Sony is planning to update their PlayStation 4 online services to include 2-step authentication, providing a long-requested and needed additional layer of security.
Sony has long had an issue with network security on PlayStation's online services, including massive data theft and server outages. Security improvements have largely been reserved for the server side of the equation, and understandably so considering Sony can make dramatic security improvements there without bothering users. Today, Sony revealed an upcoming change will tackle security from the client side: two-step authentication will be coming to PlayStation 4.
Patch 4.80 recently arrived on PlayStation 3, with PlayStation Network users reporting two-step authentication mentioned in the event of a log-in fail. Of course, two-step authentication is currently unavailable, but the fact that Sony has already built infrastructure supporting the upcoming inclusion was enough to call attention to it. Polygon then followed up with Sony, and Sony confirmed that two-step authentication would indeed be implemented soon.
As with other services including Steam, Battle.net and other PC-focused platforms, the two-step authentication feature will not be mandatory. The PlayStation 3 login error message notes that "if" a player has turned on two-step authentication, then it may be the issue. Sony later confirms this to Polygon, saying that they are "preparing to offer" the feature. Since not all users have phones, or simply dislike the additional tedium, having the option to ignore two-step authentication is the smart choice for Sony.
[HTML1]
For those unfamiliar, two-step authentication layers another security feature on top of the currently existing user name and password system. This extra level of security is often verification sent to the user's mobile phone, which is then input during login. Steam and other online services have also allowed for these codes to be sent via email, though that's understandably less secure. Another layer often used by MMOs is a token system - a code generator distributed in a phone app or via a material device.
Exactly what form Sony's two-step authentication will take has yet to be specified, though it's likely PSN will use the phone and/or email code system. It may seem simple, but the two-step authentication system has proven to increase account security significantly.
It's excellent to hear Sony will be implementing additional security for individual users of the PlayStation Network. If anything, one wonders why it took Sony so long given the platform's security issues in the past. Perhaps they were ensuring they could securely hold phone numbers prior to asking for them? Or perhaps this type of individual account hacking simply isn't as prevalent as it is for PC platforms? Either way, security-minded PlayStation Network users on PlayStation 4 and PlayStation 3 will appreciate Sony's efforts.
Perhaps unrelated, but Sony will be taking down the PlayStation Network tonight for a scheduled two hours for "routine maintenance." It's unlikely that the two-step authentication will be available afterwards, but this could be a sign of the extra layer of security's soon-to-be implementation.