EA Forums Online Security Newsletter - Volume 7
Welcome to another summer issue of our newsletter (for those in the Northern Hemisphere). Last month, we continued our series on phishing from a psychological perspective. This approach, which began two issues ago with a look at password creation, offers valuable insights into how bad actors operate. If you missed the previous issues, be sure to check them out - they’re definitely worth reading! EA Forums Online Security Newsletter - Volume 5 EA Forums Online Security Newsletter - Volume 6 This month, we focus on the important topic of reporting vulnerabilities in EA games and products. We recently published the Vulnerability Disclosure Hall of Fame, recognizing researchers who helped patch security issues in EA products or games during the past quarter. What is a security vulnerability, and how does it differ from cheating in a game? How can you report a security vulnerability in an EA game or service, and what information should you provide? You’ll find answers to these questions in the Security Focus section of the newsletter. As always, you can earn a unique forum badge by sharing your experiences in the newsletter comments or by taking the quiz. Stay safe! What is a Security Vulnerability? A security vulnerability is a weakness in a system that an attacker could exploit to cause harm, like stealing information or disrupting services. This is different from cheating in a game, which involves a player unfairly manipulating game rules for personal gain within the game itself, rather than exploiting a flaw in the underlying software. If I've found a Security Vulnerability, how do I report it? To report a security vulnerability in an EA game or service, you should fill out the Security Vulnerability Submission form on the EA Security Website. When submitting a report, include details such as the affected game or product, platform, version, time of discovery, what the vulnerability allows, steps to reproduce it, and any supporting evidence like screenshots or sample code. How does EA classify reported Vulnerabilities? EA classifies the severity of reported vulnerabilities using industry standards like the CVSS scoring system and a four-tier scale (Critical, Important, Moderate, Low), with the most severe issues requiring little or no user interaction to exploit. The impact of each vulnerability is further assessed using the STRIDE Security Model, and each report is carefully triaged and investigated by EA’s security team. Can I report cheating in-game through the Security Vulnerability Submission? Short answer - NO. Reporting cheating or account issues is handled separately from security vulnerabilities; cheating should be reported through in-game tools, and account security concerns should be addressed via EA’s account management resources. EA Coordinated Vulnerability Disclosure Hall of Fame What to do if you find a vulnerability in an EA game or product Report cheating, harassment, and illegal content Online Security Newsletter - Volume 7 Quiz
EA Forums Online Security Newsletter - Volume 6
Before we begin this issue’s regular sections, we want to thank everyone who participated in the discussion in the previous edition. Your shared experiences and kind words of appreciation mean a lot to us. 🥰 In this issue, we’ll again examine phishing methods from a psychological perspective, exploring why they are so effective and how we can better protect ourselves. Phishing isn't just about dodgy links; it's about exploiting fundamental human tendencies. Scammers are master manipulators, playing on our emotions, our desire for efficiency, and even our inherent trust. When you understand the psychological levers they pull, you gain a powerful advantage in spotting and avoiding their traps. 🤓 If you missed the previous edition, you can find it [here]. As always, joining the discussion or solving the quiz will earn you a token of participation in the form of a unique badge on the forum. 🤠 Stay safe! The Psychology of Phishing The Lure of Urgency and Scarcity, aka Fear of Missing Out Phishers often create a sense of immediate crisis or limited-time opportunity (e.g., "Your account will be suspended in 24 hours!" or "Exclusive limited-time skin unlock!"). This triggers our primal fight-or-flight response, bypassing rational thought and pushing us to act without deliberation. The fear of loss (of access, of a rare item) is a powerful motivator. When you feel a sudden surge of urgency or excitement from an unexpected message, stop and take a deep breath. A legitimate service will rarely demand immediate action without prior warning. Verify independently through official channels, not by clicking links in the suspicious message. Authority Bias Humans are conditioned to respect and obey authority figures. Phishers expertly mimic legitimate sources like game developers, platform support, or even government agencies. The use of familiar logos, official-sounding language, and seemingly authentic