Security Is Not A Game

Mobile devices have ushered in an exciting era for gaming. Without them, we wouldn’t have Angry Birds, Clash of Clans, or Candy Crush Saga. And more than just mobile games: ultra-portable devices have allowed successful titles like Blizzard’s Hearthstone to exponentially expand game audience into smartphone users.  

But this growth of mobile and cross-platform gaming has brought about a whole new set of threats and vulnerabilities. Attack surfaces are multiplying, and addressing these threats is imperative to preserving the integrity and security of the games people love to play. One of the most significant challenges facing game designers and developers is to implement advanced security features without detracting from the game or the user experience. And if we’ve learned anything from recent data breaches it’s that people need more than just a password to protect their accounts.
 

You shall not Password

Last year’s iCloud hack that surfaced private photos from celebrities shattered any belief that a password is sufficient to protect online data. With nearly half of the world’s data now stored in the cloud, and companies releasing mobile devices with almost infinite storage, a single password could very well be the only line of defense protecting nearly all of your personal information.

People should know by now that static passwords can be guessed or stolen relatively easily, not to mention forgotten, socially engineered or phished.

Two Factor Authentication

Stronger forms of verification, like Two-Factor Authentication (2FA), can add an additional layer of security without making the player navigate extra steps that slow them down.  Properly designed and implemented, gamers can be verified using their mobile device at logon, settings change or any apparently risky activity.

The simple addition of 2FA protects gamers and game creators alike against malicious attacks that can otherwise ruin a potentially successful game. Players will not invest the time and money in an environment where they feel vulnerable to cheating and theft.

Virtual value is still value

Two-factor authentication also helps protect user value: Massively multiplayer online games (MMOs)  often include the ability to earn “value” as you play, like weapons, gold or other items which players can even sometimes trade with others as part of vast, virtual economies.  A high-level profile with thousands of hours of playtime (or difficult-to-acquire items) may be intangible, but the value is just as real as any in-game purchase.   

Cyber criminals can almost instantly profit  from account takeovers: once they gain access (almost certainly through the password), they’ll immediately alter the entire security profile to ensure the owner can’t regain access. Gaming profiles can sell for thousands of dollars on black market and online auction sites, and neither player nor studio wants to be subjected to the ensuing legal process.   Even if a company successfully restores the stolen assets and/or succeeds in prosecuting the offender, this kind of violation never leaves a positive impression with the gamer.

Community trust does not respawn

Community is one of the most important success factors for online games, and building trust requires taking appropriate steps to protect the investment of of the players who comprise it. The risk of their virtual persona being stolen or manipulated is serious to them, and if the only thing protecting them from a malicious attack is a password then they may not even realize how vulnerable they are.  

Consumers should be questioning every service, company or game that has not yet implemented stronger authentication protocols. User attacks, data breaches and phishing scams are not uncommon. They have existed since the dawn of the internet and will persist as long as there are things of value to steal. Look at how Mat Honan, victim of the notorious hacking attack that eviscerated his digital life, introduced his 2012 story: “In many ways, this was all my fault…had I used two-factor authentication for my Google account, it’s possible that none of this would have happened.”

image courtesy of http://xkcd.com