Epic Games Implements Mandatory 2FA for Free Games in Online Store

Epic Games Implements Mandatory 2FA for Free Games in Online Store

Epic Games has made two-factor authentication a mandatory requirement for anyone looking to pick up a free game on the Epic Games Store in the next few weeks. The feature was implemented on April 28 to encourage gamers to adopt better security practices on their accounts with the online store.

The news makes Epic the second major gaming company to emphasize the need for two-factor authentication in recent days. Nintendo strongly urged its customers to deploy two-factor authentication after a series of fraudulent attacks in which hackers gained access to Nintendo accounts (and the PayPal accounts that were linked to them). Many of the victims of those attacks were using unique passwords, which suggests that the passwords were insufficient when used as the sole security factor for an account.

As the developer of Fortnite, Epic is almost certainly aware of the Nintendo scam. Some of the hackers used the breached PayPal accounts to purchase large amounts of Fortnite’s in-game V-bucks currency, which can then be resold to other players in exchange for real-world cash.

Epic’s new store rule is temporary, and will only be in effect until May 21. However, it should go without saying that the advantages of two-factor authentication apply well beyond an arbitrary deadline. Epic indicated that it will use security codes as the second authentication factor for its users, and will ask them to implement the feature with the following message:

“Claiming this free game requires you to have Two-Factor Authentication setup on your account. Two-Factor Authentication provides an additional level of security to your Epic Games account and will help prevent unauthorized access.”

Of course, the benefits of multi-factor authentication (and the limitations of passwords) are not limited to the gaming industry. Yubico, for instance, has repeatedly pointed out that many organizations still rely on outdated password security, and has highlighted the need for strong digital security in a remote work environment