Last updated: 21 March 2014
My final installment in this series features the security of a player’s online persona or assets. If you’ve ever played a game that involves accomplishments or accumulating items, you know how much you care about this layer of security. No one wants to wake up one morning, log in to World of Warcraft and find all of his precious epics disenchanted. Some games have better customer service than others, but correcting the problem after the fact still exposes a player to the denial, rage, and desperation stages of loss. Furthermore, in business models that function based on recurring revenue, churn should be avoided. Subscription fluctuations outside of the norm may result in lower stock valuations and strained cash flow.
There have been some well-documented advances in the account protection space over the past couple of years, and because these layers of security are customer facing I can actually observe the actions taken by different companies. Two examples worth noting are Blizzard and Steam. Blizzard has an entire section of their battle.net portal dedicated to security. They discuss best practices, provide a list of steps to take after your account gets hacked, and even offer an option to enable multifactor authentication. They also employ a specific team of resources dedicated to monitoring threats. Steam has also opted for a multifactor option in the form of its Steam Guard service. Unlike Blizzard’s system, Steam Guard uses your email instead of a second device.
There is a way to help game developers implement account security. Given the timelines and resources required to produce a game, I believe we can add tangible value to game developers by letting them focus development resources on game content instead of access and login mechanics. Our solution offloads some of the development effort by providing a battle-tested authentication engine compatible with a variety of devices and form factors. Gemalto also substantially lowers the upfront investment and ongoing inventory costs associated with device/token management. I like to think of it as an application of the specialization of resources.