You can now use two-factor authentication to secure your Nintendo account

Photo by Tomohiro Ohsumi/Getty Images

Nintendo is adding a new layer of security to its online accounts: users can now enable two-factor authentication to prevent unauthorized access.

To enable the authentication method, users are prompted to download Google Authenticator, which will provide them with a code when logging in.

The move is long overdue. Sony implemented two-factor authentication last year after a number of hacks that compromised user details, while other companies such as Steam and Microsoft have utilized the system for years.

Two-factor authentication is an extra layer of security for online accounts, which verifies a login attempt with a phone or an e-mail. It’s not foolproof, but it does help add some additional protection. Here’s how to add it to your other devices.


I’m confused… Did you not just tell us NOT to?

Good question – that article is an example of implementing two-factor authentication with a bad method (SMS). SMS is a terrible way of doing two-factor auth, which that article nicely details.

Nintendo implemented their two-factor auth properly. When you turn it on, a "secret" seed is generated and given to you via a QR code, which is stored & locked away on your phone using an authenticator app. The app will generate a string of numbers based on the current time, which is synced on Nintendo’s servers, so if you can produce the same numbers (based on the seed that only YOU know) you can pass the 2nd factor check.

The awesome thing about this is that the secret is only stored on your device (or encrypted and synced in the cloud if you use an app like Authy), which is entirely under your control. SMS-based authentication removed that control & requires your second factor to go over a completely insecure network, could be accessed on another device (iMessage, someone steals your SIM card, logging into your carrier’s site and viewing SMS messages, etc. etc.)

I cannot stress enough how you should be using time-based secrets for generating two-factor codes with your online accounts – never use SMS if you can avoid it (and companies that only offer SMS need to really step up their game).

To enable the authentication method, users are prompted to download Google Authenticator, which will provide them with a code when logging in.

That article talks about SMS two factor auth, Google Authenticator and similar are really secure and is what should be used.

On the other hand Twitter 2factor uses SMS so its a big no.

Why not introduce a 2-step authentication Amiibo option? Scan your personal Amiibo and you in.

This too probably has issues apart from the obvious one (losing your Amiibo/selling it)

That would actually be dope as heck.

Oh look yes indeed need to sign into Nintendo using google account, I guess that is indeed 2FA.
Looks like this will be useful for folks with Google IDs

Actually, you don’t need one (you don’t even need to use the "Google Authenticator" app they suggest, which doesn’t require a Google account anyway.)

Any app using the TOTP RFC 6238 standard will work (Authy and the open source FreeOTP are popular alternatives, and LastPass makes one as well.) It just doesn’t roll off the tongue as easily, I guess.

So this is going to stop hackers??? lmao.

I’ve tried to set it up, but it doesn’t seem to be working for me.

View All Comments
Back to top ↑