Todas las discusiones > Foros de Steam > Steam Discussions > Detalles del tema
MVP_lCE™ 14 ABR 2022 a las 1:10 a. m.
Replace Steam Guard Code System with QR Code System
AFAIK, account sharing is an act that has been strictly prohibited by Valve or the Steam because such sharing of an account could lead to a lot of misunderstanding and unwanted penalties to happen on the owner of the accounts such as sharing an account but there is an illegal act being detected through another party (not the owner) who log into and use that account.

IMO, such an issue can be reduced or best resolved if the developer uses a QR code as the security layer for players to log in or proceed with any transfer action on their accounts. Why does nobody think of this? Maybe I can say, if you want to play a high rules game such as Dota 2, then you have to use your smartphone that has been linked to your Dota 2 account to scan the QR Code generated for verification. Best to say for a game like Dota 2, every time to click "Find Match" players must use the Steam app on the smartphone to scan for the QR code shown in the game. Scanning through own smartphone is very easy to proceed if you are really the owner of the account.

So ugly to see the current Steam Guard code that players can generate from the Steam Guard mobile and then share with other individuals. With that, definitely, a lot of account sharing will happen. This will cause a lot of illegal activities to happen as well.

FYI, the QR is something used by the DISCORD security system. I believe by using QR codes, other individuals will be difficult to gain access to other accounts. :)
< >
Mostrando 1-15 de 32 comentarios
BloodShed 14 ABR 2022 a las 1:27 a. m. 
Valve already has something like that in the works.

It just not ready yet.
#1
Tito Shivan 14 ABR 2022 a las 1:32 a. m. 
Publicado originalmente por coUp dE gRâce :
So ugly to see the current Steam Guard code that players can generate from the Steam Guard mobile and then share with other individuals.
QR Codes can be shared too.
#2
Cathulhu 14 ABR 2022 a las 1:35 a. m. 
I'm sure game streamers will not only despise, but hate such a feature.
#3
J4MESOX4D 14 ABR 2022 a las 1:38 a. m. 
If someone gets penalised for account sharing then that's their problem. No matter what features are in place, people will always find a way round them. Users who want to share accounts could simply disable all security elements regardless so it can be accessible easily by someone else when required.
#4
ulia 14 ABR 2022 a las 1:38 a. m. 
QR codes are just an obfuscation layer of the same old data, it is not a form of encryption and is fundamentally equivalent to just typing in the digits, just without the user typing in the output. I think what you were trying to ask for is authentication strictly tied to physical device access rather than untied OTP/keys.

Account sharing is also only partly prohibited as per the caveat in the subscriber agreement:

Publicado originalmente por STEAM® SUBSCRIBER AGREEMENT:
You may not reveal, share or otherwise allow others to use your password or Account except as otherwise specifically authorized by Valve.

This is not particularly well defined with only a few forum posts mentioning approved use cases, such as for family members under your supervision and discretion. As such tying authentication to physical device access would prohibit parents allowing their children to access their account without strictly being on-site, co-workers from using shared content delivery accounts, and also create a more convoluted and potentially more vulnerable pipeline for account recovery measures.
#5
MVP_lCE™ 14 ABR 2022 a las 2:17 a. m. 
Publicado originalmente por Tito Shivan:
Publicado originalmente por coUp dE gRâce :
So ugly to see the current Steam Guard code that players can generate from the Steam Guard mobile and then share with other individuals.
QR Codes can be shared too.
It can be shared but how it can be verified by the other computer or machine?

If I say an individual A is linking his smartphone Steam app with his Steam platform for a game such as Dota 2 on his computer, then do you think that individual B can use his smartphone Steam app to scan QR code that being generated by his Dota 2 game? Definitely, we can detect that individual B is attempting to access the ownership of account by individual A because the scan of QR code for verification is being run by different linked smartphone device.
#6
MVP_lCE™ 14 ABR 2022 a las 2:19 a. m. 
Publicado originalmente por BloodShed:
Valve already has something like that in the works.

