Все обсуждения > Форумы Steam > Steam Discussions > Подробности темы
AzKat 🐔 2 мар. 2019 г. в 11:22
Is it possible for a phishing website to remove or change your 2FA / email / password from your account?
I'm currently talking with another user who had this happen to him, and English not being his first language it's kind of hard communicating with him.

I've already instructed him to create a steam support ticket, but while he waits for the reply from steam support (he doesn't have access to his account anymore) I'm trying to see if there's anything I can help him with.


So, long story short, I want to know if it's possible for someone to remove your 2FA authenticator, change your email and your password, without your consent.
Автор обсуждения пометил сообщение как ответ на свой вопрос.
Нажмите сюда, чтобы перейти к сообщению.
Автор сообщения: cSg|mc-Hotsauce:
If the hijacker has sufficient proof of ownership to contest the ownership of the account, yes.

But that means they must have plenty and more proof than the true owner.

If it is contested too many times, support will lock it up so no user can regain access.

:qr:
< >
Сообщения 115 из 29
Kaladin 2 мар. 2019 г. в 11:24 
Yes it is, happened to me few weeks ago just from clicking a single link.
#1
Theblaze 2 мар. 2019 г. в 11:25 
Автор сообщения: AzKat
[...] So, long story short, I want to know if it's possible for someone to remove your 2FA authenticator, change your email and your password, without your consent.

Without your consent?, no.

People have to share their authentification code to a phishing site using a fake steam login for that to happen.
#2
cSg|mc-Hotsauce 2 мар. 2019 г. в 11:26 
Have you read through Vaulty's scam guide?

You should.

:qr:
#3
AzKat 🐔 2 мар. 2019 г. в 11:27 
Автор сообщения: Theblaze
Автор сообщения: AzKat
[...] So, long story short, I want to know if it's possible for someone to remove your 2FA authenticator, change your email and your password, without your consent.

Without your consent?, no.

People have to share their authentification code to a phishing site using a fake steam login for that to happen.

Yes, but if they share their 2FA only, not their backup code, is it possible to remove the 2FA?

Автор сообщения: cSg|mc-Hotsauce
Have you read through Vaulty's scam guide?

You should.

:qr:

Do you know the answer? If you do, let me know, if you don't, thanks anyway.
Отредактировано AzKat 🐔; 2 мар. 2019 г. в 11:27
#4
cSg|mc-Hotsauce 2 мар. 2019 г. в 11:30 
It does not matter if they share the backup codes as the hijacker can just create new ones after the user gives away all his info to the fake login screen.

Go to "Fake Steam login sites!"

https://steamcommunity.com/sharedfiles/filedetails/?id=784477482

:qr:
#5
AzKat 🐔 2 мар. 2019 г. в 11:32 
Автор сообщения: cSg|mc-Hotsauce
It does not matter if they share the backup codes as the hijacker can just create new ones after the user gives away all his info to the fake login screen.

Go to "Fake Steam login sites!"

https://steamcommunity.com/sharedfiles/filedetails/?id=784477482

:qr:

But can he "remove" the original owner's access to the account? As in, he doesn't have the code generator itself, he just has 1 code which he uses over and over to access the account right?

Or is using a "one time passcode" a way to take over an account?
#6
cSg|mc-Hotsauce 2 мар. 2019 г. в 11:35 
The hijacker could also deauthorize all devices before the account owner can do anything, yes.

:qr:
#7
Count_Dandyman 2 мар. 2019 г. в 11:35 
Автор сообщения: AzKat
Автор сообщения: cSg|mc-Hotsauce
It does not matter if they share the backup codes as the hijacker can just create new ones after the user gives away all his info to the fake login screen.

Go to "Fake Steam login sites!"

https://steamcommunity.com/sharedfiles/filedetails/?id=784477482

:qr:

But can he "remove" the original owner's access to the account? As in, he doesn't have the code generator itself, he just has 1 code which he uses over and over to access the account right?

Or is using a "one time passcode" a way to take over an account?
Instead of trying to get details about how exactly it is done which is info somebody planning to start doing it would want instead focus on avoiding giving them any access to your account at all.
#8
AzKat 🐔 2 мар. 2019 г. в 11:38 
Автор сообщения: Count_Dandyman
Автор сообщения: AzKat

But can he "remove" the original owner's access to the account? As in, he doesn't have the code generator itself, he just has 1 code which he uses over and over to access the account right?

Or is using a "one time passcode" a way to take over an account?
Instead of trying to get details about how exactly it is done which is info somebody planning to start doing it would want instead focus on avoiding giving them any access to your account at all.

it's not my account, I've never fallen for this, that's why I ask about this.
#9
Count_Dandyman 2 мар. 2019 г. в 11:42 
Автор сообщения: AzKat
Автор сообщения: Count_Dandyman
Instead of trying to get details about how exactly it is done which is info somebody planning to start doing it would want instead focus on avoiding giving them any access to your account at all.

it's not my account, I've never fallen for this, that's why I ask about this.
That doesn't change anything about what I said you don't need exact details and giving them out would just increase the number of people with the knowledge of how to do it all that is needed is the knowledge to prevent it which is not opening the door for them in the first place.
#10
AzKat 🐔 2 мар. 2019 г. в 11:44 
Автор сообщения: Count_Dandyman
Автор сообщения: AzKat

it's not my account, I've never fallen for this, that's why I ask about this.
That doesn't change anything about what I said you don't need exact details and giving them out would just increase the number of people with the knowledge of how to do it all that is needed is the knowledge to prevent it which is not opening the door for them in the first place.

Right, so the guy I'm trying to help right now doesn't matter right?
#11
cinedine 2 мар. 2019 г. в 11:45 
Автор сообщения: Theblaze
Without your consent?, no.

People have to share their authentification code to a phishing site using a fake steam login for that to happen.

If you are tricked into giving something away, it's not exactly with consent.
#12
Count_Dandyman 2 мар. 2019 г. в 11:47 
Автор сообщения: AzKat
Автор сообщения: Count_Dandyman
That doesn't change anything about what I said you don't need exact details and giving them out would just increase the number of people with the knowledge of how to do it all that is needed is the knowledge to prevent it which is not opening the door for them in the first place.

Right, so the guy I'm trying to help right now doesn't matter right?
I never said he doesn't matter I said he doesn't need the details you are asking for
#13
AzKat 🐔 2 мар. 2019 г. в 11:48 
Автор сообщения: Count_Dandyman
Автор сообщения: AzKat

Right, so the guy I'm trying to help right now doesn't matter right?
I never said he doesn't matter I said he doesn't need the details you are asking for

He doesn't need them, I need them.
#14
Count_Dandyman 2 мар. 2019 г. в 11:48 
Автор сообщения: AzKat
Автор сообщения: Count_Dandyman
I never said he doesn't matter I said he doesn't need the details you are asking for

He doesn't need them, I need them.
no you don't
#15
< >
Сообщения 115 из 29
Показывать на странице: 1530 50

Все обсуждения > Форумы Steam > Steam Discussions > Подробности темы
Дата создания: 2 мар. 2019 г. в 11:22
Сообщений: 29
Новое обсуждение

Правила обсуждений