Sony should up the ante on PlayStation security

Sony said Oct. 11 that a third party’s mass unauthorized login attempt compromised 93,000 online network accounts. Although the incident didn’t compromise Sony’s network infrastructure, it should serve as an incentive for the company to take additional measures to secure users’ account information.

According to a blog post from Philip Reitinger, who is Sony’s chief information security officer, 60,000 PlayStation Network and Sony Entertainment Network accounts and 33,000 Sony Online Entertainment accounts were compromised Tuesday. Reitinger said account holders’ credit-card information wasn’t at risk. He added that the affected accounts were frozen temporarily and that Sony is investigating the situation.

This incident is Sony’s second major security issue of 2011. Last April, Sony’s entertainment and gaming networks were breached and 100 million account holders’ personal data were accessed.

Chenxi Wang, who is an analyst for Forrester Research, says Sony can take additional security measures by installing a security token. A security token is an electronic device that would act as a unique identifier in each PlayStation unit. The token would be activated when a PlayStation user registers his/her account on Sony’s network. This information that is unique to each PlayStation would complement the user’s password information to confirm his/her identity.

Wang believes that a token-and-password combination could help to thwart unauthorized login attempts.

Wang also believes that this incident is a good example of why consumers should take security measures into their own hands. She reminds consumers to choose complex password combinations that they can memorize and to change passwords every few months.