It just not ready yet.
Glad to hear that. Hope they are running in progress of launching it 'asap'. That's why I always looking for hope. :)
#7
[N]ebsun 14 ABR 2022 a las 3:10 a. m. 
Just get them to use PKI, keep your key on you and login by signing and sending back an auth request. have a pin on the key to unlock it. same way that payment cards work.
#8
cinedine 14 ABR 2022 a las 3:11 a. m. 
Publicado originalmente por coUp dE gRâce :
Publicado originalmente por Tito Shivan:
QR Codes can be shared too.
It can be shared but how it can be verified by the other computer or machine?

If I say an individual A is linking his smartphone Steam app with his Steam platform for a game such as Dota 2 on his computer, then do you think that individual B can use his smartphone Steam app to scan QR code that being generated by his Dota 2 game? Definitely, we can detect that individual B is attempting to access the ownership of account by individual A because the scan of QR code for verification is being run by different linked smartphone device.

If I want to account share with anyone, they just screengrab me the QR code and I can verify it with my phone at my place. All you changed is that instead of me sending them a code to verify, they now send me a code to verify.
Última edición por cinedine; 14 ABR 2022 a las 3:12 a. m.
#9
Brian9824 14 ABR 2022 a las 3:14 a. m. 
It wouldn't have anything to do with account sharing, once logged in you don't have to constantly verify your account.

Doing so would be extremely annoying and hurt more innocent people then it would help
#10
MVP_lCE™ 14 ABR 2022 a las 3:43 a. m. 
Publicado originalmente por cinedine:
Publicado originalmente por coUp dE gRâce :
It can be shared but how it can be verified by the other computer or machine?

If I say an individual A is linking his smartphone Steam app with his Steam platform for a game such as Dota 2 on his computer, then do you think that individual B can use his smartphone Steam app to scan QR code that being generated by his Dota 2 game? Definitely, we can detect that individual B is attempting to access the ownership of account by individual A because the scan of QR code for verification is being run by different linked smartphone device.

If I want to account share with anyone, they just screengrab me the QR code and I can verify it with my phone at my place. All you changed is that instead of me sending them a code to verify, they now send me a code to verify.
You already said there, "...can verify it with my phone at my place." means account sharing can easily be detected there. With that, the individual who been detected for passing QR code to other smartphone that owned by other individual for verification, then it means he broke the rules of Steam already.
#11
MVP_lCE™ 14 ABR 2022 a las 3:59 a. m. 
Publicado originalmente por brian9824:
It wouldn't have anything to do with account sharing, once logged in you don't have to constantly verify your account.

Doing so would be extremely annoying and hurt more innocent people then it would help
This change is for individuals who are involved with certain high rule games such as Dota 2 that requires the owner of accounts to link their smartphone mobile number with the Dota 2 account. Due to the current linkage, I can see there are many individuals still able to break the rules by sharing the Steam Guard code. Therefore, we need a new replacement or system for this code so that the account sharing issue can be reduced or best be resolved.

This can be used for many other games on the Steam platform also when the users keep their items on the Steam inventory because if the scammer or hacker doesn't own the same smartphone as the owner of an account, then he hardly or cannot steal any item. People will say hacking is something that might happen, but I will say this is very hard to be hacked. People will say scamming is something that still can happen, but I will say this is your full responsibility to either agree (scan QR) or decline/counter any offer made by people.

With that, I will say, if any individual successfully in scamming you, then it means it is fully your wrong already as it is very similar to passing your smartphone to the scammer.
#12
cinedine 14 ABR 2022 a las 4:14 a. m. 
Publicado originalmente por coUp dE gRâce :
Publicado originalmente por cinedine:

If I want to account share with anyone, they just screengrab me the QR code and I can verify it with my phone at my place. All you changed is that instead of me sending them a code to verify, they now send me a code to verify.
You already said there, "...can verify it with my phone at my place." means account sharing can easily be detected there. With that, the individual who been detected for passing QR code to other smartphone that owned by other individual for verification, then it means he broke the rules of Steam already.

