My PSN account was compromised once, about a year ago. It was a relatively harmless intrusion, with the interloper only managing to ‘buy’ the trial for Counter Strike Global Offensive on PS3 before I changed the password, but the fact that they were able to get into it at all startled me.
You see, I’m one of ‘those guys’ who err on the side of better security. I don’t use the same email/password combinations at multiple sites for example, so I’m not at risk of someone taking the list of login info off a compromised site (like my account at Adobe, from my days at the newspaper) and 'fishing for hits' on other websites. There’s no easy ride on password complexity either, with letters (upper and lower case) as well as numbers and special characters (where allowed) coming into play.
Despite all that, the ‘Thank You For Your Purchase” email from Sony showed that it wasn’t enough and someone had gotten into my account. I changed the password via the web, but how to proceed after that was less clear. I wasn’t really that worried about the intruder having access to my account, as there was only a shade over a dollar in my PSN wallet and, since 2011’s hack, no credit card associated with the profile – it was the uncertainty about how they’d gained access in the first place and how I would prevent them from doing it again that left me concerned.
Fortunately for security-conscious PlayStation fans, according to Polygon Sony is finally taking account safeguards seriously and two-factor authentication is on the way. Gamers might be familiar with this security measure already, as companies like Blizzard, EA, and Microsoft have been locking down your accounts with it for years. For those new to the idea, it relies on two forms of identification to allow you access to the account, typically the password and a second key, either received as a text to the person's phone, via email, or generated on site via hardware or software - Blizzard's authenticator and authenticator app are prime examples of that method.
With two-factor authentication it's virtually impossible for a hacker to gain access to your account. Not only do they need your password, they also need the correct authentication code - and that typically necessitates direct access, usually to your phone. That's not to say two-factor authentication is foolproof however, as they could still compromise your email first, then use it to provide the authentication code for your half-compromised account - but it's sufficiently difficult to keep the script kiddies at bay.
PlayStation fans should be delighted at the news that this is on the way. Now about the ability to change our username...