Installer Steam
connexion
|
langue
简体中文 (chinois simplifié)
繁體中文 (chinois traditionnel)
日本語 (japonais)
한국어 (coréen)
ไทย (thaï)
Български (bulgare)
Čeština (tchèque)
Dansk (danois)
Deutsch (allemand)
English (anglais)
Español - España (espagnol castillan)
Español - Latinoamérica (espagnol d'Amérique latine)
Ελληνικά (grec)
Italiano (italien)
Bahasa Indonesia (indonésien)
Magyar (hongrois)
Nederlands (néerlandais)
Norsk (norvégien)
Polski (polonais)
Português (portugais du Portugal)
Português - Brasil (portugais du Brésil)
Română (roumain)
Русский (russe)
Suomi (finnois)
Svenska (suédois)
Türkçe (turc)
Tiếng Việt (vietnamien)
Українська (ukrainien)
Signaler un problème de traduction
Procédures à suivre et règles des discussions
Signaler ce message
Good point though that they provide the APK without Google Play.
Does it still need your phone number? Because if I forget to renew my plan the service provider will block the number and basically you lose it.
I recommend to use the e-mail method, and for your e-mail account you can have normal and secure 2FA.
I haven't heard of a single case of a user being hijacked on Steam because of maleware on their phone. Not ONCE have I heard that.
Even though people like you love to claim it's super easy to get infected and lose all of the information.
This is a none issue really.
I never heard anyone got AIDS. Maybe it doesn't exist.
edit: if one of the app's goal is to increase security, then it isn't. Then don't call if 2FA, because it isn't 2FA. It is nonsense. It is like writing your PIN on your credit card.
Yes this.
Basically, in normal application, login with 2FA requires access to 2 devices. Typing password on PC. And then getting code from some 2fa app on mobile. Or even better if you can get like a hardware 2fa code generators that some banks use. Hackers and stealers need to get both devices to get full access to account.
Like, I can type my password on web login page when sitting in some shady internet cafe, maybe accidentally even autosave it there. And then confirm it with 2fa code generated on mobile. So even if internet cafe's pc is full of viruses and keylogeres, I still don't lose my account because it's secured by second device (mobile with 2fa code generator).
With the steam, 2fa codes and login and password all is stored on single mobile device. Step backward in security.
My next problem is that all programs which can generate steam-compatible 2fa keys are for pc. not mobile. I have to type password and generate 2fa keys on the same device, not separate devices. And that's bad too. Many pain, I will stay with email auth.
I've been on this community since the start of it and I was part of the Volunteer Moderator team. During my time I never once saw someone make a topic about their phone being stolen and used to hijack their account.
For a criminal to take your Steam account he would need to do this.
1: Get access to your account name and password. Easier said than done.
2: Steal your phone. Then crack into it by getting past the pin code or the pattern painting. Which btw you have 3 chances to get right.
3: Then finally login to the account to change information.
It will not happen. Autologin on the Steam app does not equal to having the pin on your creditcard. Because he would still need to get into the phone itself.
You will have a far easier time convincing some gullible victim that you're a Valve employee on Discord and scamming a user than actually stealing someones phone to take their Steam account. Mainly because I keep reading about topics from people who have fallen for it. Far too many times might I add.
The Google authentication just needs you to start it and confirm if it was you.
No password. No protection. Just start the app and use it to confirm it was you.
It has the exact same protection as the Steam 2fa. That being the Mobilephone it's put on. Hackers would need to steal this phone.
The App does not give you full access. The thief also won't have your password.
It has actually limited control on what he can do.
The same protection the SteamApp has. But you're ignoring that are you not?
Or you just have to open a webpage and with CPU vulnerabilites like Spectre v2 they can read everything from your phone. These are things happened already in the past, but in the future these can happen again. Just search for the term zero click RCE (remote code execution).
Even if these are rare it doesn't change the fact that Steam's 2FA is broken and not secure.
I'm ignoring it, because it doesn't have anything to do with 2FA. In case of proper 2FA you don't have both secrets on one device. That's the point of 2FA what you still cannot understand.
Here are 3 scenarios where properly implemented 2FA protects you:
Scenario #1:
You have your password typed onto a PC and you have your 2FA app on your phone. On your phone you never enter your password. The PC gets infected with a trojan and the hackers will know your Steam password. The hackers won't be able to log into your Steam account from THEIR PC because you won't approve the login attempt from your phone.
Scenario #2:
You have your password typed onto a PC and you have your 2FA app on your phone (same as before). You lose your phone and someone guessed your PIN or faked your fingerprint or used a vulnerability to crack the phone's encryption (such vulnerabilities existed before). The bad guy cannot do anything with your Steam account, because all he has is some numbers changing every 30 seconds. He doesn't have your password.
Scenario #3:
You have your password typed onto a PC and you have your 2FA app on your phone (same as before). You open a random cat GIF website on your phone which roots your phone and steals all your data. The attackers still won't know your Steam password.
Currently this would happen with Steam mobile app:
Scenario #1:
You will be protected.
Scenario #2:
The attackers will know your Steam password and can authenticate themselves with the 2FA app and they can take over your account.
Scenario #3:
The attackers will know your Steam password and can authenticate themselves with the 2FA app and they can take over your account.
Read up on it and it seems to be used a certain group of people only. Android and Apple are patching the exploits as they find them.
So this is not going to happen to anyone who has a Steam account.
Steams 2FA is not broken or insecure. The old code it generate and you can still generate that code, it's easier to steal with such maleware than scanning a QR code with the phones camera.
They should get rid of the code entirely because gullible people on Discord keep giving it away to others. It'd be much harder to scam the scammers QR code.
Still it would be safer if the phone app wouldn't ask for your password.
Pegasus is a cyberweapon and it costs a lot, and when I say a lot, it means millions of dollars.
You can get infected with a trojan by just downloading a free flashlight app. The bad thing is that you can never be sure that you are safe. What you still ignore is the purpose of 2FA and that the Steam app doesn't fulfill this purpose.