Ursprünglich geschrieben von Mr.Fr33man:

Wow now i have to remove the "remember me" checkbox every ♥♥♥♥♥♥♥ time AND on top it forgetts my account name every boot. Yes it got worse. Why are they doing that to us?

Because they're close enough to a monopoly that they can.

This thing is terrible...

Whenever I login it flashes a 2nd copy of the login box up on the screen. Seems soooo much like a malware is capturing my password and then sending it to Steam as a man-in-the-middle type of capture it's ubsurd.

Absolutely no reason Steam couldn't have avoided that. (Unless I really was hacked...)

Ursprünglich geschrieben von battlezoby:

This thing is terrible...

Whenever I login it flashes a 2nd copy of the login box up on the screen. Seems soooo much like a malware is capturing my password and then sending it to Steam as a man-in-the-middle type of capture it's ubsurd.

Absolutely no reason Steam couldn't have avoided that. (Unless I really was hacked...)

I guess it was fixed latest beta?

Steam Client Beta - October 7

The Steam Client Beta has been updated with the following changes.

Sign In UI

• Fixed username and password fields flashing briefly at the end of a successful sign in
  
• Fixed automated login with credentials provided on the command line
  
• Fixed Steam Guard code input accepting and potentially submitting with invalid characters
  
• Fixed confirmation-based mobile sign-ins not successfully approving login when client asked for Steam Guard code instead
  
• Added explicit messaging for failures related to too many retries

Source: https://steamcommunity.com/groups/SteamClientBeta/announcements/detail/3317488613180874088

Ursprünglich geschrieben von battlezoby:

This thing is terrible...

Whenever I login it flashes a 2nd copy of the login box up on the screen. Seems soooo much like a malware is capturing my password and then sending it to Steam as a man-in-the-middle type of capture it's ubsurd.

Absolutely no reason Steam couldn't have avoided that. (Unless I really was hacked...)

You typing in your password every single time would be a bigger security risk because each time there would be a chance for the maleware to hijack it.

Maleware does not have "Eyes" it reads inputs from keyboard. Also this would mean you wouldn't have any Anti virus program running at all.

If you for example have Autologin on the maleware would not be able to read the input for your password or login name at all.

Ursprünglich geschrieben von Zefar:

Maleware does not have "Eyes" it reads inputs from keyboard.

It also can just pluck the credentials that Steam stores to facilitate its auto-login, straight off of your file-system. That method doesn't even require human interaction, like entering a password does. And it can be done at any moment, rather than only when you are entering a password.

The only way those stored credentials would be secure against being lifted straight off of the filesystem, is if they were stored in your OS's secured credential storage or in (or protected by a master key stored in) the TPM. Or if Valve took precautions and somehow bound them to aspects of the physical machine cryptographically.

Other than that; any malware capable of detecting the Steam sign-in window and performing key-logging, could also detect whether you're signed in to Steam and could then manipulate your account quickly and quietly to add an API-key granting persistent access to the features they'd want to abuse.

So have a good, long thought about whether it's really more vulnerable.

Ursprünglich geschrieben von RiO:

It also can just pluck the credentials that Steam stores to facilitate its auto-login, straight off of your file-system. That method doesn't even require human interaction, like entering a password does. And it can be done at any moment, rather than only when you are entering a password.

Have a good, long thought about what is more vulnerable.

Got to get a move on, but do play to test it and see if that really works or not
Going to try to just copy Steam into a VM and see how it runs there, if it will take the remember password or not
My guess it should detect something and block it form login at all, but will see

The new login prompt is terrible. The flashing was not fixed. Checking for an update tells me that I use the most recent version. The "Remember me" checkbox keeps re-selecting itself no matter how often I deselect it or what I change my account / profile settings for this to. It asks me to send them the code they sent to my e-mail now everytime I try to log in, which I can't get rid of anymore, which saves nothing IF there's malware on my device reading my inputs anyway but only gives me a hassle because OTHER PEOPLE used to give external services and 3rd party sites their Steam account login & password, which I don't use and won't ever use. So bottom line: Everything got worse and there's no way to remedy any of that.

Ursprünglich geschrieben von Black Blade:

Got to get a move on, but do play to test it and see if that really works or not
Going to try to just copy Steam into a VM and see how it runs there, if it will take the remember password or not
My guess it should detect something and block it form login at all, but will see

IIRC back in the worst days of account theft Steam fixed login files from being used elsewhere for login, as 'stealing' the login files to access an account used to be a thing back then.

The new login box is ugly and way too big on a 1080p screen. But the unforgivable thing is it doesn't have a minimise button.

I don't always login when windows starts so I minimise it. Apparently now I'm gonna have this chungus in the middle of my screen.

Ursprünglich geschrieben von Fizzban:

The new login box is ugly and way too big on a 1080p screen. But the unforgivable thing is it doesn't have a minimise button.

I don't always login when windows starts so I minimise it. Apparently now I'm gonna have this chungus in the middle of my screen.

in your case, i'd just set it not to start at windows startup. Wouldn't take you long to double click a desktop shortcut when you do want to use steam.

Uhgg, my first thougth was: was my account hacked...so I use a full scan.

Now, my thoughts are: Steam you are getting worse and worse. Not only is this new login ugly...it is unsafe, it cost me time (and of course it didn't work the first times I tried it...endless login screen).
Only because there are no real alternatives (GOG is soooo lame and running with financial problems) I am still using it.

Ursprünglich geschrieben von Tito Shivan:

Ursprünglich geschrieben von Black Blade:

Got to get a move on, but do play to test it and see if that really works or not
Going to try to just copy Steam into a VM and see how it runs there, if it will take the remember password or not
My guess it should detect something and block it form login at all, but will see

IIRC back in the worst days of account theft Steam fixed login files from being used elsewhere for login, as 'stealing' the login files to access an account used to be a thing back then.

Ah; so they did actually fix that huge backdoor then?
That's good to know at least.

Ursprünglich geschrieben von RiO:

Ah; so they did actually fix that huge backdoor then?
That's good to know at least.

Ya, guess that is why the "download this" has stop, as there is no option to just steal the SSN files any more to use for login as it was then