安裝 Steam
登入
|
語言
簡體中文
日本語(日文)
한국어(韓文)
ไทย(泰文)
Български(保加利亞文)
Čeština(捷克文)
Dansk(丹麥文)
Deutsch(德文)
English(英文)
Español - España(西班牙文 - 西班牙)
Español - Latinoamérica(西班牙文 - 拉丁美洲)
Ελληνικά(希臘文)
Français(法文)
Italiano(義大利文)
Bahasa Indonesia(印尼語)
Magyar(匈牙利文)
Nederlands(荷蘭文)
Norsk(挪威文)
Polski(波蘭文)
Português(葡萄牙文 - 葡萄牙)
Português - Brasil(葡萄牙文 - 巴西)
Română(羅馬尼亞文)
Русский(俄文)
Suomi(芬蘭文)
Svenska(瑞典文)
Türkçe(土耳其文)
tiếng Việt(越南文)
Українська(烏克蘭文)
回報翻譯問題
討論區規矩與守則
檢舉此篇文章
Yea, it also must be great to log into other people's account automatically and see their private details a couple days ago. That's state-of-the-art security for ya.
For those people who are ranting at Osvaldon calling him stupid ect, i say ♥♥♥♥ YOU
Now... I need the Steam app on my phone otherwise there's market and trade restrictions I can't get around. What this means is I now have to unlock my phone and go confirm the trade within the app if I have one and most annoying of all, I have to get a code from my phone every single time I log into Steam. Every damn time.
What I want from Steam guard is to be able to have it like it used to be but with the option of having that code sent to my phone if I log into Steam on a new device/location. I'd like my old instant trade abilities back. I get wanting additional security but have these options on by default and allow people to lower things without additional restrictions in place if desired. Also the whole 30 day restriction placed on accounts if someone even so much as needs to reset their password is just... really?
Feels like it's all being put into place to avoid expanding customer support to specifically deal with these sorts of things. Valve are making an insane amount of money every single day, it'd be nice to see that maybe put to use with a pleasant, convenient customer experience taking priority. Currently Steam Guard is a pain.
So basically, have all these extra security measures there, put them on by default but allow users to lower/increase them at will without imposing a bunch of annoying restrictions on accounts. I can sell and buy stuff on ebay with less hassle and that involves real money.
ikr
And when the system fails like it did? Even less secure.
Honestly, I'd rather have it be like email confirmation. You confirm it once per computer per browser/app. You might have to re-authenticate every month or so, but that is about it.
And have it optional for all aspects. It is going to start approaching mandatory as people start demanding mobile auth users for trading. (People already are).
And when you have things like time limited items? 72 hours is enough time for those to expire before the trade finishes.
===
Let us say I put a trade in for an item that expires in 144 hours (6 days). Let us say something happens to me and I can't get on my computer for about 3 days (Say a tree fell on my power line and it took them a few days to fix it due to a bunch of other issues such as the workers being on holiday). Now if they accept it before I can get onto the computer, but near or after the 3 day mark, the item expires before I can use it.
That means if there is something that expires in less than 72 hours, but is a good deal (say a 90% coupon), I can't get it unless I have mobile auth as well as the other person.
The only way this would be a viable solution would be if the item's timer stopped once the trade was offered and didn't start again until the the trade was complete, with maybe a 3 day extra time if the person receiving the timed item didn't log in at all.
+1
Also, neither the use nor the implementation of 2FA had any effect on the caching issue we experienced. The two are wholly unrelated, and the same data would have been exposed in this case regardless.
If a tree falls and takes out your power for three days, I'd think you'd have more important things than the trade of a digital, intangible item to worry about. Perishable food and heating, for instance.
My apologies for the unfortunate oversight on my part while posting. That remark was aimed at others in this thread who have cited not being able to afford a phone.
If you don't want to pay for a plan, you don't absolutely need one. There are free services that provide the ability to make and receive both calls and SMS over WiFi.
This, right here, demonstrates exactly how lazy you are. Given this, it's understandable that you'd find literally any security measure that requires you to lift your pinky finger to be unacceptable.
Requiring mobile 2FA for fast trades is as much about Valve protecting themselves as is it about them protecting you. Without it, if a user's account gets hijacked and all his valuable stuff gets traded away, Valve could be held liable for not providing better security. If money is changing hands, there needs to be some kind of 2FA system in place. E-mail is two decades old; it is insecure, and making it secure with encryption requires much more effort on the part of the user than installing an app. A unique, encryptable, physical device is something a hacker is orders of magnitude less likely to be able to get his hands on.
dude, u do realise that it would take a really long time to hack email/ steam passwords with a regular pc. if they had a super computer that would be a different story but who uses such high tech computers to steal items in a video game, ur argument holds no merit xD
Only steam sends it as an insecure notification. Everything else requires me to unlock the phone to read the notification.
And also, The implementation of 2FA did have an effect on security. It means in addition to other information, my phone number is exposed or partially exposed as well.
The fact that you're still arguing this point when it is literally a switch you have to flip to fix the problem tells me you have some other gripe with the app.
Requiring a phone number on the account has nothing to do with the in-app 2FA implementation. If I'm wrong about that, please cite your source.
Brute-forcing the password hash is the one of the least effective ways of hacking a Steam account. First of all, it requires actually having the hash, which would mean the attacker has had access to Valve's servers at some point; in that case, we have much larger problems than the security of a single account. If you were talking about brute-forcing the login itself, Valve is going to detect such an attack and ban that IP faster than you can say, "script kiddie." More likely, access to an account is gained through malware installed on the user's system, or by executing a man-in-the-middle attack to intercept the password in-transit. Two-factor authentication using a separate device defeats both of these attack vectors.
I've also developed a habit of discounting anything said by someone who doesn't demonstrate an ability to type well. You have a keyboard, not a flip phone. Use the extra couple brain cells it takes to compose a proper sentence.
ok first of all this isnt some offical letter so i can type however the ♥♥♥♥ i want. plus ur reply makes no ♥♥♥♥♥♥♥ sense brute force is the best way however it takes forever and secondly theres 1000s of videos warning people not to click on links so unless ur retarded people wont click on them, im really finding it hard to find the main purpose of ur response, you pretty much just reinstated my first post and made valve look better
I have the secure notifications function turned ON. Steam is still sending insecure notifications that don't require me to unlock my phone to read. ALL my other apps that have important information send secure notifications that require me to unlock the phone to read.
In order to use 2FA with a mobile, you have to link your phone to your account, which is something you didn't HAVE to do before (think of it this way, not everyone has a mobile phone. It wasn't required before).
The fact that it shows so much of your phone number without requiring a second login (the fact that there was a loophole to reveal all of it being a whole other issue) is the problem.