sender addresses exploits our tendency to trust perceived authority without question. Never assume legitimacy based solely on appearance. Always cross-reference. If you receive an unexpected email from "EA Support," don't click a link in the email. Instead, open your browser and manually navigate to EA's official support website to log in or check your account. The "Intriguing Mystery" Phishing Our brains are wired to seek out novelty and resolve unknowns. Phishers exploit this by sending messages that pique our curiosity (e.g., "See who's talking about you!" or "Your private photo has been leaked!"). The desire to know, to uncover the "secret," overrides caution, leading us to click. Before clicking on anything that triggers intense curiosity, engage your critical thinking. Is this too good to be true? Does it make sense that I would receive this message? If it sounds sensational or unbelievable, it likely is. Reward Phishing We often feel a subconscious obligation to repay a favor or respond positively to someone who has given us something. Phishers leverage this by offering enticing "rewards," "freebies," or "exclusive access" (e.g., "Claim your free legendary loot box!"). The desire to accept the perceived gift can blind us to the underlying danger. While it's nice to receive gifts, be highly suspicious of unsolicited windfalls, especially those requiring you to click a link or provide personal information. Legitimate giveaways from reputable companies will always direct you to their official website or have a clear, secure claiming process. If you didn't enter a contest, you didn't win. The "Everyone is doing it" Phishing Humans are social creatures, and we often look to the actions of others to determine what is correct or safe. Phishers can create a false sense of social proof by impersonating friends, guildmates, or popular streamers, often sending messages like "Hey, check out this amazing new game!" or "I just got this awesome item using this link, you should too!" This can lead us to believe that if others are clicking, it must be safe. Even if a message appears to come from a trusted friend, consider the context and how they usually communicate. If it seems out of character, or if the link is suspicious, contact your friend through a separate, verified channel (e.g., a direct message on a platform you know is secure, or even a quick call) to confirm. Stay vigilant! Pause, verify, and think critically before clicking on unexpected links or acting on urgent messages—protect yourself from phishing scams! How to avoid phishing Online Security Newsletter - Feedback Form Online Security Newsletter - Challenge Creation Interest Form Online Security Newsletter - Volume 6 QuizEA Forums Online Security Newsletter - Volume 5
Welcome to all our readers - whether you're a long-time subscriber or joining us for the first time—for the latest edition of our newsletter! This month, we invite you to engage in a conversation about security, our featured topic, and much more. Each edition is an opportunity to share your security tips, experiences, or insights with us. In last month’s edition, we explored the critical topic of safe online transactions. With the summer promotions season fast approaching, now is the perfect time to refresh your knowledge or check out our tips if you haven’t already. We also introduced the latest updates to EA’s flagship anti-cheat system, EA Javelin. If you’re unfamiliar with EA Javelin, we encourage you to revisit last month’s newsletter to learn more. This month, we’re exploring the fascinating topic of passwords from a psychological perspective. Why do we choose certain passwords over others? What motivates our choices? And what strategies can help you create strong, secure passwords? You’ll find answers to these questions and more in the Security Focus section. As always, your participation in the newsletter—whether through comments, quizzes, or sharing your experiences—earns you a participation token: a unique badge on the forum. Don’t miss out! We would also like to highlight recent software blocks in EA Javelin. AntiCheatWard from EA's anti-cheat team shared that the Disc-Soft block was implemented due to cheat-like scripts circulating in the ReWASD community, which automate actions like recoil control and skill-based challenges in games. While EA Javelin Anticheat supports legitimate remapping tools like Steam Input and Microsoft's Keyboard Manager, Disc-Soft's attempts to bypass anti-cheat checks and its tolerance of these scripts led to blocking their virtual hardware and drivers. We encourage you to uninstall the software and provide feedback to the vendor, with hopes that changes in their practices could allow for more targeted blocks in the future. You'll find the link to the full article in the InfoHub Section. Stay safe! The Psychology of Password Creation In today's digital age, passwords are crucial for safeguarding our personal and professional information. Yet many people