Is Valve responsible for creating a more secure network?
Steam guard is a joke. Dunno how many times I've been on the browser, it's forwarded me to steam guard but when i log in on my phone it also asks for a steam guard code...
Comment has been collapsed.
Yeah but how can it ask for a code when you log in via your mobile when the only way of getting the code is being logged into your mobile? Pretty silly tbh haha.
I should note, when i mean log in via mobile, i mean the actual app itself, not the phone's browser.
Comment has been collapsed.
That can't be right.
If I login on my Firefox browser and approve it, close the browser, and then later open it again to use Steam, it should just login.
There's no need to authenticate again, I didn't restart, my IP remained the same, etc. etc.
Just a little overkill.
Comment has been collapsed.
Closing the browser ends the session, which also counts as logging out. If you would remain logged in, that'd mean your entire login info is saved in a cookie, which is about as secure as storing your bank card pin on a post-it in your wallet.
Comment has been collapsed.
Remember me mostly saves your login name in a cookie or uses the browser's password manager to save your login data. The first one is more or less harmless (there are exploits for knowing the login name of someone, but it is usually super easy to figure out). The second one is as safe as much you trust the browser. Firefox used to store these in a plain text file… Now they have some encryption, but I'd rather put my trust in a free password manager like LastPass. Won't solve the authenticator hassle, of course, but at least it also decreases the actual security risks.
Comment has been collapsed.
Yep, this is why I stick to my LastPass. Sites are waaaaaaaaaaaaaaaaaaaaaay too easygoing on storing user login data. I just pray they have bought some pre-made software package when it comes to storing payment data, although if Sony had these in simple CSV files so any hacker could steal them (which they did… twice…), then what about the poorer, smaller ones? -.-
Comment has been collapsed.
I haven't thought much of cookies and saving passwords online until today really.
Looking at LastPass, how is it different in the end? Yes it secures your Master key and other saved keys more securely, but once it's autofilled onto the site in your browser, then those logins still create unsecured cookies, etc. as we've discussed.
Or is it more complicated than that?
Comment has been collapsed.
It cannot eliminate the cookie problem, but on the other hand, I cannot recall a site from the past 3-4 years that did this to me. LastPass makes sure that your passwords on the sites cannot be stored on the browser itself, and by auto-filling them from a secured vault, you can also use as long ones as you want (many of my passwords are 100-character long gibberish), because the longer the password, the more impossible to crack it.
Think of it as a good service to let you finally stop using that same three passwords everywhere, so even if one gets compromised, no other will be. You just have to remember two: the one for Lastpass and the one for your email.
Comment has been collapsed.
Just saw something very weird. Steam key I recently received started with RE5ET-PW... Didn't notice till after activated (activated fine btw) but no way that's just coincidence so keeping close eye on my account.. Thought keys were created randomly.
Anyway reading that article it sounds more like there's insecurity in way steam authenticates session if it can be copied/fooled seeming easily :-/
"... locates the specific Steam KeyValue file that contains user credentials, as well as the information that maintains a user’s session. When cybercriminals have obtained this information, they can control the user’s account."
Yes Valve should do what it can (& sounds like could do more) to reduce fraud and scams but also try to do it without creating more inconvenience for the users or blanket pass the blame onto them.
Comment has been collapsed.
Yeah, it should be more random than that, unless it comes from a specific group of keys for some event, etc. Don't know myself.
It's a bit tricky to store cached info of your Steam login in the browser or on your PC...and should definitely not be able to be used to login from another PC. That just screams unsecured credentials.
Comment has been collapsed.
Is Valve responsible for creating a more secure network?
No. It is a user's responsibility to don't click some random suspicious link like an idiot. No matter how much security Valve implement, people will always find a way to do silly things which will make them lose their account.
As seen by recent changes that Valve have made in a futile attempt at reducing security issues, the more security they add, the more Steam becomes a frustrating and complicated platform to enjoy, filled with community-breaking obstacle, especially for anyone who doesn't own a mobile.
