Yeah, I had the same reaction, but I waved it aside so as to see what advice he actually had to give. I cannot blame you for not wanting to deal with it, though.
Comment has been collapsed.
I actually watched it now just to see if he says anything not "internet common sense". But all he says it's stuff anyone that uses the internet knows or should know.
Not trying to say that I'm above all people and people that fall for scams are idiots. I just don't find any of that information useful for MYSELF. BUT it Is probably useful for someone, like young people starting on the internets ou people staring on the trading items bussiness.
But as a begginer point of view... I thought the video could use some more polishing and a little less confusion on some explanations.
He does a good job, not a great one! And those burbs make me close the video... But are probably funny for the kids, and that's his target, so... Can't blame him for doing that.
Comment has been collapsed.
For me, the info about how to tell whether or not a website is "reputable" or not was new, as was the info about the iCloud hack.
Comment has been collapsed.
#1 Never log in after following a link. Always go directly to the site and log in, then follow the link.
#2 Use a password manager with a strong main password and generated passwords for each individual site.
#3 Never install/run anything from a unreputable source. Do not follow links go directly to the source.
Didn't watch the video as it's 16 minutes and annoying but following the above 2 rules should prevent all of these kinds of scams.
Comment has been collapsed.
Well, it seems most users can't read, so maybe at least they can watch a video.Worth a try.
Comment has been collapsed.
The API key just allows it to log in without another 2FA code.
This part is not true. You can't log in with api key. API key is.. well, as name suggest, it's a key that allows to use steam web API. It allows to send/receive trades for example, perform some other actions, obtain some data about account. That's actually why ASF uses it, to perform some of it's tasks.
Comment has been collapsed.
ASF activates it automatically, but I don't know if it does it on first demand or just everytime. Anyway, there is nothing wrong in having API key, if it was a vulnerability by itself - it would not be there in the first place. As long as nobody but you has access to it - you are safe (and if it's used by ASF - it's still used by you, ASF is just a tool you use.)
Comment has been collapsed.
That's old screenshot. Current versions of ASF actually generate keys as generated.by.archisteamfarm.localhost, exactly for this reason.
This still doesn't mean that a code generated by ASF can't be hijacked by a scammer and used for malicious purposes. If there was a way to generate API key and save it for ASF usage only WITHOUT outright giving it on the website for everybody to see, I'd be the first one to make use of such functionality. There is no such thing sadly.
Having API key generated is not anything to worry about. Giving other people access to it, is. If somebody suspects that his account has been hijacked, he should change his password, deauthorize all other devices from his account, and then revoke his previously generated API key, in this order. Any properly written tool (such as ASF) will just generate a new one for usage in this case, which is like I initially said, entirely normal and not a security risk. It's just yet another way to access Steam account - if hijacker has access to view your API key, then by definition he has access to generate new one and keep using it, and if he has no access to your account, then there is no way how he can use API key after you revoke it, provided that he saw it before, because if he didn't have access to your account at all, then there is no way how he could write it down.
Revoking API key is one of the 3 things you should do after getting hijacked. You can revoke it anytime you wish, but unless nothing really needs it, a new key will pop up soon enough generated by a tool that will require it (such as ASF). Being paranoid about API keys doesn't help, it's enough to treat it as yet another password to access limited, yet powerful things to do with your account. If your password is compromised, you change it, same for API key.
Comment has been collapsed.
80 Comments - Last post 2 seconds ago by romana1994
424 Comments - Last post 27 seconds ago by Wok
212 Comments - Last post 2 hours ago by DVDVD
372 Comments - Last post 2 hours ago by CeleryMan727
115 Comments - Last post 2 hours ago by CeleryMan727
20 Comments - Last post 2 hours ago by Gamy7
60 Comments - Last post 6 hours ago by Microfish
59 Comments - Last post 1 second ago by AmanoTC
625 Comments - Last post 4 minutes ago by Wolfborn8
2,392 Comments - Last post 14 minutes ago by Pauaqq
132 Comments - Last post 40 minutes ago by Peiperissimus
15,154 Comments - Last post 57 minutes ago by Belmasv
803 Comments - Last post 1 hour ago by philipdick
207 Comments - Last post 1 hour ago by JustMax
I just bumped into this video on YouTube, today. It actually has some useful information, so I thought I would pass it on. It does contain some gratuitous self-promotion, but you can simply discard that and just take the benefit of protecting yourself from scammers. Hopefully, this will help those of us who are unfamiliar with these types of scams.
How to Not Get Scammed
Comment has been collapsed.