struggle with creating and remembering secure passwords. This challenge is deeply rooted in human psychology and impacts how we choose and manage our passwords. Cognitive Load and Memory It is human nature to simplify complex tasks, which leads to choosing passwords that are easy to remember. As a result, simple choices can be made, such as using sequential numbers, common words, or birthdays. These elements reduce cognitive load, but at the same time, they compromise security. Familiarity Bias People tend to choose passwords that are familiar or meaningful to them. It can be the names of loved ones, favourite sports teams, or phrases that are familiar to you. While these choices make passwords easier to remember, they also make them easier to guess. Risk Perception Many users underestimate the risk of cyber threats, believing that they are unlikely targets. This perception leads to less rigorous password practices, such as using the same password across multiple accounts or opting for simple, easily cracked passwords. The Role of Emotion Emotional attachment can play a significant role in password creation. People often choose passwords that evoke positive feelings or memories, which makes them easier to recall. However, emotional passwords can be predictable for anyone familiar with the user. Social Influence Social factors, such as advice from friends or media, can impact password choices. Recommendations to use complex passwords might be acknowledged but not always implemented due to the inconvenience of remembering them. Strategies for Improvement Use Passphrases Combining unrelated words into a passphrase increases complexity while remaining memorable. Leverage Mnemonics Creating a mnemonic device can help recall complex passwords. Employ Password Managers These tools reduce the burden of remembering multiple passwords while ensuring they are strong and unique. Periodic Password Updates Changing passwords can mitigate risks associated with compromised credentials. But don't make it a burden, as accourding to NIST research over complicating the password changing process might have opposite effect. Online Security Newsletter - Feedback Form Online Security Newsletter - Challenge Creation Interest Form EA Javelin Anticheat & Recent Software Blocks Online Security Newsletter - Volume 5 QuizEA Forums Online Security Newsletter - Volume 3
Hello everyone, 👋 Welcome to Volume 3 of the EA Forums Online Security Newsletter!🎉 Number 3 is special in the cybersecurity field, so we can treat this edition as quite special. Why is the number 3 special, you ask? There are many different approaches in cybersecurity that address fundamental aspects. Make your own research and let us know your findings!🧐 Speaking of fundamentals, last month we covered the basics of online safety. It’s a reminder not to overlook the most crucial aspects of your online life! If you missed Volume 2 or need a refresher, the link is here. This month we’ll cover the interesting topics of biometrics, passkeys, and the passwordless approach to online safety. As always, by interacting with the newsletter through participating in the quiz or sharing your experiences in the comments, you’ll receive a unique forum badge! Stay safe! What is biometrics? Biometric authentication uses your biological traits—fingerprint, face, or voice—to verify your identity. OK, and passkeys? Passkeys are cryptographic keys stored on your device, removing the need for traditional passwords entirely. Why should I care? Both biometrics and passkeys provide a seamless and secure way to log in, eliminating weak passwords susceptible to cracking, phishing risks, and brute force attacks. What are other benefits of biometrics and passkeys? First, there is no need to type your password anymore, nor use additional TFA. Another significant benefit is hardened phishing resistance. Even if someone gets hold of your password, they can't steal your fingerprint. Additionally, biometric data can't be guessed or cracked through brute force attacks. Alright, but what if someone gets my device? Biometric data is encrypted and stored securely on your device, not in a central database. Even if a hacker accesses your device, they won’t be able to extract your biometric information. Does my device keep a record of my fingerprint? Your device keeps a biometric value of your fingerprint, face, or voice, which is then encrypted. Your device does not store your actual fingerprint or photo of your face (apart from your photo reel). FIDO Alliance - industry standards for passwordless authentication NIST - Biometric security Electronic Frontier Foundation - Digital privacy Online Security Newsletter - Feedback Form Online Security Newsletter - Challange Creation Interest form Online Security Newsletter - Volume 3 QuizEA Forums Online Security Newsletter - Volume 2
