When it comes to gaming, it’s not always fun and games. If the recent Twitch breach which exposed 125GB of the company’s data taught us anything, it’s that the gaming industry is a vulnerable target in cyber attacks. Product Managers need to find 2FA security that will keep users and their sensitive information safe.
Interestingly, the largest security risk to gaming sites may actually come from the gamers themselves. People reuse their passwords across multiple sites at alarming rates.
According to Statista, when participants were asked if they reused their passwords, only 20% of respondents said they create unique passwords for every online login.https://www.statista.com/statistics/763091/us-use-of-same-online-passwords/#statisticContainer
That means there are a LOT of reused passwords floating around. As a result, stolen credentials from video game sites are used not only to penetrate one gaming account, but to gain entry into other accounts that reuse that same username/password. This is known as credential stuffing, and it’s gaining popularity every day, causing gaming companies to scramble to find the right two-factor authentication for their gaming platforms.
So how does two-factor authentication actually help? And what 2FA solutions are popular gaming brands like Fortnite, Epic Games, Discord and Call of Duty using to protect their users?
What is two-factor authentication (2FA) in gaming?
Two-factor authentication adds a second layer of security on top of usernames and passwords to protect accounts. Without 2FA, players could wake up one day and discover they can’t log into their account, and everything they’ve earned, unlocked and paid for is gone!
For gamer accounts, this can be especially important since these usually have a credit card or other payment methods associated with them — meaning someone who gets into their player account might be able to access their money. Turning on 2FA in as many places as possible can help prevent that.
Recognizing what’s at stake and just how vulnerable gamer accounts are, some game developers even started offering rewards for enabling 2FA on their gamer accounts.
Why do I need two-factor authentication (2FA)?
Two-factor authentication makes it more difficult for hackers to gain access to any of your accounts. Even if they guess the password, they would also need access to your cell phone, email, or another device to actually log in.
Let’s go back to the beginning. Passwords are the main way we keep our digital accounts secure, and have been for quite some time. However, they’ve become increasingly less secure over the years. The downfall of passwords is many people use the same combination of passwords or series of phrases that are simple to guess. This makes it very easy for cybercriminals to hack them.
If one of your accounts is compromised, they will likely be able to get into your other accounts fairly quickly. Even more alarming, usernames and passwords are often not securely stored by the service providers, making them an attractive target for hackers.
What you really need is a second way to verify yourself. That’s why many gaming platforms and developers — several of whom have felt first-hand the pain of a breach, now offer two-factor authentication.
Read on to learn how two-factor authentication (2FA) adds an extra layer of security to protect popular gaming accounts like Epic Games, Fortnite, Discord, and Call of Duty. And discover what 2FA options are available for Product Managers when they’re building their own two-factor authentication flows.
What 2FA security does Fortnite and Epic Games use to protect user accounts?
To enable 2FA security for its users, Fortnite and Epic Games send a one time security code that acts as an additional layer of protection when gamers log into their accounts. Users can choose to receive their one time security codes through authenticator apps, SMS, or email.
Two factor authentication is a vital part of protecting Epic Games and Fortnite accounts from hackers. Since Fortnite is so popular, there’s always people trying to breach gamer accounts and get access to sensitive information — so enabling 2FA is absolutely mandatory for stopping unwanted intruders. Knowing the significant impact an account breach can have, Fortnite is even incentivizing gamers with a free emote reward.
Watch the video or follow the steps below to see how Epic Games and Fortnite users can enable two-factor authentication on their accounts:
- Go to the Epic Games ACCOUNT page and click the PASSWORD & SECURITY tab.
- Under the TWO-FACTOR AUTHENTICATION header, click the 2FA option you want to enable: ENABLE AUTHENTICATOR APP, ENABLE SMS AUTHENTICATION or ENABLE EMAIL AUTHENTICATION.
If you opt to use an authenticator app for 2FA, these common authenticator apps can be found in your mobile device app store:
- Google Authenticator
- LastPass Authenticator
- Microsoft Authenticator
What 2FA security does Discord use?
To enable 2FA security for its users, Discord recommends using an authenticator app like Google Authenticator or Authy to send a temporary code to your smartphone each time you log in. Discord won’t let you access your account until you enter this code, thereby confirming your identity.
When setting up 2FA in Discord, users would simply follow the steps below, courtesy of How-To Geek:
- Open the Settings menu by clicking on the cog icon in the bottom left next to your name and avatar.
In the Settings menu, under My Account, select “Enable Two-Factor Auth”.
Next, you’ll need to set up either Google Authenticator or Authy on your smartphone or tablet. In either app, use the “Scan a Barcode” feature to scan the QR code in Discord.
Alternatively, you can use the “Enter a Provided Key” feature in either app to enter the 2FA key in Discord.
Once you scan the QR code or enter the 2FA key into Google Authenticator or Authy, that app will present you with a six-digit verification code. Enter that code into Discord now to activate 2FA.
Once 2FA is activated, you can add a phone number to your account to use SMS Authentication, or you can download static backup codes to use whenever you need to verify your identity in the future.
What 2FA security does Call of Duty use?
Call of Duty players can add an additional, much-needed layer of security to their Activision account by enabling two-factor authentication (2FA), and also get some freebies as an incentive. To set up 2FA in their Call of Duty accounts, users would follow these steps below, provided by Respawn First.
- Go to Activision’s Two-Factor Authentication page to start.
- Click on ‘Set Up Two-Factor Authentication’
- Sign into your Call of Duty account through your Activision login, or a linked PlayStation, Xbox, Steam, or Battle.net account.
- Download ‘Google Authenticator’ for your phone, available on the App Store or Google Play Store.
- After it’s installed, press the ‘+’ icon on the top left of the Google Authenticator, and scan the QR code displayed on the page.
- Enter the code in the ‘Google Authenticator’ app to finalize the link and this should successfully enable two-factor authentication for your Call of Duty account.
Are there faster 2FA alternatives to SMS or authenticator apps?
Two-factor authentication — by definition, adds friction to the user experience. But what if you could keep the same level of security, but make authentication frictionless for your users? A better alternative to SMS OTPs or authenticator apps is TypingDNA Verify 2FA.
If you’re a Product Manager or Developer, this one’s for you…
Verify 2FA authenticates users based on how they type on their keyboards. Instead of reaching for their phones and unlocking them to open an authenticator app, Verify 2FA’s biometric-based solution only requires users to type four short words they see on-screen. Not only is this a much faster authentication method, but it reduces the users’ effort and provides a better experience with your brand.
Watch the video below to see how SMS codes compare to TypingDNA Verify 2FA when it comes to speed and user experience.
And if you’re ready to use typing biometrics to authenticate your users, the Verify 2FA Starter plan lets you authenticate 1,000 users each month at no cost. And when you’re ready to scale-up your user base, Verify 2FA is only 1 cent per user, with unlimited authentications — and you simply pay as you go!