aggressive whilst staying polite and managed to get his account back, after a bunch of phone calls and emails where he had to send them a scan of his ID. There are too many incompetent Sony reps out there, so you have to try several times until someone feels like helping.
OP
OP
See, this is what I am talking about. I'd be more than happy to send that stuff in. But they ask for the same questions every time and when I explain that I started the account with a launch PS3 they tell me that I need that info. No real help, whatsoever. And it sucks worse because it feels like because I am "loyal" to Sony and continue buying the newest systems they put out, I am screwed over. It really sucks.
Also, when they removed Drive Club did they totally remove it, or just remove the ability to purchase it? Because I definitely didn't get a chance to redownload that before they took it off... but I never quite understood the situation.
They'll be in the security section of your account management.
Update
That's great news! I've won a few disputes using BBB complaints. It works so well.
But why?
some people would rather their real birthdate not be used when possible
Understandable to a degree, but when signing up for a service where that could be one of the questions in case of account compromise / loss, it seems a less than ideal idea.
Cause lots of us were 15 and wanted to play Modern Warfare multiplayer — and also had no comprehension about the importance of digital information in the future of online infrastructure.
A reason to use a fake birth date is that if somebody is targeting you specifically, they can probably find out what your birth date is and that's another piece of data they can use to trick somebody into handing over your account. I've done it before, but there's a specific fake date that I use so it's not just forgotten. Same with a street address.
Another thing I never do is answer a security question with a real answer. "What is your mother's maiden name?" is something I will never answer with the correct response. I use those as blanks for additional passwords.
Try breaking into my account Mehmet.
Another thing I never do is answer a security question with a real answer. "What is your mother's maiden name?" is something I will never answer with the correct response. I use those as blanks for additional passwords.
Try breaking into my account Mehmet.
I had a few things on google authenticator, changed phones and lost access to the authenticated accounts. Luckily it was just Discord and some other minor site, but I'm terrified of authenticator apps now. If my PSN was on it I'd be screwed.
Actually, come to think of it, one of them was my Nintendo Online account, and I got that one back with a QR code I think, but I'm not 100% confident in them.
I just changed phones a few days ago.
You just sign in to those accounts, disable 2FA, then set it up again on the authenticator on the new device.
It's pretty easy to spoof your cellphone number so you receive SMS intended for someone else.
If you have 2FA enabled you can't sign in on a new device without the 2FA code. That's literally the reason 2FA exists. If you can simply sign into the account with the password and disable 2FA, then 2FA is entirely pointless.
Granted, I didn't try too hard to recover my Discord account, but I'll take you advice in future if that's all it takes. Cheers.
You misunderstand.
I'm not talking about doing so on a new device, I'm talking about moving your authenticator from one phone to another. Even though you can transfer apps to a new phone or redownload the app on your new phone, none of the accounts that you were using the authenticator app for will migrate. If you still have the old phone or you typically sign in to these accounts on a laptop/PC, you would likely already be signed in, or if not, these would be recognized devices so you won't be prompted (and again, if you do still have the old phone, it's not a problem at all). From there you can manage the accounts and set up 2FA on the authenticator on the new phone.
Even if you lost the old phone or it stops working, and you're asked for verification for these accounts, you just use a backup code that was given to you when you set up the account. Then you can sign in and manage the account as above.
Wasn't clear from your post but this works. I prefer Authy and it's easier to move that to another phone without having to re-setup the 40+ accounts I have 2FA enabled on.
Take a picture of the serial and keep it in your cloud backup.
I don't see how this is possible, as far back as at least 2011 on PS3, it was made that signing into your PSN account on a new device required re-entering card information.
That's precisely why I store my 2FA codes in 1Password, so I have access to them anywhere.
I guess that makes sense. I forget everyone isn't an old man like me :P
Spoofing a cellphone number does not work with incoming text or calls. Only outgoing. You either have to intercept the text by hacking the cell tower the phone is connected to or social engineer customer service to allow you to activate a new sim card. Both are too much work for any random person.
Depending on if you still have the phone you can actually recover those accounts as google auth is honestly so fucking insecure that it leaves your token secret keys unencrypted.
No, there's a hack you can do with how calls are routed internationally. Basically, you can advertise that the SIM is roaming and networks will just believe it and give you the SMS message. It used to be quite hard but as the hardware has become more widely available it's more feasible for attackers to exploit.
The fact that someone else snaked your 2FA should be reason enough to indicate why it's time to get around to doing it for anyone. This includes myself, someone who refuses to put any payment info into PSN.