You didn't detect ♥♥♥♥. I used the phone registered to my account to access my account. Only that my account is accessed by a friend on the other site of the globe.
This is functionally no different than it is done now.

What you are talking about, I guess, is hijacking accounts, not "sharing". Although that doesn't matter. They way they phish your data is by replicating the "official" login window.
Websites are nothing more than a text document with instructions on how to display the content.
They just receive this document from Steam and display it on their site. Which includes the prompt for the guard code and will also include the QR code.
#13
Bee🐝 14 ABR 2022 a las 4:18 a. m. 
Publicado originalmente por coUp dE gRâce :
Publicado originalmente por brian9824:
It wouldn't have anything to do with account sharing, once logged in you don't have to constantly verify your account.

Doing so would be extremely annoying and hurt more innocent people then it would help
This change is for individuals who are involved with certain high rule games such as Dota 2 that requires the owner of accounts to link their smartphone mobile number with the Dota 2 account. Due to the current linkage, I can see there are many individuals still able to break the rules by sharing the Steam Guard code. Therefore, we need a new replacement or system for this code so that the account sharing issue can be reduced or best be resolved.

This can be used for many other games on the Steam platform also when the users keep their items on the Steam inventory because if the scammer or hacker doesn't own the same smartphone as the owner of an account, then he hardly or cannot steal any item. People will say hacking is something that might happen, but I will say this is very hard to be hacked. People will say scamming is something that still can happen, but I will say this is your full responsibility to either agree (scan QR) or decline/counter any offer made by people.

With that, I will say, if any individual successfully in scamming you, then it means it is fully your wrong already as it is very similar to passing your smartphone to the scammer.
I'm sorry but this just sounds like insisting on a new system when the current one is totally fine and works as intended. As brian9824 and cinedine pointed out this doesn't actually solve the account sharing issue at all. The current system works in stopping any form of hacking - people who get phished and then hijacked are warned that this might happen and ignore it.

Now, there's one giant extra flaw in this plan. QR codes are notoriously finicky depending on the age of the phone and the quality of the user's camera. Heck, even something simple as room lighting can be an issue. It is one of the main reasons major companies haven't moved to a QR system in full even though the tech has been around for ages. It creates more headaches than it solves. The current system is simple and easy to display and read. Most importantly? It works.

Edit: Here's a simple question to ask yourself OP. Valve, Microsoft, Google and Apple have some of the world's best programmers and digital security experts working for them, so if QR codes are the answer, then why haven't they moved to the system?
Última edición por Bee🐝; 14 ABR 2022 a las 4:25 a. m.
#14
BloodShed 14 ABR 2022 a las 4:35 a. m. 
Publicado originalmente por Bee:
Now, there's one giant extra flaw in this plan. QR codes are notoriously finicky depending on the age of the phone and the quality of the user's camera. Heck, even something simple as room lighting can be an issue. It is one of the main reasons major companies haven't moved to a QR system in full even though the tech has been around for ages. It creates more headaches than it solves. The current system is easy to display and read. Most importantly? It works.

It actually depends on the app. Some can be quite slow to recognize a QR code, others are fast enough to scan it before the code is fully in frame.

Hell the difference can also be seen with barcode scanner apps.
Example:
The 'universal' scanner app I have (QR, Barcode, Data Matrix ect..) takes a few seconds to scan a barcode.
But scanner in my Coop app (Coop is a cooperative of supermarkets) that I use for shopping scans them the moment they are in the 'scanning' field.


As for major companies, they generally prefer Data Matrix codes due to the versatility they offer.
#15
< >
Mostrando 1-15 de 32 comentarios
Por página: 1530 50

Todas las discusiones > Foros de Steam > Steam Discussions > Detalles del tema
Publicado el: 14 ABR 2022 a las 1:10 a. m.
Mensajes: 32
Comenzar una nueva discusión

Normas y directrices sobre discusión