So my take on this? Steam users should be responsible for their own actions. Security should be optional, like Steam Guard before they implemented that mobile bullshit. Disagree if you want, it won't change my view on the situation. :P
Comment has been collapsed.
No need to challenge me accepting your opinion, it's yours, whether I agree or not.
But yes, I do agree with some of your comments there in the end.
Surely, though, you can't use words like "doesn't own a mobile". :D
Anyone owning a PC using Steam should have a mobile, maybe not a smartphone.
Comment has been collapsed.
Not everyone can afford/care to carry a mobile at all times. This is one thing Valve fails to realize - it isn't that some people don't want to use mobile auth, it's that some people can't use it.
Comment has been collapsed.
That's a rather silly assumption from Valve, but then again people rarely believe me when I say that I barely ever spent money on buying games.
Comment has been collapsed.
People click on random links. This is Virtual Protection 101. People are stupid, they'll get bit one way or another. Steam has to increase protection, but not this way. A lot of people don't have smartphones that can run the Steam app. I even heard that they'll be moving to IOS 7 soon, a.k.a. Anything below the 4th gen I-Devices will not really run it. People will have to wait for 15(!) days for trades to be completed... no matter how insignificant the trades might be.
Stupid people shouldn't be coddled up like: "Oh dearie, did you not have the common sense of clicking a single button? Well, let's mess with everyone's experience to make sure that a shitstain like you could have a safe experience."
This isn't the freaking Disney website. There are age limits to use the site. If you're older than the limit, then you should have the brain function of one too.
The security measures should be voluntary. The whales that use this site are not the ones being this dumb.
Comment has been collapsed.
True, but I imagine it could be a little more secure when it comes to links knowing you have noobs out there.
Perhaps an opt in from the settings to access outgoing links, or warning you before it's opened after you've clicked it.
But yes, users should be a lot more responsible.
Comment has been collapsed.
I like how the people like to complain that they don't have money for a smartphone that can run steam mobile .. But to buy games on steam you have money ? you can buy a old cheap mobile phone with android for only 10$ .. i live in a poor country .. the average salary here is about 250$ a month .. but even old 70 years old lady's have smartphone's .. so stop complaining about steam authenitificathor .. sry about my bad english ;)
LE: To be more specific .. The steam auth .. was implemented for your own saftey .. steam dosent's need you number to send you mesages or call you ..
Comment has been collapsed.
I only bought one phone off contract, my Nexus 4.
Was such an awesome phone, and even used it as a second phone when I upgraded.
Sadly, though, I dropped it one day after football game (soccer), and that was the end.
I'm sure just the glass needs replacing, since it looks fine underneath, but not sure I want to pay for that.
Comment has been collapsed.
I'm on a Note 4 now since it was launched, and haven't had an itch to change it since.
I've been to many new device launches, including last week's S7 release, and the only thing I wanted there was the VR.
My phone will stay with me for the next while at least.
Comment has been collapsed.
That's very true. But it's not a case with all users...many are kids and get the games bought for them an activated and they don't know how to do anything besides play games, even before owning a mobile.
But then it's the responsibility of the parent in that case.
$10 here won't get any Android smartphone from the past 3 or 4 years, but maybe 30 or 40.
Comment has been collapsed.
As far as I know, steam already implemented a function that will replace any suspicious link parsed through Steam chat with {LINK REMOVED}. It also warns you if the link is valid that you are leaving the Steam community and they are not responsible for any consequences. Therefore, it's the users' fault to fall into a fraud. It's so simple to tell someone is trying to scam you or try to steal your account.
Comment has been collapsed.
I've seen the notification that you're leaving Steam only when viewing threads and pages, but not from Friends chat interestingly.
Haven't yet seen the LINK REMOVED part, but haven't had a "friend" with a private account sending me links in ages.
Think a few times those guys were winners of my GA on SG, which was annoying.
Comment has been collapsed.
