Website with Steam login :: Help and Tips

Alle Diskussionen > Steam-Foren > Help and Tips > Themendetails

Ich? 19. Dez. 2019 um 23:45

Website with Steam login

Can Websites Steal your accounts if they have steam login? (The real Steam login)

Zuletzt bearbeitet von Ich?; 19. Dez. 2019 um 23:45

Der Ersteller dieses Themas hat einen Beitrag als Antwort auf seine Frage markiert.
Hier klicken, um zu diesem Beitrag zu springen.

Ursprünglich geschrieben von MalikQayum:

there is a exploit, but basically what you need to do if you always want to be sure you are not falling for this exploit is to log in on the steam store/steamcommunity via steams official sites first. (through a webbrowser)

then when you log into a third party site that uses openid, the third party site should not ask for your credentials to be typed in as you are already logged in and just tell you to click the button sign in (green button).

if it still ask you to log in (insert username/password) go back to the official steam store/steamcommunity and check if you are logged in already.(through a webbrowser)
if you are logged in there it means, you should stay away from that site.

< >

Beiträge 1–15 von 19

Watermelon {JESUS IS LORD} 19. Dez. 2019 um 23:46

not sure but think if its done properly with the official openID login or something like that
and make sure the site is secured with green padlock or something similar no red x;s or anything

Der Ersteller des Themas hat angegeben, dass dieser Beitrag die ursprüngliche Frage beantwortet.

MalikQayum 19. Dez. 2019 um 23:50

Zuletzt bearbeitet von MalikQayum; 19. Dez. 2019 um 23:53

Watermelon {JESUS IS LORD} 19. Dez. 2019 um 23:51

Ursprünglich geschrieben von MalikQayum:
there is a glitch, but basically what you need to do if you always want to be sure you are not falling for this glitch is to log in on the steam store/steam community via steams official sites first. (through a webbrowser)

then when you log into a site that uses openid, should not ask for your credentials to be typed in as you are already logged in.

if it still ask you to log in go back to the official steam store/steamcommunity and check if you are logged in already.(through a webbrowser)

true, forgot about that issue

Ich? 19. Dez. 2019 um 23:52

Ursprünglich geschrieben von MalikQayum:
there is a exploit, but basically what you need to do if you always want to be sure you are not falling for this exploit is to log in on the steam store/steamcommunity via steams official sites first. (through a webbrowser)

then when you log into a site that uses openid, should not ask for your credentials to be typed in as you are already logged in.

if it still ask you to log in go back to the official steam store/steamcommunity and check if you are logged in already.(through a webbrowser)

I have steamguard even if they have acces than im safe right they cant login

Watermelon {JESUS IS LORD} 19. Dez. 2019 um 23:54

Ursprünglich geschrieben von ELentcho:
Ursprünglich geschrieben von MalikQayum:
there is a exploit, but basically what you need to do if you always want to be sure you are not falling for this exploit is to log in on the steam store/steamcommunity via steams official sites first. (through a webbrowser)

then when you log into a site that uses openid, should not ask for your credentials to be typed in as you are already logged in.

if it still ask you to log in go back to the official steam store/steamcommunity and check if you are logged in already.(through a webbrowser)

I have steamguard even if they have acces than im safe right they cant login

depends on which steamguard
if only email they still can get in cause youre computer is already compromised and have your email password
if mobile authenticator you have better security but even then still be careful, dont give your code to third party sites or you give them access too and dont open those third party sites on your phone or your phone will be compromised

MalikQayum 19. Dez. 2019 um 23:55

Ursprünglich geschrieben von ELentcho:
Ursprünglich geschrieben von MalikQayum:
there is a exploit, but basically what you need to do if you always want to be sure you are not falling for this exploit is to log in on the steam store/steamcommunity via steams official sites first. (through a webbrowser)

then when you log into a site that uses openid, should not ask for your credentials to be typed in as you are already logged in.

if it still ask you to log in go back to the official steam store/steamcommunity and check if you are logged in already.(through a webbrowser)

I have steamguard even if they have acces than im safe right they cant login

no because they use your credentials and sessionid, so you would have to deauthorize all devices.
it won't matter if you have 2fa or steam guard at this point, you should then first revoke your api key, then change password just to be safe.

Zuletzt bearbeitet von MalikQayum; 19. Dez. 2019 um 23:56

Watermelon {JESUS IS LORD} 19. Dez. 2019 um 23:55

Ursprünglich geschrieben von MalikQayum:
Ursprünglich geschrieben von ELentcho:

I have steamguard even if they have acces than im safe right they cant login
no because they use your credentials, so you would have to deauthorize all devices.
it won't matter if you have 2fa or steam guard at this point, you should then first revoke your api key, then change password just to be safe.

yep^^

Ich? 19. Dez. 2019 um 23:56

Ursprünglich geschrieben von MalikQayum:
Ursprünglich geschrieben von ELentcho:

I have steamguard even if they have acces than im safe right they cant login
no because they use your credentials and sessionid, so you would have to deauthorize all devices.
it won't matter if you have 2fa or steam guard at this point, you should then first revoke your api key, then change password just to be safe.

How that work

Watermelon {JESUS IS LORD} 19. Dez. 2019 um 23:57

Ursprünglich geschrieben von ELentcho:
Ursprünglich geschrieben von MalikQayum:
no because they use your credentials and sessionid, so you would have to deauthorize all devices.
it won't matter if you have 2fa or steam guard at this point, you should then first revoke your api key, then change password just to be safe.

How that work

https://store.steampowered.com/twofactor/manage

Muppet among Puppets 20. Dez. 2019 um 0:11

2 factor login does not help against phishing

#10

Ich? 20. Dez. 2019 um 0:15

Ursprünglich geschrieben von CHRISTmas {JESUS IS LORD}:
Ursprünglich geschrieben von ELentcho:

How that work
https://store.steampowered.com/twofactor/manage

I did it i am save now? I deauth

#11

Watermelon {JESUS IS LORD} 20. Dez. 2019 um 0:17

Ursprünglich geschrieben von ELentcho:
Ursprünglich geschrieben von CHRISTmas {JESUS IS LORD}:
https://store.steampowered.com/twofactor/manage

I did it i am save now? I deauth

prob but u should change ur password and remove api key (i forget where that is in settings) and scan for malware

#12

Muppet among Puppets 20. Dez. 2019 um 0:17

Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key https://steamcommunity.com/dev/apikey

#13

Watermelon {JESUS IS LORD} 20. Dez. 2019 um 0:17

nice^^
the copy paste list, i should store that on medesktop

#14

Ich? 20. Dez. 2019 um 0:21

Ursprünglich geschrieben von Muppet among Puppets:
Scan for malware. https://www.malwarebytes.com/

Deauthorize all devices https://store.steampowered.com/twofactor/manage

Change your password on a secure device.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key https://steamcommunity.com/dev/apikey

I never do Backup codes

#15

< >

Beiträge 1–15 von 19

Pro Seite: 1530 50

Alle Diskussionen > Steam-Foren > Help and Tips > Themendetails

Geschrieben am: 19. Dez. 2019 um 23:45

Beiträge: 19

Neue Diskussion starten

Diskussionsregeln

Diesen Beitrag melden