clock menu more-arrow no yes

Filed under:

PlayStation Network gets two-factor authentication at long last

New, 16 comments

Take that, phishers

Sony PlayStation buttons artwork

You can finally take a crucial step in securing your PlayStation Network account — two-factor authentication is now live on the service.

Two-factor authentication comes more than four months after Sony confirmed to Polygon that it was "preparing to offer" the feature, which is also known as two-step verification, with PSN accounts. It has been available on Xbox Live, via Microsoft accounts, for more than three years; Valve added the feature to Steam accounts last year.

Two-step verification is a process that requires users to enter two different "factors" when logging into a service. Generally, the factors are "something you know" — your existing login details — as well as a second piece of information from your phone ("something you have"), typically a six-digit code generated by an authenticator app or received in a text message.

Once you sign in with your correct username and password, you must also type in the code in order to complete the login process. Two-step verification is much more secure than a password alone, since it means that any unsavory types would also need your phone — a device that is in your possession — in order to access your account.

Sony’s implementation of two-step verification isn’t standardized across all platforms. It only works via text message; you can’t use it with apps like Authy or Google Authenticator. And Sony will text you a code only when you’re logging in on the company’s latest platforms: the web, a PlayStation 4, an Xperia device or the PlayStation App on mobile devices. (Sony Entertainment Network accounts work with six-digit alphanumeric codes that are case-sensitive, rather than the simple numeric codes that most other services use.)

The PlayStation 3, PlayStation TV, PlayStation Vita, PSP and certain Xperia devices don’t support the entry of security codes, so you won’t be able to sign in using the method of receiving a code via text message. Instead, you’ll have to use an app password, which Sony refers to as a "device setup password." (The process is similar to the way you would log in to Xbox Live on an Xbox 360 if you’ve enabled two-factor authentication on your Microsoft account.)

You’ll need to link each individual device with its own 12-digit alphanumeric device setup password. If you enable auto sign-in, you can simply use your username and password after that point; if you don’t, you’ll have to type in that 12-digit app password every time.

It’s only possible to enable or disable two-factor authentication from a web browser or a PS4 — head to the Security section of Account Settings, or visit this site. There, you’ll also be able to create and revoke device setup passwords, and check your backup codes (which can be used to sign in if you don’t have access to your phone). When you activate two-step verification, you can choose to sign out of your PSN account on all your devices, which will force a new two-factor login everywhere. For more details, check out Sony’s detailed support page.