We already know that Nintendo has some of the most stable hardware out there, but thanks to the introduction of Two-Step Verification today, now your Nintendo Account can be super-secure, too.
When you opt-in you will be using Google's 2-Step Verification system, which of course makes everything as painless as possible. You'll simply need to use an app on your phone to scan a QR code. Job done!
Head over to https://accounts.nintendo.com/security to enable the extra layer of security on your Nintendo Account. You can also change your username / sign-in ID too, which is more than you can do on the PlayStation Network.
Let us know if you feel more secure with these two-steps with a comment below.
[source accounts.nintendo.com]
Comments 58
I don't even know what that is... being more "secure" by providing even MORE personal information?
I mean, it doesn't hurt. So... yay?
@crackafreeze And why not? With all the news about people's accounts getting hacked left and right due to poor security practices on the part of the users, it ought to be.
Doesn't hurt to add some extra security.
@PtM
I'm asking actually hahaha, I don't know what the two-step-verification is.
I was thinking the sort of thing like "Give us your phone number to have more privacy". Give them more personal information to protect my privacy? 🤔
@RodSD64 No personal information is shared. Just a bit of configuration, including a random key. https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
Defo doing it down to future proof myself. About 3 days after the release of this on PSN my account was getting logged into but with my 2 step activated they couldn't get access to it.
what if you don't have a phone to scan the QR? Completely pointless for me
@RodSD64 Two-step authentication has no connection to privacy. It doesn't ask for any more information than you already provided when you registered. It asks that you install the Google Authenticator app, which constantly generates codes every two minutes that only you can access by virtue of having the secret key needed to make them. The concept is that even if your password is stolen or someone guesses it, they will still need the device that the authenticator is installed on to log in. At the same time, you're warned that your account was accessed by a device you've never used before, so you can change your password and take any other actions needed to secure your account.
In short, it enhances your security and there is absolutely no reason not to enable it if you have the means to use it. It doesn't even need to be on a phone, nor does the app need internet access.
It's baffling that Nintendo is now allowing two-factor auth but still limits passwords to only 20 characters and doesn't even allow spaces in them.
@Exy
Thank you for the info!!
What is that means ?
Is that allow me to Activate my Two Different Accounts ?
@Bunkerneath then you will have to learn to decipher them without a phone.
I'll stick with the old tried and trusted method for now.
This is great! I'm impressed they even support the Google Authenticator app; that's fantastic (I was expecting it to be the system where they text you a code, which isn't quite as secure).
Between this and allowing PayPal payments on the eShop, Nintendo's new account system is making me feel much more secure.
@Anti-Matter No. It means it adds an extra step of security to your account.
On the New 3DS, there is an infra camera for head tracking which can be use for face recognition like iPhone X... but who wants to lock the 3DS? 🤔
I've just started using 2FA on my google and school accounts so maybe I'll do this too.
@crackafreeze The last words of everyone who ever gets their accounts compromised.
Yay
I always use multifactor authentication wherever available. Always. New hacks are announced on an almost weekly basis and with free tools like Google's I can't think of any reason not to protect your assets.
@Fuz Yeah that would be nice. I've been sharing hardware with my kids for years, and while they are old enough and smart enough now to figure it out, I've had more than my share of deleted saves or other issues. Of course it wasn't their fault that Nintendo completely screwed up SSB4 and all accounts played the same save game. I never even played it b/c the first time I tried every character was unlocked and half the missions done. I was so aggravated I never went back to it. I am currently just happy it has profiles so we can share it, but a simple thing like passwords for each account would be very welcome. Not holding my breath though, never had it on any console before and we own them all.
So are either the app or the website available on the Switch yet? Why do we have to use phones and PCs when the Switch is a more than capable WiFI connected device?
Is the option to change username new?
(Not a fan of the dig at PSN, however true it is.)
@Lumine @Exy wth guys? I've had one password accounts for years that have never been stolen, and yes, accounts that I have poured money into. In fact an authenticator has only provided me pain, as it was uninstalled from my phone and prevented me from logging into my account. I had to give personal information to log back in. Yeah, it's an extra layer of security, but if anything ever happens to your phone...BWAHAHAHAHAHA.
Security... For now. Apple's two-step authentication process got cracked recently, so that proves you actually need multi-step (more than 2) to really have a decent layer of security. It's only a matter of time until Nintendo's two-step authenticator gets cracked too.
