Video game security could be better, and you should know why.
Half of American adults play some form of video game, and many of those games require users to create an account and log in. From phone apps and MMORPGs to systems like PlayStation and Xbox, identity is an integral part of the ability to interact with other people in live action games, to save progress and to organize different accounts on one device.
Unfortunately, many games don't have the best possible security systems in place, and many users don't take their video game account security seriously. They find a game they want to play, get excited, and dive right in—not exactly a security-focused move.
You should be informed about the security risks and yes, you should put in the effort to keep yourself as safe as possible when playing video games. But that doesn't mean you can't enjoy and play video games, or that you have to go digging around for the information you need to be safe—we've got that covered.
Know the Risks of Gaming
Like pretty much every system with a login, games and game systems come with inherent risk attached. Any time you're turning your information over, there's a possibility that something could happen to it. The two biggest scares for gamers are breaches of games or game systems and what happens to your data.
We harp on breaches on the Auth0 blog because they're one of the worst case scenarios for a company's identity management, and gaming companies have had their share of breaches.
One of the worst was Sony's 2011 breech, which saw their servers shut down and compromised the personal details of millions. The hack lost the company over $170 million and was estimated to have compromised the personal information of PlayStation's 70 million users.
Also in 2011, a string of hacks affected Ubisoft, Club Nintendo Japan, and League of Legends, among other companies. League of Legends reported that 120,000 salted and hashed credit card transactions were nabbed, and prompting them to take action to upgrade their processing system.
Despite these cautionary tales, problems in the gaming industry persist. In 2015, Steam had well-documented problems keeping users' personal information private, which may have been entirely due to internal error.
It's slip-ups like this that reflect poorly on the industry's security practices. Still, there have been huge breaches across many industries—gaming isn't alone, unfortunately. Sign up for games should be treated with as much as caution as any other signup.
The other major risk of gaming is what happens to your personal data. Nowhere was this more evident than in the discussion that came out around Pokemon Go.
The viral game seemed to be all in good fun, until it was revealed that they were taking as much data from their users as they could get their hands on. CNET reported that the company released a statement admitting that they had erroneously requested full access to users' Google accounts, giving “Niantic access to all of your information, as well as the ability to post, delete and send things from your account.”
Unless you went into your Google accounts and checked which apps had access to your information, you probably wouldn't have ever known that Pokemon Go was grabbing your data. Other companies and systems, including Ubisoft and Xbox, collect and use user data, and gaming systems could be using height, weight, and facial recognition features.
Many companies collect and use our data, from banks to grocery stores, but games sometimes take it one step too far. If you want to make sure that your data is safe, you need to know what game companies are collecting and how they're using it.
How to Play it Safe
While you might not have control over what companies do with your data or if hackers decide to go after Sony again, there's a lot of common sense you can use to lower the risks associated with making an account for games. Here's a quick rundown of the best practices:
- Use multi-factor authentication. If your game or system offers MFA as an option, take it! It adds a little extra security in comparison to just a username and password.
- Use a good password. This is an oldie but goodie—use unique passwords for each one of your game accounts. At the very least, never reuse a password that you have associated with other, valuable accounts, like your bank or primary email.
- Consider using a gaming email. If you're a frequent gamer, consider making an email account you use only for games. With most mail providers offering free accounts, there's no reason not to. In the event of a breach or improper use of data, the attackers won't have the email you link to all your other accounts.
- Exercise common sense with online games. If you play games online on your computer, tablet, or another connected device, make sure that you're not handing out your information to sketchy sites. Poke around and check out the game and associated developers or websites before signup. When in doubt, go with your gut—there's plenty out there to play that's safe.
- Double check permissions. If you sign up for games with social login, check your social media accounts every once and a while to see what apps have access to your information, and how much of it they're taking. If you aren't playing a game anymore, you can remove it, and in some cases you can also limit what apps collect from you.
- Don't store your card information in-game, and use in-app purchase sparingly. Anyone who's ever been stuck on a level of Candy Crush for a week has been tempted to hand over their card information in exchange for a little boost. If you do, don't let the app save your card information. And, of course, if you're worried about the game's security, don't make an in-app purchase.
- Don't reveal personal information to anyone in your games. If you're playing live games with others, refrain from giving away details that could make you a target for someone to try to hack your account. Email, phone number, credit card information are all obvious no-gos. If someone is pressing your for information, or brings more personal questions up consistently, don't feel pressured to respond—and consider reporting them.
- Actually read terms and conditions. Yes, we know everybody presses “agree” even though they haven't even glanced through terms and conditions. But if you're worried about a game sharing your data, or you're not sure who is going to get your email down the line, the best defense is a good offense.
Chances are, you won't run into trouble getting your password stolen, or your card information nabbed because you're playing video games. All of these tips are common sense and apply to most of our personal responsibility to keep our identities safe. Putting a little effort in before you start on a new gaming device or with a new video game will only benefit you in the long run.
Stay Safe, Have Fun
Chances are that most major game and device creators will spend some serious capital to get their security where it needs to be sooner rather than later. As the industry continues to develop, and more people engage with games on their phone, computer, connected devices, VR headsets, etc. security will only get better.
In the meantime, do your best to play your part in making your account safe. Although authentication security and identity management are often the furthest things from your mind when you're starting a new game or setting up a device account, it's important to take that extra step to make sure you're safe.