Hey everyone, welcome to the second edition of our newsletter dedicated to online safety for gamers. Last month, we examined security measures designed to protect us from malicious programs that can appear when we are not careful when using our phones, tablets, and computers. We also looked at this topic from the perspective of protecting the youngest from the dangers lurking online. If you have not yet had time to read the previous edition, you can find the link here. In this edition, we want to remind you of the basic rules of security for your online account, which you use for games and more! As always, for participating in the newsletter, whether by sharing your experiences with us or by completing the quiz, you will receive a participation token - a unique badge on the forum. Stay safe! Basic rules of security for your online account. Strong, Unique Passwords Think of your password as the key to your digital vault. A strong password is long, complex, and unique. It should mix uppercase and lowercase letters, numbers, and symbols. Use hard-to-guess information instead of common choices such as "123456" or "password," and avoid words that are easy to guess, such as birthdays and names like "Daniel93." However, remembering numerous complex passwords can be daunting. You can store your passwords securely, and they'll fill in automatically with password managers. Using them, you can generate strong passwords and prevent using the same password twice. Two-Factor Authentication (TFA) Two-Factor Authentication adds an extra layer of security by requiring a second form of verification. Google Authenticator is a popular choice that generates time-based codes, ensuring only you can access your accounts. Google Authenticator and other apps now support seamless device integration and offer biometric options, making 2FA quicker and more secure. Guarding Against Phishing Phishing is a deceptive attempt to steal your data. Always verify the sender's email address and look for typos, grammatical errors, or suspicious links. Use multi-factor authentication for extra security. Keep software updated and employ strong, unique passwords. Be cautious with attachments and never share personal information. Trust your instincts; if it feels off, it probably is. Securing Your Email Your email is a gateway to many of your accounts. Enable two-factor authentication for your email, and regularly review your account activity. Use encryption tools for sensitive communications and be wary of unsolicited requests for personal information. Many companies partner to ensure the highest level of security. You can read about EA's cooperation with Google in our news section "Keeping your EA account safe by working with others." This partnership addresses cases where email accounts tied to EA Accounts were compromised, allowing attackers to take over the EA Account and other valuable internet accounts connected to that email. EA has been working closely with Google to address this quickly and safely through their Cross-Account Protection program. Google shared more about this partnership in a recent post here! How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Positive Play Charter Report cheating, harassment, and illegal content How to avoid phishing Online Security Newsletter - Feedback Form Online Security Newsletter - Challange Creation Interest form Online Security Newsletter - Volume 2 QuizEA Forums Online Security Newsletter - Volume 1
We're starting the year with a few changes to adapt to the transfer to the new forums. You'll notice a slight change in the naming of the newsletter and the badges. The newsletter will now be released in volumes every month. As usual - you can still receive badges for participating in volumes 1-12. I want to dedicate this month's subject to my nephew, who inspired me by asking some questions that intrigue him a lot—he just got his first PC and has many questions. So, let's start with the basics and answer one of his many questions: How do you download games safely? Let's consider why this is so important. Before diving into the world of games, everyone needs to download them first—and there's a right and wrong way to do this first step. The right way is safe for both the user and their device. Knowing a few simple rules can help us avoid problems and enjoy games stress-free. Those rules are especially crucial for young gamers and inexperienced parents, as it's easy to stumble upon unsafe sources or harmful apps. But I believe that even more experienced users can refresh or even update the "database". I'll share some tips and real-life examples that might be helpful. Don't forget to check them out and talk with your daughters, sons, nephews, nieces, grandparents, and parents. Okay, let's say it in a simple way: It will benefit everybody. How do you download games and applications safely? Download only from trusted sources Always download apps and games from official stores, such as Google Play, the App Store, or the Microsoft Store. Unknown sources may offer infected files that can harm your device. Check reviews and ratings Before downloading a new app, it's a