informa
4 min read
article

Security Is Not A Game

Mobile devices had brought about an exciting new era for gaming but with this growth also comes a whole new set of threats and vulnerabilities. In addressing these, game designers are tasked with preserving both the integrity, and security, of the game.

Mobile devices have ushered in an exciting era for gaming. Without them, we wouldn’t have Angry Birds, Clash of Clans, or Candy Crush Saga. And more than just mobile games: ultra-portable devices have allowed successful titles like Blizzard’s Hearthstone to exponentially expand game audience into smartphone users.  


But this growth of mobile and cross-platform gaming has brought about a whole new set of threats and vulnerabilities. Attack surfaces are multiplying, and addressing these threats is imperative to preserving the integrity and security of the games people love to play. One of the most significant challenges facing game designers and developers is to implement advanced security features without detracting from the game or the user experience. And if we’ve learned anything from recent data breaches it’s that people need more than just a password to protect their accounts.
 

You shall not Password


Last year’s iCloud hack that surfaced private photos from celebrities shattered any belief that a password is sufficient to protect online data. With nearly half of the world’s data now stored in the cloud, and companies releasing mobile devices with almost infinite storage, a single password could very well be the only line of defense protecting nearly all of your personal information.

 

password_strength.png


People should know by now that static passwords can be guessed or stolen relatively easily, not to mention forgotten, socially engineered or phished.


Two Factor Authentication


Stronger forms of verification, like Two-Factor Authentication (2FA), can add an additional layer of security without making the player navigate extra steps that slow them down.  Properly designed and implemented, gamers can be verified using their mobile device at logon, settings change or any apparently risky activity.


The simple addition of 2FA protects gamers and game creators alike against malicious attacks that can otherwise ruin a potentially successful game. Players will not invest the time and money in an environment where they feel vulnerable to cheating and theft.


Virtual value is still value


Two-factor authentication also helps protect user value: Massively multiplayer online games (MMOs)  often include the ability to earn “value” as you play, like weapons, gold or other items which players can even sometimes trade with others as part of vast, virtual economies.  A high-level profile with thousands of hours of playtime (or difficult-to-acquire items) may be intangible, but the value is just as real as any in-game purchase.   


Cyber criminals can almost instantly profit  from account takeovers: once they gain access (almost certainly through the password), they’ll immediately alter the entire security profile to ensure the owner can’t regain access. Gaming profiles can sell for thousands of dollars on black market and online auction sites, and neither player nor studio wants to be subjected to the ensuing legal process.   Even if a company successfully restores the stolen assets and/or succeeds in prosecuting the offender, this kind of violation never leaves a positive impression with the gamer.


Community trust does not respawn


Community is one of the most important success factors for online games, and building trust requires taking appropriate steps to protect the investment of of the players who comprise it. The risk of their virtual persona being stolen or manipulated is serious to them, and if the only thing protecting them from a malicious attack is a password then they may not even realize how vulnerable they are.  


Consumers should be questioning every service, company or game that has not yet implemented stronger authentication protocols. User attacks, data breaches and phishing scams are not uncommon. They have existed since the dawn of the internet and will persist as long as there are things of value to steal. Look at how Mat Honan, victim of the notorious hacking attack that eviscerated his digital life, introduced his 2012 story: “In many ways, this was all my fault…had I used two-factor authentication for my Google account, it’s possible that none of this would have happened.”


image courtesy of http://xkcd.com

Latest Jobs

Treyarch

Playa Vista, California
6.20.22
Audio Engineer

Digital Extremes

London, Ontario, Canada
6.20.22
Communications Director

High Moon Studios

Carlsbad, California
6.20.22
Senior Producer

Build a Rocket Boy Games

Edinburgh, Scotland
6.20.22
Lead UI Programmer
More Jobs   

CONNECT WITH US

Register for a
Subscribe to
Follow us

Game Developer Account

Game Developer Newsletter

@gamedevdotcom

Register for a

Game Developer Account

Gain full access to resources (events, white paper, webinars, reports, etc)
Single sign-on to all Informa products

Register
Subscribe to

Game Developer Newsletter

Get daily Game Developer top stories every morning straight into your inbox

Subscribe
Follow us

@gamedevdotcom

Follow us @gamedevdotcom to stay up-to-date with the latest news & insider information about events & more