Video game consoles today are mini computers. Powerful hardware running similar operating systems as your desktops. The three major consoles also require internet connectivity to function, play games, get updates and that exposes the machine and you. Like any other internet enabled device in your home you should take additional steps to make your accounts and video game consoles more secure and protected.
This post coincides to Security In Five podcast episode number 143 that was released on Tuesday Jan. 2nd 2018. The direct link to the episode is here.
This will go through the three main video game consoles: Nintendo Switch, Microsoft XBox One and the Sony Playstation 4. These tips will focus on the internet accounts you use for each service and the consoles themselves.
The Nintendo Switch is driven by the Nintendo ID. This account sets up the console to receive console and game updates, email and notifications and allows you to enter payment information to make purchases in the Nintendo eShop. Like all account you have the best practice for the Nintendo account is to setup two-factor authentication.
The process is quite simple. To do this you use your computer or mobile device and a web browser. These steps are not done on the console.
- Log into to your account https://my.nintendo.com.
- In the right hand corner you will find Settings.
- In Settings on the left there is a menu item called Sign-In and Security Settings.
- In that menu item, at the bottom, you’ll see 2-Step Verification settings.
- From here you will be asked to enter/verify your email address and a code will be sent to that email for verification before you set up the rest.
- After you get and enter the code you will proceed into configuring the 2-step process.
- NOTE – Nintendo requires you to use a code generator like Google Authenticator on your mobile device. You can use others but I prefer Google’s.
- When you see the QR code on the Nintendo site, open your Google Authenticator app, push the + in the right corner and hold your camera to scan the code. The app will do the rest.
- When that’s done enter the Google code in the box on the Nintendo website at the bottom to finish it.
- The last page you will get is a list of backup codes. Copy these to a secure location for safe keeping. These codes are used if you lose your Google Authenticator or the phone it’s installed on. Those one time codes will allow you to access your Nintendo account.
It seems complicated but it’s not and takes about 2 minutes to get setup. Now anytime you login to Nintendo you will be prompted for the second code from your code generator.
Another tip on the console is in the eShop settings, set it up to require the password on each access. This is a good practice for two reasons. One is if your console is lost or stolen and especially if you have kids. Prevents unwanted purchases.
Microsoft Xbox One
On your Xbox One, you can add a passkey to your console and protect it from kids trying to alter parental control settings, grant access to certain content for children on a per-case basis, and prevent unauthorized purchases.
- Hit the Xbox logo to open the guide.
- Go to the Settings page.
- Select All Settings, then Account, then Sign in, security, and passkey.
- Enter a passkey using the Xbox One controller buttons. Now your console is protected from unwanted access or little people.
You should also add two-factor authentication to your Microsoft account that’s connected to your Xbox One.
You do this from a browser.
- Visit Xbox.com (or Microsoft.com)
- Log in to your account, select your user icon, and click View Microsoft Account.
- Select Security from the menu bar.
- Click More security options in the Security Basics section.
- You can enable two-factor authentication using an app like Google Authenticator.
Sony Playstation 4
The Sony Playstation has similar protections as the Xbox with one exception, Sony doesn’t support using a code generator as of yet. They will send out a text message with a code as the second factor. I am going to ding Sony on this as NIST has come out stating that using SMS text messages in authentication processes is less-than-secure and no longer recommended. You’d think Sony would be more on top of the security best practices after their breaches. But it is what it is…
- In a browser sign into your PlayStation account, select your profile picture, and select Account Settings.
- On the Account Management page, visit Security, then select the two-step verification option. There you can associate your phone number with your account, and require a verification passcode sent to you via text message whenever you log in to an unfamiliar device.
On the console you can also add a password that will restrict people from logging in to your account without your permission.
- On your PS4, visit Settings then Login Settings.
- Uncheck Log in to PS4 Automatically and then select Passcode Management.
- You use the buttons on your DualShock 4 controller to enter a passcode tied to the buttons you press. The buttons are associated to numbers to make the pattern easier to remember.
There you go. Simple steps to secure your video game consoles as well as the accounts used for them. It’s important to follow through and do these steps because your accounts and consoles contain all the sensitive information criminals want to get at. Name, address, birthdate and the credit card information that is the golden nugget for them. Don’t assume or treat these entertainment devices as not targets. They are computers and are very powerful computers with all the information the bad guys want.
Lock it down, take precautions, don’t just set it up and hand it over to your kids. Use it to teach them about basic security practices as well.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.