Passwords on top of passwords. We need to find a reliable replacement for the username/password system. It's been outdated for years.
That said, I'll no doubt use the two step authentication even though I loathe it.
Works like a charm. Instructions are nice and clear. If you already have the Google authenticator app installed and do this on your phone, it takes a minute or so. I recommend 2FA with every service that allows it.
@Bunkerneath Right underneath the QR code is an option to enter it manually. If you're using Google authenticator on the device you access the website on it is automatic when you click on the link given under the code.
@Lumine There are so many things wrong with that statement. The sass is real.
1: Yeah Google...there goes your private information!
2: The need of a smartphone is bonkers. Same with the parental guiding app. It makes no sense, they could just turn the Switch in a i-phone instead!
@SLIGEACH_EIRE,
I thought you didn't have a Switch? I don't have one either.
Two factor authentication simply means that a system requires you to supply both your password and a token to confirm it is you. The token is generally delivered to a device that only you can access, like your cell phone. No additional personal information is needed for the token to be set up.
It is truly additional security as if someone hacks/gets your password they still can't log in as you without the token. On the flipside if someone steals your cell phone/token device, the token is useless without the person knowing your password.
It's not a perfect system, but it's a whole bunch more secure than just a single password which you have to trust companies to secure.
The article provides incorrect information. Google Authenticator is just one application that implements the algorithms used for the two-factor authentication (TOTP and HOTP). You can use any (non-Google) application that implements this.
Done. I thought Nintendo was behind the times and didn't embrace modern technology?
Google's two-step method is a nuisance...
@Fuz I really don't remember Wii U having that, now I'm going to have to go and check. Not that I would turn it on, my life is so full of so many passwords, I am so sick of passwords, but I'm curious.
I think I only played NSMBU 4 player w/ my wife and kids - my wife is very good and going into and out of her bubble - so I hadn't noticed. Now I did play SM3DW on my own - I like 3D games better than 2D games - and I think I had my own save slots in that one, but you may be right, we might have been sharing all 3. Three is almost always enough for my kids and I, my wife only plays the usual soccer mom stuff like Wii Fit and Wii Sports unless she's playing w/ us on one of our accounts.
I do really think it should be on the Switch though. ALL of the accounts should be password protected. Kid leaves it with his friend at lunch while he goes to the bathroom, comes back and all of my save files have been deleted. Uh, no thanks. Things doesn't leave my sight until we have save back ups on USB drives or online. Wii U and PS3 have all our stuff backed up on a thumbdrive. PS4 in the cloud b/c I have PS+.
Now I'm worried about some kid messes up my saves. Nintendo needs to get on this.
@PtM Well shouldn't you be able to set it up on the Switch, then authenticate it somewhere else? Tell your Switch to send the code to our smartphone via txt. Or tell your Switch to send an email to your PC. The way I read it you need some other device to set up this, not just unlock it.
@Exy It's probably because a lot of people simply forget the password if it's that long or they end up writing it down somewhere which would result in things being less secure.
I use the tried and true method of shifting the keys on something I will remember (which results in long and nonsensical passwords) but I doubt the majority of people even bother with that.
@MasterWario the short sightedness of your statement is mind boggling. Just because something hasn't happened it doesn't mean it can't.
Two step authentication is just like adding a second door to a safe. If you can have it why not have it?
@MasterWario Yeah I don't want to lock myself outta my 'house' if you will. I'll stick to just passwords because it's already plenty of protection. Especially we change our password ever now and then. Not to mention having to use an app just makes logging in that little bit more tedious. I'd rather not have the annoyance.
@crackafreeze I'm like you and I don't want any of the annoyance of using this. Good old fashion complex passwords is plenty of protection as far as I'm concerned.
@Exy I get why people feel it's important to use this kind of protection but I feel that it's more annoying than helpful. I'm of the opinion that it's very unlikely someone will hack my Nintendo account. So I don't want the extra annoyance. I'm glad this isn't forced.
So what happens if I lose my phone or not breaks? I won't be able to get into my account?
@Thierry usually that's how it is yes. Most likely though you will be able to call and provide information that shows you're the owner of the account and then they'll reset it for you.
I'm 2-step secure now!
I'm expecting to have the best night's sleep ever tonight~
Just done the 2-step verification and thanks for Information.
