Security
Headlines
HeadlinesLatestCVEs

Headline

Epic Games introduces safer accounts for kids

Categories: Articles Tags: Epic Games

Tags: gaming

Tags: video games

Tags: child safety

Tags: children

Tags: kids

Tags: account

Tags: security

Tags: privacy

Tags: safety

Tags: consent

The people behind Fortnite and Rocket League are trying to make online gaming safer for kids with Cabined Accounts.

(Read more…)

The post Epic Games introduces safer accounts for kids appeared first on Malwarebytes Labs.

Malwarebytes
#web#git#auth

Epic have made some alterations to how accounts for kids work, with multiple features disabled for what are now known as “Cabined Accounts”.

If your children are big fans of Epic games like Fortnite and Rocket League, you may well have worried about their gaming interactions with other players at some point. There’s many risks from voice chat, text chat, random downloads from external sources, trading and much more. Scammers will happily target younger gamers, hoping their naivety will leave them vulnerable to bad passwords, password reuse, social engineering tricks, or the promise of free gifts and rewards.

Games consoles have some incredibly granular controls for child safety, and you can almost always guarantee that there’s a setting just right for your needs on PS4/5 or Xbox. Where PCs are concerned, that has not always been the case.

Into the gaming cabin

If someone signs up for an Epic account and they’ve indicated that they’re under 13 years of age—to the cabin they go. The account will remain this way until the child hits 13 or reaches the “age of digital consent” in their region. These are the features you can expect to have turned off with a cabined account:

  • Communicating with other players using voice chat or free text chat
  • Purchasing items with money
  • Downloading games that are not owned by Epic
  • Recommendations based on past activity
  • Email marketing or push notifications
  • Trades in Rocket League
  • Sign in with Epic, including linking accounts to certain external services, such as social media websites or video streaming applications
  • Custom display names
  • SMS-based two-factor authentication (2FA)

As you may have noticed, it’s a combination of external factors (random people sending your child not very nice messages) and Epic’s own internal features and functionality (recommendations of games, email marketing, in game trading).

If your child had some sort of monthly subscription, it’s now cancelled and will remain that way until the parent gives permission. Was their Epic account linked to social media services, but now isn’t? Same deal. Did they enjoy the news / forum / marketplace tab inside the Epic game launcher? You’ll never guess what’s happened there too!

With all of these options and features, parental permission is now key. The child now has to navigate to the “Request Parental Permission” tab inside the Epic account portal. This will enable the child to have an email sent to the parent regarding consent and what steps to take next.

Restrictions, restrictions

You may think these accounts are severely restricted in comparison to regular accounts, and you’d be right. In most cases, someone under the age of 13 probably doesn’t need to be making trades with strangers, or talking to random people in game sessions. If the account is on a monthly subscription of some sort, the person paying is almost certainly the parent or guardian in any case, so this is just making the whole process a little more formal.

As has been noted, children can and will lie about their age when signing up to a product or service. For the moment, all pre-existing accounts have been snatched up and dropped into the cabin.

I am who I say I am

Could other aspects of the sign up process for a new account potentially be abused too? Perhaps, but it seems like it’d be tricky for a youngster to get around the current process. Sure, they could enter a fake email under their own control and pretend to be their own parent. However, look at the process they’d need to bypass:

When entering your age as being lower than 13 at sign up, the Epic site displays the following message:

Enter a parent or guardian email address

Some features are unavailable until your parent or guardian gives you permission to use them. We’ll send them an email to let them know about your account and how to give you permission.

“Well, that won’t stop me from entering a fake parent email address”, a child might think. Sadly for the child, everyone involved in the process has already thought of this and inserted some verification into the mix. Depending on country, the parent or guardian will need to come up with at least one of the below:

  • Credit or Debit Card (available globally)
  • Social Security Number (available only in the US)
  • CPF Number (available only in Brazil)
  • CURP (available only in Mexico)
  • ID Scan (available outside the US and South Korea)
  • Face Scan (available outside the US and South Korea)

If none of the verification methods work, support can be asked for an alternative solution.

A little bit safer in gaming land

The registered adult can enable most of the “cabined” features, and also possesses the ability to revoke or even delete the child’s account outright. While none of this is guaranteed to keep children from potential harm when playing games online, it’s one of the more comprehensive attempts in PC gaming land. While modern generation consoles retain the crown for walled garden customised child safety controls, it’s nice to see PC platforms moving in the same direction.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Malwarebytes: Latest News

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more