good idea to read other users' reviews and check ratings. Apps with lots of positive reviews are usually more trustworthy. Beware of app permissions Before you install a new app, check what permissions are required. If a flashlight app wants access to your contacts and messages, it may be suspicious. Keep your apps and operating system up to date. Use antivirus software Installing antivirus software on your device can help detect and remove malware. Beware of "Cracked" versions Downloading “cracked” versions of games and applications is illegal and very risky. Such files often contain viruses and other malware. By following these tips, you can enjoy your favorite apps and games without worry! Stay safe and have fun! How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Positive Play Charter Report cheating, harassment, and illegal content How to avoid phishing Online Security Newsletter - Feedback Form Online Security Newsletter - Challange Creation Interest form Online Security Newsletter - Volume 1 QuizEA Forums Online Security Newsletter - December
Last time, we explored the rising issue of phishing during the holiday season. If you're not familiar with this or need a refresher, make sure to revisit our previous edition! This month, together with our co-host @EA_Kalina, we're excited to share how far our newsletter has reached over the past year. Your engagement has been key to this success, and we hope you'll keep joining us for future editions. Take a look at the infographic below for more details! As a usual token of appreciation for your participation, you'll receive a unique badge on the forum! @EA_Kalina As we head into the new year, we want to thank you for your engagement in this year’s newsletter series. Your participation and feedback had a direct impact on the security of our community. Here’s to the new year and the challenges it may bring! The new year often comes with resolutions, so we encourage you to consider making resolutions about your online safety as well. My New Year's resolution is to share knowledge about staying safe with young gamers who are just beginning their online adventures. Additionally, next year we'll provide more resources to help parents and guardians safely guide their children through the digital world. I hope you'll share your resolutions with us and, most importantly, that we all achieve them! Online Security - A Year in Review January - Secure Downloading Downloading from unverified resources can lead to the installation of trojan malware, which creates backdoors for attackers. This malware can compromise sensitive data and potentially allow control over your PC. Always download from secure, legitimate sources to protect your system. February - AI in social engineering AI is anticipated to enhance cybercriminals' abilities in social engineering, reconnaissance, and data exfiltration. Generative AI can craft more convincing interactions, making phishing attempts harder to detect. March - Passwords Use a memorable phrase turned into an acronym, incorporating at least 8 characters with a mix of uppercase, lowercase, numbers, and special characters to enhance security. This method helps create a robust password that's easier to remember. April - Stream(er) Safety Use Two-Factor Authentication or Multi-Factor Authentication and create strong, unique passwords. Establish separate accounts specifically for streaming to protect your personal information and adjust privacy settings on streaming platforms. May - Malware Signs of malware include slow performance, unexpected pop-ups, new browser toolbars or extensions, and system instability. These symptoms suggest malicious software might be consuming resources or altering settings. June - Account Security TFA provides an extra layer of security by requiring an additional code to protect your account even if someone knows your password. For enhanced security, it is recommended that you use an app authenticator. July - Online Communication Review and update your privacy settings to control what information is visible to others. This helps protect against spear phishing attacks, where attackers impersonate trustworthy entities to steal sensitive information. August - Securing your home network Default credentials are often printed on the device, making them easy targets for unauthorized access. Changing them to something more secure helps protect your network from intruders. September - Bots Use strong, unique passwords and enable Two-Factor Authentication. Guard your privacy by keeping personal information confidential. Download files only from trusted sources and regularly update your operating system and antivirus software. Keep your home network secure by updating your router's firmware, and stay alert to phishing attacks. October - Two-Factor Authentication Deep Dive Authenticator apps are more secure because they generate codes locally on your device, avoiding interception or SIM swapping risks. Codes are unique and time-based, changing