@BumpkinRich If I was the owner of a large network, if I was responsible for the well-being of others, if I had a large investment, of course I would add extra security.
But this is a small account with a company I trust. PLUS, I try my best to keep important stuff off a device that is the target of the majority of viruses.
Why complicate your life by putting everything behind a 15 password wall? It's unnecessary.
Are you prepared for an asteroid impact on your living space? I hasn't happened but it could...like, some things aren't worth worrying about.
@PtM "If your Switch got compromised, it could also send your code to an attacker."
But you should still be able to start the process on your Switch and have it send the code to your phone or web browser to authenticate. It seems like the Switch has a web browser already to autheticate WiFi hotspots, why not just let people use it for other things?
So two step. Means something you know and something you have. UsernUsername and password is something you know. Your phone is something you have. The 2nd step. Multifactor would be more than 2. Such as somewhere you are. The reason for 2 step is if someone manages to get your usernname/password via phishing or malware, they'd still need your phone because you'd get a notification asking if this attempted logon is really you.
@PtM Yes, see the webpage on the Switch so you can control it, turn it on. You can set it up that way on a smartphone or tablet, you don't need a PC.
@MasterWario I dont see what trusting Nintendo has to do with your online security. If it were so secure they wouldn't bother with 2 step authentication. They are because they know a password cannot be secure. (Nor can any security measure)
At the end of the day its your account. If convienince is worth losing it then thats up to tou. But usually 'It's not worth the hassle..' is followed by 'I wish i had..'
My asteroid protection is to notch btw.
@BumpkinRich When I say trust I refer to the fact that Nintendo would help me get my account back in the case of said hack. I have various proofs of my ownership, including my Switch, Wii U, and 3ds that are all tied to my account. Just like dealing with identity theft, there are resources to help get things back in order.
Even if I had a smartphone, I wouldn't bother with this once I get a Switch. I have no issues with people trying to hack my account, and the current one-step system of automatically logging on to my account when I access the eShop and providing a password or PIN (which I don't share with anyone) when needed is much simpler and works just fine as a security measure.
If on the extremely rare chance someone actually did hack my account, I'd just deal with it in a similar manner to someone hacking my credit card.
@MegaMari0 Well, if you only access the eShop directly from your Nintendo systems like I and many others do, then phishing and malware schemes can't be used against you.
@BulbasaurusRex true. However, they have to consider all possibilities and consider the pros and cons of this move. We've all heard the hacking incidents over the past couple years.
Nice, although I don't think I'll use it. I don't think there is any risk of my account being hacked!
@SmoochyTea I agree with you, i use Microsoft Authenticator app myself for my Nintendo Account. I think the problem lies in the fact that Nintendo only promotes the Google App on the settings page when turning on the 2 step auth. I have seen "Nintendo uses Google Authentication" on some sites and forums as a result of this and as you state that is not the case.
@BulbasaurusRex But if someone gets hold of your password and changes it and the other info on the account you loose access. Any funds added to the account and so on may be lost?
@Thierry Backup codes. You are given a list of codes you can use if you don't have your device with you. (Each code can only be used once.)
However, experience has shown me that if you change phones , and therefore need to reinstall the two step app, it does NOT always sync as easily as it should and can permanantly lock you out of said accounts they're applied to. No, been there, done that threw away the T shirt. Fool me once shame on you, fool me twice shame on me.
@MegaMari0 That's why this works as an option for some people. However, for others like me, the old system is simpler and almost entirely as effective.
@Stoffe In the very unlikely event that someone manages to hack my password from somewhere else I use it and connect my identity to my MyNintendo account to do that, I'll contact Nintendo with my hardware serial numbers in hand to get them to reset my account. I only buy eShop credit through my debit card as I use it, so that part's not an issue, since my debit card information is only stored within my 3DS and Wii U themselves. Someone would have to completely steal my identity in order to steal from my account, in which case I'd just use the more traditional methods of combatting fraud. If he/she were to add credit and/or make purchases him/herself while having access to my account, then I guess I get a free bonus for my trouble once I get my account back, not that they would bother since they would only be playable on my hardware, anyway.
Come to think of it, the only benefit anyone could even get from just hacking my account in the first place would be to waste my MyNintendo coins and/or download a bunch of wallpapers.
Show Comments
Leave A Comment
Hold on there, you need to login to post a comment...