I've seen people mention there is an unoffcial app for windows desktop you can use. I've not used it myself but maybe you can google it. I would be careful what you download though incase it's a virus.

steam valve should follow up blizzard's example. they sell these battle.net keychain authenticator on their store for people who don't own a smartphone. the downside of it though is when the battery runs out, you have to go though customer support to have them unlink the dead battery keychain or unlink the keychain authenticator yourself if theres still some juice left in it off your account and buy another keychain.

I have one of those bnet keychain authenticator and it works very well on my bnet account but I unlinked and stopped using them the moment I started using my smartphone.

if steam ever starts selling a authenticator keygen product, it should probably have removable battteries.

Paratweet eredeti hozzászólása:

So, anything I can do to circumvent this stupid enforcement on Steam's part?

It's not an 'enforcement'; it's a crucial security feature that's optional which many other sites use for protection. If you don't have a smart phone, you can always revert to email guard.

There are desktop applications which can mimic a smartphone that you can also use but if your PC becomes comrpomised; you'll be easily phished.

J4MESOX4D eredeti hozzászólása:

Paratweet eredeti hozzászólása:

So, anything I can do to circumvent this stupid enforcement on Steam's part?

It's not an 'enforcement'; it's a crucial security feature that's optional which many other sites use for protection. If you don't have a smart phone, you can always revert to email guard.

There are desktop applications which can mimic a smartphone that you can also use but if your PC becomes comrpomised; you'll be easily phished.

I'm already required to use email confirmation to create sales listings/confirm trades...if you know of a way to supercede the mobile autheticator using my email, I'd love to hear it because a mobile authenticator is a no-go.

As for my PC becoming comprimised, I'm sorry but the chances of that happening are rather...slim. I don't download aything beyond game patches and games from legitimate sources, I don't visit questionable sites, and unless there's some top level crap going on I consider myself pretty safe on that issue.

Darth Altria Pendragon eredeti hozzászólása:

steam valve should follow up blizzard's example. they sell these battle.net keychain authenticator on their stores.

A few problems there

1) Blizzard doesn't sell these internationally
2) Blizzard doesnt' have a trading mechanism. It is only used for login authorization
3) A standard TOTP, blizzard auth/google authenticator/etc doesnt work for trading because you cannot verify the CONTENTS of the trade. If you used a standard TOTP implmentation this is what woudl happen

a) I send you a fake trading URL
b) You log into my fake site
c) You send me a trade on my fake site
d) My fake site goes to steam and authroizes the ACTUAL trade of giving me everything you own
e) My fake site shows you your fake trade
f) you input your code into my fake site
g) My fake site authorizes the trade using your code
h) Thank you, you have now given me everything you own, and you authorized it

This is why a standard TOTP implementation cannot work with steam. the Steam Mobile Authenticator is primarily a TRADE CONTENT VERIFICATION tool. And as such a TOTP, or U2F since everyone also seems to want that too, are not appropriate for what the Steam Mobile Authenticator is primarily designed to address.

Paratweet eredeti hozzászólása:

As for my PC becoming comprimised, I'm sorry but the chances of that happening are rather...slim. I don't download aything beyond game patches and games from legitimate sources, I don't visit questionable sites, and unless there's some top level crap going on I consider myself pretty safe on that issue.

Allow me to point out that the people who claim this kind of thing, are exactly the kind of people scammers love. Hubris is the enemy of security.

Satoru eredeti hozzászólása:

Paratweet eredeti hozzászólása:

As for my PC becoming comprimised, I'm sorry but the chances of that happening are rather...slim. I don't download aything beyond game patches and games from legitimate sources, I don't visit questionable sites, and unless there's some top level crap going on I consider myself pretty safe on that issue.

Allow me to point out that the people who claim this kind of thing, are exactly the kind of people scammers love. Hubris is the enemy of security.

Using common sense is the best preventative to being scammed but people forgot about personal responsibility and being vigilant a long time ago. I think you're mistaking me for a ten year old who'll click shady links to get a free CS:GO knife.

Satoru eredeti hozzászólása:

Darth Altria Pendragon eredeti hozzászólása:

steam valve should follow up blizzard's example. they sell these battle.net keychain authenticator on their stores.

A few problems there

1) Blizzard doesn't sell these internationally
2) Blizzard doesnt' have a trading mechanism. It is only used for login authorization
3) A standard TOTP, blizzard auth/google authenticator/etc doesnt work for trading because you cannot verify the CONTENTS of the trade. If you used a standard TOTP implmentation this is what woudl happen

a) I send you a fake trading URL
b) You log into my fake site
c) You send me a trade on my fake site
d) My fake site goes to steam and authroizes the ACTUAL trade of giving me everything you own
e) My fake site shows you your fake trade
f) you input your code into my fake site
g) My fake site authorizes the trade using your code
h) Thank you, you have now given me everything you own, and you authorized it

This is why a standard TOTP implementation cannot work with steam. the Steam Mobile Authenticator is primarily a TRADE CONTENT VERIFICATION tool. And as such a TOTP, or U2F since everyone also seems to want that too, are not appropriate for what the Steam Mobile Authenticator is primarily designed to address.

Wouldn't a U2F key perform the same task as a Steam Guard code - require the user provide a confirmation code i.e. in this case by plugging in the key and pressing its button to confirm physical control of the account?

You do not understand, confirming a trade does not require a code. It requires you to open the app, see the list of items you trade, scroll down and then press a button to confirm the trade.