every 30 seconds for extra protection. November - Phishing Deep Dive Enable Two-Factor Authentication (TFA) using an authenticator app. Verify links and sources by checking URLs carefully. Be skeptical of urgent requests and keep your software updated. Recognize red flags like spelling errors and generic greetings. Secure your email with strong passwords and TFA. Familiarize yourself with account recovery features. How to turn on EA Login Verification Where can I find my backup codes? How to update your EA Account Positive Play Charter Report cheating, harassment, and illegal content How to avoid phishing Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form EA Forums Online Security Newsletter - December QuizEA Forums Online Security Newsletter - November
Last month, we talked about the importance of setting up Two-Factor Authentication (TFA) to safeguard your gaming accounts, emphasizing the use of authenticator apps as the most secure option. If you missed it, here’s the short version: SMS-based TFA is good, but authenticator apps like Google Authenticator are significantly better. Why? They’re harder for attackers to intercept, and generally more reliable. If you want to check the full article have a look here. If you’ve already made this upgrade, congratulations - you’ve taken a significant step toward securing your gaming accounts! But even with TFA in place, you’re not invincible. One of the most persistent threats that gamers face, especially during the holiday season, is phishing. Phishing is a method bad actors use to trick you into giving away your personal information, like login credentials or payment details. During the holidays, phishing scams often ramp up as cybercriminals prey on the increased online activity. To illustrate the importance of staying vigilant, let's look at how EA is working with Google’s Cross-Account Protection program. This initiative helps prevent compromised email accounts from being used to take over gaming accounts. These efforts highlight the need for us, as players, to take an active role in defending ourselves. This month’s deep dive is here to arm you with knowledge about phishing scams specifically targeting gamers, including how these scams work and, more importantly, how you can outsmart them. As usual - for interacting with the newsletter, either by sharing your tips, experiences or checking yourself in the newsletter challenges will earn you a unique forum badge for your collection. If you have any feedback or want to design your own additional challenge, make sure to check the Feedback Hub and choose the correct form. Phishing Deep Dive What is Phishing? Phishing isn’t a one-size-fits-all attack. Phishing is a cyberattack where scammers pose as trustworthy entities to trick you into revealing sensitive information. This can take many forms (at least nineteen!), including fake emails, voice calls, misleading websites, malicious direct messages, or even impersonation in gaming chats. How Phishing works? Phishing attacks targeting gamers can take several forms. Attackers often send emails or messages claiming there's an issue with an account or an exclusive offer, leading users to a fake login page that mimics a trusted platform. Another tactic involves messages from "friends," whose accounts have been hacked, asking for assistance. Additionally, scammers may disguise links as offers for free in-game currency or access to special events. Advanced scammers are even using AI tools to craft more convincing phishing messages, mimicking the tone and typing style of the victim's friends. Where it can happen? Phishing attempts can occur across various channels commonly used by gamers. These include app-based chats like Steam and the EA app, native console chats, and mobile game chats. Discord, email, text messages and direct messages on the forums are also targets for these deceptive tactics. How to protect yourself from phishing? Enable Two-Factor Authentication (TFA): Use an authenticator app for added security. This ensures even if someone steals your password, they can’t log in without the second verification step. Verify links and sources Hover over links in emails or messages before clicking. Official gaming platforms usually have consistent, recognizable URLs (e.g., ea.com, not ea-support.xyz). Is e.ea.com an official email address? Yes, e.ea.com is an official EA email address. Because it leads with the subcategory, then ends with ea.com, we can tell it’s a legitimate address. Be sceptical of urgent requests: Scammers often use fear (e.g., "your account will be banned") or excitement (e.g., "exclusive offer!") to rush you into acting without thinking. Keep software updated: Ensure your games, devices, and antivirus software are up-to-date. Modern security measures can often block known phishing attempts. Recognize common red flags: Spelling errors, mismatched logos, or generic greetings like “Dear User” in emails are the giveaways. Secure your email: Since your email is the backbone of most gaming accounts, protect it with strong passwords, TFA, and regular scans for suspicious activity. Account recovery features: Familiarize yourself with recovery processes for your gaming accounts, such as backup codes or secondary email options. 19 Types Of Phishing Attacks Keeping your EA Account safe by partnering with others How to avoid phishing Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form EA Forums Online Security Newsletter - NovemberEA Forums Online Security Newsletter - October
