Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
Accounts can be phished, but that requires failure on the user's end to allow that to happen.
Account Security Recommendations
https://support.steampowered.com/kb_article.php?ref=1266-OAFV-8478
If you suspect wrongdoing, you can report that user on the profile under the "more" drop menu.
VAC bans are delayed. They can be delayed for days/weeks, maybe even longer. The account may have already been flagged for a future VAC ban, if he is using identifiable cheats.
also @giving one they can but only under certain conditions in which op does not fall under and many others, mobile auth also blocks people from doing much
I assume having Steam mobile authenticator on Android using your Google account doesn't make it so any other Android device which use the same login also get access to a functional Steam mobile authenticator. Or does it? I don't know.
Anyway. I don't know what e-mail provider you use but if it was say Gmail without two-factor authenticator and Steam was using that with no additional security features then knowing your password to your e-mail would be enough (though he won't know that one if you pick a good one so .. There's also the scenario that he could break into your machine logging your keypresses which would sort that one out but I don't know how likely that would be.)
However if you turn on two-factor authentication in Gmail and get an SMS with a code from them which you have to use to login into your e-mail then someone would have to spoof your phone / listen of the cellular network to be able to get such a code. I assume which wasn't all that hard to do using GSM so it's a possibility but it's more likely.
Now if you use the Steam mobile authenticator and if that can't be installed onto random Android device by owning your Google account (is logging in enough? I assume that require the mobile authenticator already? ..) then having access to your e-mail account wouldn't be enough. He'd also need to have access to your mobile phone (well, this is true for iOS devices too I guess) which won't be the case so as far as the non-human security features of the system chances are likely good that you don't have to worry much about his threats.
If you wanted to raise the security of your account then install the mobile authenticator if you haven't already, enable two-factor authentication on your e-mail if you can and even better change the e-mail you use for Steam to one which you don't normally use and which is only used for Steam so he can't figure out which one it is.
That's the technical aspect. However there's also the human one with password recovery for those who the account actually belong too. I don't know how Valve handles any requests for help with gaining access to ones account if one have used the mobile authenticator and then lost it but chances are that if he for instance had access to your payment details or some account with Steam keys you've activated and so on maybe he could trick himself to gain access regardless of the former. Maybe then Valve could help you out if that turned out to be the case but I think that's the larger risk than the technical solutions IF YOU USE THEM. I do recommend you to use them.
As said part of the problem is the human though. Like for instance say someone was an agent or political activist or what not and had their stuff encrypted. Maybe then the technical solution as long as the human wasn't involved was strong but say that person got a life-threat onto them unless they granted access. How would that affect things?
So I can't answer for how HUMANS would react. Also the technical solutions may not be perfect and I don't even know how they work in details (as for instance whatever the Steam authenticator could easily get installed on multiple devices) so I'm not really qualified to give good answers and the best would likely be that you contacted Valve about it and then they could help you and maybe even in the best of words flag your account so they are more protective of it or investigate into how he have behaved.
He could possibly still cause havoc against you with DDoS attacks or whatever social/online behavior even though your Steam account would be pretty safe.
Personally I don't think he will be fun to have on your friends list and I guess I would just remove and block him.
But yeah, if you haven't have a good e-mail password already, haven't enabled two-factor authentication even if you can on your e-mail and on Steam maybe now is a good time to do so? :)
If you have bought game-keys on some webpages using the same e-mail address then improving your e-mail safety will help protect you there too but maybe you should also change the passwords to something better on those sites? As said I guess using a special e-mail address which they (others) won't know about could provide some extra security by obscurity too :)
Keeping your browser up to date, if not paying for anti-virus maybe running something like Avast! or so, maybe disable Flash (and PDF-plugins?) and not follow any suspecious links could help in protecting your PC. I don't know what games you play but if you played the games in say Linux you'd likely gain some more security by obscurity there too, though I guess many of these online threats may be multiplatform even if Windows may be the more obvious target. So it's not necessarily "safe" there either.
It's just the same there with the human aspect. Even if Microsoft had their own store and used signed executables and asked you if you really trusted the software provider and so on as long as you were willing to also fetch and run software from under places and let it run with whatever rights it won't protect you. The thing is though that we are social beings and we kinda have to trust each other at-least to some degree / society works like that and it's much easier to act together if we do trust each other / can trust each other / trust is grnating us benefits.
I'm sorry you had to deal with this person :/.
I hope I could be to some help and ease your worries a bit and give you some suggestions :)
Best of luck! :)
(Edit: As for you changing IP doesn't know as long as he know the current one, in regard of DDoS I don't really know what protections there is but I assume the solution when you're overwhelmed is to contact those who route the traffic onto you and ask them to block the traffic, maybe your ISP or in the case of VPN provider or so would do that when they noticed the problem, maybe the response is automized. I don't know. I assume chances are one may just have to live with it (for then) though. It's not so simple as just being aware it's happening at-least. Compare it with a physical mailbox, if you got post it will simply come even if you are aware of it. What you need to do is to tell the mailman to stop deliver it, and then the post-office may want to stop it from reaching them and so on.
(Another pretty funny thing when it comes to the security solutions is like when they have implemented authentication by a camera to check the face of the user because we all look different and then someone can beat that by simply showing a photo .. The better systems likely can figure out it's a photo but you get the idea for what may be the problem, same with finger-print scanners and molds of fingerprints. Isn't there some movie where someone use the actual eyeball? ..))
If someone begins to say things like "we have your ip, then we guess your account name and then try the password",
its funny. Nothing else.