Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Scan for malware. https://www.malwarebytes.com/
Deauthorize all devices https://store.steampowered.com/twofactor/manage
Change your password on a secure device.
Generate new back up codes. https://store.steampowered.com/twofactor/manage
Revoke the api key https://steamcommunity.com/dev/apikey
** If there is nothing in the API key area, that’s fine. If there IS something, remove it. Nothing should be there.**
There is no malware. No API.
I have tried everything and it keeps happening.
The first thing I did of course is to remove all payment methods.
Now I have some games i really like that are on offer but I cannot buy them without risking my credit card information.
If you would get these pins thru email, that would be a different thing, then someone probably had access to email and password.
Here what happens daily. At odd hours of the day , when the app isn't even loaded at all, my only device with steam installed wasn't even turned on....
A notification suddenly appears and tells me to use this pin.
Then it stops. Until the next day that is. It seems like this person is making one attempt per 12 to 24 hours or something.
"Deauthorize all other devices" means all authorizations other than the one you're currently using are removed. Any login on such devices will then prompt another code request.
This also means it's useless for your situation, as you ARE getting codes, so these logins are obviously NOT happening on authorized devices.
This is mostly for situations where you loose control over an authorized device. Unfortunately, you can't revoke specific authorizations, but it's also a certain safety net -- if you loose your laptop, you'd have to remember to remove authorizations for the Steam client, the Firefox browser, the Chrome browser... and you might forget your ASF bot.
1) someone has a username similar to yours
2) they type in your username
3) they can’t log in
4) they initiate a password reset
5) you get the code request
None of my other stuff has ever seen any security breach before.
I use the same device for all my banking transactions. No breach.
Zero issues. Only steam has this issue.
I am leaning towards Satoru's idea.
Thank you Satoru.