Sony trots out 2-factor authentication 5 years after breach

Attack on PlayStation Network exposed personal data, effected 70% of customers

Five years after a hack exposed the data of 77 million users, Sony is finally adding two-factor authentication to its PlayStation Network.

The company did not provide details on the new service, but did say it was still under development and would be released at a later date. As passwords fall out of favor as a security construct, the current popular alternative is two-factor authentication, which requires the user have a second factor in order to gain access to a service.

Popular two-factor authentication schemes today include one-time passcodes sent via mobile SMS or to an email address. In addition, some online services, such as Google, are beginning to explore two-factor authentication using technology based on public key cryptography.

The PlayStation Network has about 110 million users with 65 million of them active on a monthly basis. PlayStation Network accounts are valid on a number of Sony platforms, including PlayStation 3 and 4; PlayStation Vita and Portable; the PlayStation mobile app and the platform's web site.

The 2011 PlayStation breach exposed account names, birth dates, email addresses and credit card numbers. At the time, the SANS Institute said the breach may be the largest theft of identity data information on record. The network was offline for several weeks, and the hacktivist collective Anonymous took responsibility for the breach.

In 2014, Sony paid $15 million to settle a class action lawsuit that grew from the PlayStation hack. That settlement came shortly before Sony Pictures Entertainment was hacked by North Korea, which led to the company pulling the release of the film "The Interview."

Sony came under fire in the PlayStation hack for failing to encrypt user account data even though it encrypted credit card information of the same users. Such a policy shows how little companies have historically valued personal data, which hackers now covet for use in prolonged attacks. Credit card data has limited long-term value as cards are cancelled by owners or re-issued by banks after massive data breaches.

PlayStation Network competitor Microsoft's Xbox Live has had two-factor authentication since 2014.