| Miguel_Zorro said: I work in Fraud prevention. Sending an email to the old email address when the email address on an account is changed is standard industry practice. As for how people hack accounts, it's incredible how often people successfully gain account credentials. |
Yeah but simply sending an email is not enough, you guys need to send said mail with a code in it or a link for activation, in other words if a hacker steals your account and tries to create a new password or tries to link your account to HIS/HER email address, you security guys should send the victim an email with mandatory confirmation through a link or code so that the hacker CANNOT change your password or add a new email without access to your old email account. He'd have to hack both your PSN (or any other service) AND your email at the same time which would be extremely hard.
Also about the PSN, the two steps check is fine as an extra precaution but you also have an option to add a security question which is STUPID and pointless cause if your account gets hacked and the hacker tries to change your password and even if he's asked a security question, all he has to do is change the security question to whatever he wants, I looked it up and once you are in your account, your security question can be changed without any further protection to it thus rendering it pointless. AGAIN a security question could very simply be effective if you were sent an email to your email address with an activation code, making it AGAIN impossible for a hacker to change your security question UNLESS he has access to your email TOO...
How can security systems not include such simple yet effective steps is beyond me.
