Why is My Steam Account Password Changing Daily DESPITE using SteamGuard?

All Discussions > Steam Forums > Help and Tips > Topic Details

fadamor Oct 17, 2018 @ 8:13am

Every morning for the last three days when I wake up I find the Steam popup saying I need to log in. Entering the password says "Incorrect password" despite having set and logged in using the password the previous day. I've scanned for malware and activated SteamGuard, yet this morning I was presented with the same login message and the password wouldn't work despite working yesterday. Normally I would talk to a human at Steam Support about this, but all they have is is an automated site that directs you to change your password - which I've done three times now but only grants me access for about a day before the password is changed again. If SteamGuard is being bypassed to change the password, does that mean someone in Steam is the one griefing me?

< >

Showing 1-11 of 11 comments

cSg|mc-Hotsauce Oct 17, 2018 @ 8:15am

The account could be compromised.

Look here for suspicious logins...

https://help.steampowered.com/en/accountdata/SteamLoginHistory

And here for odd PC names...

https://help.steampowered.com/en/accountdata/MachineAuthName

Anything?

What about any emails about a suspicious login attempt?

Last edited by cSg|mc-Hotsauce; Oct 17, 2018 @ 8:26am

fadamor Oct 17, 2018 @ 9:11am

I see. It seems to be a "man in the middle" type hack. The account shows only one machine name logging into the account but...

Last edited by fadamor; Oct 17, 2018 @ 9:18am

fadamor Oct 17, 2018 @ 9:14am

The login history suddenly went international three or so days ago:

Login Time Logoff Time OS Type Country City State Oct 17, 2018 @ 5:55am EDT -1 VN Hanoi Ha Noi Oct 17, 2018 @ 11:02am EDT -1 US Manassas VA Oct 17, 2018 @ 11:45am EDT -1 US Manassas VA Oct 17, 2018 @ 12:01pm EDT Oct 17, 2018 @ 12:08pm EDT 16 US Manassas VA Oct 17, 2018 @ 12:10pm EDT 16 US Manassas VA Oct 16, 2018 @ 2:08pm EDT -1 VN Ho Chi Minh City Ho Chi Minh Oct 16, 2018 @ 6:40pm EDT -1 US Manassas VA Oct 16, 2018 @ 6:42pm EDT -1 US Manassas VA Oct 16, 2018 @ 6:44pm EDT 16 US Manassas VA Oct 16, 2018 @ 7:38pm EDT 16 US Manassas VA Oct 15, 2018 @ 1:18pm EDT -1 MY Parit Raja Johor Oct 15, 2018 @ 2:35pm EDT -1 MY Sungai Petani Kedah Oct 15, 2018 @ 2:40pm EDT -1 MY George Town Pulau Pinang Oct 15, 2018 @ 4:01pm EDT -1 MY Kuching Sarawak Oct 15, 2018 @ 5:05pm EDT -1 US Manassas VA Oct 15, 2018 @ 5:06pm EDT 16 US Manassas VA Oct 13, 2018 @ 10:50pm EDT 16 US Manassas VA Oct 11, 2018 @ 8:21pm EDT Oct 12, 2018 @ 12:41am EDT 16 US Manassas VA Oct 12, 2018 @ 12:55am EDT Oct 12, 2018 @ 4:28am EDT 16 US Manassas VA Oct 12, 2018 @ 4:29am EDT -1 VN Uyen Hung Binh Duong Oct 11, 2018 @ 8:38am EDT 16 US Manassas VA Oct 11, 2018 @ 9:32am EDT Oct 11, 2018 @ 9:33am EDT 16 US Manassas VA

cSg|mc-Hotsauce Oct 17, 2018 @ 9:17am

I would suggest...

Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes.

Revoke the api key https://steamcommunity.com/dev/apikey

feytharn Oct 17, 2018 @ 9:25am

Originally posted by cSg|mc-Hotsauce:
I would suggest...

Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes.

Revoke the api key https://steamcommunity.com/dev/apikey

:qr:

When changing your password from a secure device, change the password to your e-mail provider and possibly your mailbox, too.

cSg|mc-Hotsauce Oct 17, 2018 @ 9:26am

Yes. That^^ as well.

fadamor Oct 17, 2018 @ 9:26am

I already did the malware scan using Webroot SecureAnywhere with the machine in Safe Mode.
I never had an API key to begin with. I'm not a developer.

cSg|mc-Hotsauce Oct 17, 2018 @ 9:28am

If you have the mobile app, you do.

fadamor Oct 17, 2018 @ 9:30am

I don't have Steam on my mobile phone.
Email password was changed at the provider and on my client this morning.

Last edited by fadamor; Oct 17, 2018 @ 9:31am

аdvicebanana Oct 17, 2018 @ 10:39am

Originally posted by fadamor:
I already did the malware scan using Webroot SecureAnywhere with the machine in Safe Mode.
I never had an API key to begin with. I'm not a developer.

Anyone can generate one for themselves. If you're not using it, check if it exists and revoke it if it does.

#10

fadamor Oct 17, 2018 @ 11:59am

When I checked, it didn't give me the option to revoke one, only create one.

#11

< >

Showing 1-11 of 11 comments

Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details

Date Posted: Oct 17, 2018 @ 8:13am

Posts: 11

Start a New Discussion

Discussions Rules and Guidelines

Report this post