Nintendo suggest adding Two-Step Verification when they released a report advising Nintendo Switch players to make sure their accounts were secure after several unauthorised logins were reported. This was originally reported to affect account holders in Japan. So far it’s not clear if gamers in other countries are affected. But it got me thinking: is my Nintendo account as secure as it could be? After logging in to my Nintendo account, it turned out that the answer was ‘No’.
Why is account security important?
As we move to a more connected world, we need to be aware of the risks that exist. The fact that a game might be aimed at kids, doesn’t make it immune to exploitation. In fact, it may make them more at risk, given their inexperience of dealing with other people and manipulation.
The consequences of someone you don’t know accessing an account of yours should make you worry. I’m not talking just about your Switch account. What about your Facebook or Twitter account, your work email account or your bank account. We’re all using more services, all requiring an account. People mostly use a small selection of passwords. This means if someone cracks one of your passwords, they can potentially access several of your accounts. On Facebook or Twitter, unauthorised access could mean stuff gets posted that you wouldn’t post. Unauthorised access to email, could have big implications, especially if it’s your work account.
On a games console, unauthorised access could mean all of this. But it could also mean a hit to our pocket as well; we can make payments for games and add-ons through our console accounts. Some of the Nintendo Switch users referenced in the Nintendo’s report talk about payments being made for Fortnite. An article on The Verge on 24th April, stated that the nicknames, dates of birth and email address and other data may have been accessed.
Nintendo’s Solution
In light of these developments, Nintendo have been running a social media campaign to promote Two-Step Verification. This is an additional layer of security for accounts. An increasing number of service providers have 2-step verification. Often it is a feature that you have to turn on. So it’s worth investigating whether your accounts (bank, Facebook, email, games console, Google, Apple) have it activated, if it’s available. My advise is, turn Two-Step Verification on every where you can.
What is Two-Step Verification?
You’ll be familiar with the usual log in process: you type in a user name and a password. These are checked and if you typed them correctly, you get let in. This is could be called one-step verification.
Two-step verification adds another stage once your username and password have been checked. Usually it involves a code being sent to something else that the user has access to. This could be a phone or an email address or something else. The idea is that someone trying to crack your username and password is unlikely to be holding your phone as well.
Some PC games, like classic Star Wars: The Old Republic back in 2011, recognised the potential issues linked to users account details being exposed to hackers and so developed smart phone apps that form part of the two-step verification process.
So, two-step verification is not new and yet it remains a reliable additional security layer that’s easy to implement and easy to use…unless you are my wife; who gets really frustrated when she’s asked to check her phone for the authentication code that’s been just been sent! Here’s the thing: it’s an extra step. Which means it’s a bit more effort. But it makes your account so much more secure.
Setting up two-step verification on your Nintendo account
Some points to note before I go through the set up process:
- I tried to set up 2-step verification just on my phone, but there a step in the sequence where it falls down.
- You will be asked to install the Google Authenticator app. I suggest using your phone (Android or Apple) when you get to this step and start the process on your computer.
Step 1
On your computer, go to the Nintendo website (https://www.nintendo.co.uk) and log in using your Nintendo account details.
Step 2
Click on your avatar/username in the top right corner of the webpage and select ‘Settings’, highlighted on the screenshots below using the green arrows.
Step 3
Click ‘Sign-in and Security Settings’ in the left hand column. If you haven’t already set up Two-Step Verification, click on the ‘Edit’ button towards the bottom of the ‘Sign-in and Security Settings’ page.
Step 4
Click on ‘Enable two-step verification’.
Step 5
On the next screen, type in your email address and click on ‘Submit’. This will send an email to you with a verification code. This is to check you are the account holder and that you are authorised to set up two-step verification.
Step 6
Once you receive the email, type the verification code you received into the page and click on ‘Submit’.
Step 7
Once your email account is verified, you are then asked to download the Google Authenticator app onto a smart device. I used my phone. When the app is installed, open it and follow the in-app instructions to scan the QR Code on the Nintendo web page. The app will then generate a 6-digit code that you must type into the Verification code box on the Nintendo web page. When you’re done, click ‘Submit’ on the Nintendo web page.
This is the point that my original mobile-only approach failed. I couldn’t work out how to scan a QR code on my phone with the camera on my phone. There’s not an alternative link that can be used.
Step 8
Your Nintendo account should now be linked to the Google Authenticator app, and the Nintendo two-step verification process should be complete.
Step 9
The next time you log into your Nintendo account, you will be asked to type in a Verification Code. To do this you will need to open the Authenticator app on your smart device and type in the code you see there. This code will refresh automatically every 30 seconds or so.
Step 10
If your young people have their own Nintendo accounts, repeat these steps with their log in details on the Nintendo website.
Security = Positive Experiences
Gaming is not an isolating experience in many cases. As parents, we should be taking an interest in what our kids are connecting to and work to make it an enjoyable experience, as the content creators intended. Simple steps can be take to make our online experience safer and more secure. Whilst it might add a short delay to your log in process, you must weight up this minor inconvenience with the major disruption of a hacked account and the financial damage that could cause.
As a final point, it might be worth checking if any of your other online accounts have two-step verification step up and whether it’s active. My recommendation is set it up wherever you can; it’s an small step that can have a big positive impact.
Have you checked your accounts for two-step verification?