Identity for Security

A Player has no name - Account Security and Reputation of Player with Minimal Information

Wednesday, June 23
11:00am - 11:25am MDT

Unlike banking and finance, video game identity systems do not have the luxury of asking for exhaustive identity information upfront. As a player who has invested hours/weeks/months of the gameplay experience and spent hundreds or thousands of dollars in-game, I would argue that gaming identity is more valuable than its counterpart for the user. In the dark web, the value of Fortnite game account credentials is more than Netflix, Facebook, and even Apple!

In this session, we will look into what common mechanisms are used by bad actors to steal accounts(account peeking, ATO, BOT activity to harvest sleeper accounts etc), what mechanisms are used to prevent these attacks, how minimal information accounts can be protected? How the gaming industry incentivizes and provides mechanisms for players and game-changers/YouTubers to additionally protect the account using MFA etc.

We will also look into what workflows are used to preemptively protect accounts, lock accounts, and the use of machine learning signals that determine potentially compromised accounts. In many instances, the player doesn't even know the account is taken over.