I agree with the person that said stupid people and children are the likely culprits of getting accounts and or items jacked. I don't know how many times I've read or heard about a kid that was tricked by some person that changed their name and picture to one of their friends and got an item from them.
Comment has been collapsed.
I find it strange that they'll be allowed to add friends, access links, etc. if they are kids.
Their parents should disable such features using the new Family friendly secure thing.
I wouldn't let my kid (one day) get anywhere near anything of mine that links to any payment methods...that's just bad parenting. ;)
Comment has been collapsed.
I won't tell.
Someone once sent me a link and claimed that if I enter my steam account name and my password and choose a game, I will receive it as a gift. It did not work, then he said try to put your e-mail information. Please don't laugh, it was nearly 6 years ago :/
Comment has been collapsed.
LoL , i never believed BS like that , even when i was a kid im probably still considered a kid
Comment has been collapsed.
that 77k is down from a far higher number - and Valve can't secure against stupid. With the 2part authentication and the fact people not on your friends list can't even talk to you outside of group chat, accepting a random is just stupid, even if it's just for trade - the trade links take care of that.
Comment has been collapsed.
I'm not sure what the stats were if you say this is lower now.
But yeah, can't secure against stupid.
Think some of the issues here are people's needs to feel part of a community and the need to belong, so accepting friends to them feels like they're growing their social base. (My assumptions only). Clicking on the links are just stupid after that.
Comment has been collapsed.
I was mainly referring to random adds , not people you make friends with in the forums and group chats.
Comment has been collapsed.
"[The] most targeted game is Counter-Strike: Global Offensive, while Kaspersky Lab says that most of the cyber-gangs behind these malware families are of Eastern European origin, mostly Russian."
Comment has been collapsed.
The steam forum was riddled with threads asking for help in retrieving stolen accounts before the steam guard. Every 1 of 3 threads was an account-got-stolen thread. Now people are not happy with the steam guard; I am not lying that the steam guard is not totally perfect, but it is better than just a simple email guard.
Comment has been collapsed.
It appears that it has been a lot more effected, although annoying, than people have expected.
Perhaps over time they can still streamline it a bit more, but, then again, this is Valve.
At least with a chance of less fraud, it should work itself out, and people will become accustomed to doing things that way.
Comment has been collapsed.
12 Comments - Last post 48 minutes ago by Nudiustertian
6 Comments - Last post 55 minutes ago by Chris76de
665 Comments - Last post 57 minutes ago by Lessmessino
19 Comments - Last post 1 hour ago by TOTOIONO
27 Comments - Last post 11 hours ago by PhilBlank
66 Comments - Last post 11 hours ago by DeltaBladeX
25 Comments - Last post 12 hours ago by Mayanaise
230 Comments - Last post 7 minutes ago by acon471
27 Comments - Last post 26 minutes ago by DanielStoSve
8 Comments - Last post 27 minutes ago by philipdick
58 Comments - Last post 44 minutes ago by q0500
90 Comments - Last post 1 hour ago by Almostn33t
165 Comments - Last post 1 hour ago by hyrokey
1,276 Comments - Last post 1 hour ago by wigglenose
While I'm sure many people are aware of people's accounts being hacked, and even getting invites from anonymous, private accounts that claim to be someone random you may know and forwards you some link based on a false story of some sort.
But, what shocked me was the fact that 77,000 accounts are hacked on a monthly basis.
Here's an article from Kaspersky on some of the stats: Steam Stealers Target Thousands of Gamer Accounts
That's an insanely large amount of accounts on a regular basis, maybe a few repeat victims, but still large.
It makes more sense to me that Valve are pushing the whole Steam Guard confirmations now, although not carried out in the most ideal manner.
What are your thoughts on this, and whether Valve has the responsibility to do more to combat such high levels of fraud?
Edit: Can't edit the Poll typo. ( ͠°_ °)
Edit: More info from batler0...All your creds are belong to us
Comment has been collapsed.