Can you believe our newsletter has just hit its first anniversary? That's a significant milestone, and we are really grateful for each comment, tip, and experience shared! 🥳 During October, we've celebrated Cybersecurity Awareness Month by publishing four articles filled with tips for your online safety. Most importantly, there were several comments with additional tips from the community. Make sure to check them all out and put the tips into practice! Personal Security & Online Privacy Phishing & Social Engineering Threats Safe Downloads & Malware Protection Network & Streaming Security This month, our Security Focus will be a deep dive into Two-Factor Authentication (TFA). We'll cover crucial aspects to consider and share a few tips for enhancing your online safety. Additionally you'll learn what in-game benefits enabling TFA gives you in EA games! As always, participation in the newsletter - whether by commenting in the thread, sharing your tips and experiences, or solving the quiz- will earn you a unique forum badge for your collection. If you have any feedback or want to design your own additional challenge, make sure to check the Feedback Hub and choose the correct form. Two Factor Authentication Deep Dive What is TFA and why do I need it? TFA is a second layer of defence against account takeover. Even if a bad actor gets your login details, they won’t be able to access your account without a unique number you get via an authenticator app. Types of TFA There are several types of Two-Factor Authentication (TFA) available. Authenticator apps, such as Google Authenticator, Steam Guard, and Battle.net Authenticator, are highly recommended because they work offline and are more secure than text messages or email. For those seeking ultra security, hardware keys like YubiKey and Google Titan are available, though they might be overkill for casual gamers, they are a solid choice for competitive gamers or streamers. Lastly, SMS or email authentication can serve as a backup, but they are less secure compared to authenticator apps. Why use an Authenticator App over SMS/Email? App-based authentication offers significant security advantages over SMS and email. Unlike SMS, which can be intercepted or fall victim to SIM swapping, app-based codes are generated locally on your device, ensuring they are unique and time-based. This provides a faster and more secure login process, additionally, app codes change every 30 seconds, for additional phishing protection. Red Flags to watch For Be cautious if anyone asks to "borrow" your TFA device or requests to disable TFA for "troubleshooting" purposes. Additionally, be wary of suspicious TFA prompts when you're not actively logging in and be cautious of any "emergency" authentication bypasses. These can all be signs of potential security threats. General Tips for TFA First, make sure to enable TFA on all your gaming platforms. It's a good idea to use different TFA methods for various services to enhance your security. Always keep your authenticator apps updated, and try to avoid using the same device for both factors, such as a password manager and authenticator on the same phone. Never share your TFA codes, even with "support staff," as real support will only ask for a different verification code. Avoid disabling TFA for convenience and be cautious of fake authenticator apps. Recovery Methods Store your backup codes securely and away from your gaming PC. Consider printing them, writing them down, or using the secure notes feature in a password manager. Your gaming account is only as secure as its weakest link. TFA might seem like an extra step, but it’s worth the few seconds it takes to keep your accounts secure. What are the EA games benefits of turning on Login Verification? Gifting in Apex Legends If you want to send your friend a gift, you need to have Login Verification on. Check out our FAQ for more details on gifting. EA SPORTS FC™ Companion App To use the Companion App and manage your Ultimate Team™ on the go, your account needs to have Login Verification turned on. Learn how to access the EA SPORTS FC™ 25 Web and Companion Apps. Platform specific guides: EA app Steam Epic Games Battle.net PlayStation Network Microsoft Authenticator app Answers HQ Online Security Newsletter Feedback form (including Community Spotlight, and Q&A submissi... Answers HQ Online Security Newsletter - Challenge Creation Interest form EA Forums Online Security Newsletter - October
