Community ManagerEA Forums Online Security Newsletter - Volume 3/ 2026
Welcome to the third edition of EA Forums Online Security Newsletter
It’s the last day of the month, which means it’s time for a new edition of the EA Forums Online Security Newsletter. If this is your first time here, welcome! This newsletter is a monthly discussion focused on online security, tailored specifically for us—gamers. Each edition explores key aspects of staying safe online.
Last month, we discussed phishing and how to protect yourself against it. Feel free to join the conversation, share your experiences, and—if you’re up for a friendly challenge—take part in our competition. You can find more details in our handbook.
This month, we’ll focus on the importance of Two-Factor Authentication (TFA) and explore what prevents gamers from enabling it. The threats it protects against can often feel abstract and distant until they’re not. And like many things in security, it doesn’t seem urgent until it becomes personal.
Many gamers don’t enable TFA because they believe their account isn’t valuable enough to be targeted.
“I have nothing worth stealing” is a common misconception. In reality, stolen accounts are often used for phishing campaigns, laundering in-game currency, or as part of bot networks. The damage isn’t always directed at you—your account carries social trust, and that has value to attackers.
Another major barrier is the perception that TFA is inconvenient or unreliable.
SMS codes, for example, can be delayed or fail to arrive, which frustrates users and discourages adoption. On top of that, SMS-based authentication is increasingly considered a legacy solution due to its vulnerability to attacks and overall security weaknesses.
Some players avoid TFA simply because they are not aware of better alternatives.
Authenticator apps provide a more secure and reliable option by generating Time-Based One-Time Passwords (TOTP)—typically 6-digit codes—directly on your device. These codes are available instantly, even if your phone is in flight mode, making them both faster and safer than SMS.
Poor security habits can also prevent effective use of TFA.
Account sharing between friends bypasses the purpose of TFA entirely, turning a secure system into a weak one. Similarly, backup codes are often ignored—people take a screenshot and forget about them—despite their critical role in account recovery.
A lack of urgency often delays action until it’s too late.
The threats TFA protects against can feel distant or abstract, so enabling it doesn’t seem necessary—until something goes wrong. However, many platforms already highlight its importance by requiring it for key features. For example, EA FC requires TFA to access the Web and Companion Apps, and Steam requires Steam Guard to use the Marketplace.
Ultimately, stronger habits and better tools make TFA easy and effective to use.
Use an authenticator app whenever possible, and enable any form of TFA available across all your accounts. Your email address is the foundation of your security—make sure it is especially well protected. Access to your email can make it much easier for someone to take over your other accounts.
How to enable two-factor authentication on your EA Account
EA Forums Online Security Newsletter Badge Handbook
Community Spotlight Volume 2: Phishing
This month’s Community Spotlight highlights outstanding replies from Volume 2 – Phishing.
Comments were chosen based on the following criteria:
- Relevance to phishing
- Depth of insight
- Educational value
- Originality
- Potential impact on the community
Practical Phishing Defense Blueprint
Comment from ElhaSims :
If we focus on phishing targeting gamers, and knowing that scammers aim to steal accounts, items, or banking information through fake links, keep this scam checklist in mind to avoid it:
🔗 Check the links: Hover your mouse over the links without clicking to see the real URL.
Inspect suspicious emails/messages; look for spelling errors or fake domains (e.g., micros0ft.com).
🛡️ Protect your accounts: Create unique and strong passwords for each gaming platform. Use password managers and enable Two-Factor Authentication (2FA/MFA).⚠️ Beware of urgency: If you are threatened with being banned if you don't click, it's a scam.
⚠️🛍️Beware of Free Offers: Be wary of "free" or "too good to be true" offers. Promises of skins, currency, or early access are commonly phishing scams.
🤝 Safe Trading: Only use the platform's official trading systems. Do not download mods or cheats from unofficial sources, nor download executables from unknown sources. Avoid direct transactions with strangers, for example, via Discord or PayPal.
🙅♂️Don't Click: Avoid links in unsolicited emails or direct messages, even if they appear to be from friends.
🔄Update Software: Keep your operating system and antivirus software up to date to mitigate risks.
📧 Don't Share Information: Never give your passwords or financial information to other users, even if they promise in-game assistance. Legitimate companies will never ask for your login credentials via email or chat.
🚩Report and Ignore: If something seems suspicious, report and block it.
Recognized for:
- A highly relevant and structured scam checklist tailored to gaming environments
- Clear, actionable guidance covering multiple phishing tactics (links, urgency, fake offers, unsafe trades)
- A contribution with clear potential to improve day-to-day security habits across the community
Trust Boundary Awareness
The second highlighted comment is from NewFoundRemedy :
I have seen plenty of people fall for phishing scams due to blindly trusting messages from people on their friend lists who themselves had their accounts phished. It's key to make sure you extend caution to even those you think are trustworthy sources. If you haven't talked to them in a while, be extra vigilant.
Highlighted for bringing forward:
- A sharp observation of phishing through compromised trusted contacts
- A powerful reminder that familiarity should not override caution
- A mindset-focused takeaway that can prevent common mistakes
Real-World Scam Pattern Recognition
Lastly comment from NoikaSims
(...) I think is common the use of "places", private messages or mails with offers to items, currency in game, etc, for usually cheap prices. We have seen it a couple of times even in The Sims forums that they sell players codes for the extra content and not for the expansion as they believed, (...)
Commended for showcasing:
- Practical reinforcement of the “too good to be true” warning sign
- Solid educational value through simple, real-life context
- A contribution that helps others more easily recognize and avoid similar threats
As always, thanks to anyone who contributed to the newsletter!
