Alex Garden, the General Manager of Xbox Live, responded to the bevy of Live account security issues that have arisen these past months largely thanks to an exploit in FIFA 12. “While we here at Xbox have no evidence of a security breach in the Xbox LIVE service,” said Garden, “that is of little comfort to our members whose accounts have been compromised by malicious and illegal attacks.” By directly addressing the problem Garden took a decidedly different approach than Microsoft employed when they silently updated XBL security last month.
As is always the case when a company broaches the topic of cyber threats, Garden made mention of the fact that the war against hackers is a never-ending one and that constant upgrades by Microsoft are a necessity. He also reported that malicious software on users’ PCs, the use of the same login/password across multiple sites/services, phishing scams and social engineering (leading to password guessing) are the top security threats.
Continuing, the Live boss emphasized the importance of users protecting themselves against online perils. He recommended that all users change their passwords frequently, be mindful of where they log-in to services at and add extra precautionary measures such as security questions.
Although Garden cited the need to purposefully hold most security secrets close to the chest, he did make direct mention of a few protective elements. He said that “password-attempt throttling, CAPTCHA (an industry-standard anti-scripting measure designed so that an actual human needs to answer the challenge), strong proofs (trusted PC, pin sent to cell phone, secondary e-mail and security questions), and account lockout for multiple failed attempts and compromised accounts, which we investigate and recover to the rightful owner,” are some of the tools used to keep XBL users safe.
Closing on a bright note, Garden mentioned that Xbox gamers who do end up being victimized by hackers can now expect to have Microsoft investigate and return their accounts in three days or less. Furthermore, those who heed Garden’s advice and bolster their account’s defenses can expect turnaround times to clock in at under 24 hours. Head on over to the company’s security page if you’re interested in finding out what else you can do to protect yourself from unauthorized account access.
Source: Major Nelson