All Discussions > Steam Forums > Help and Tips > Topic Details
This topic has been locked
Clan Wolf Nov 4, 2016 @ 10:14pm
Steam Desktop Authentication
*update 16/05/18

with the growth of steam lately. increasing sophsiticated attacks. customers expensive items getting bigger. and this SDA getting fakes on the internet, to lure in hijacks. this nefty program is at HIGH RISK.

I'm making the switch. only use this temporarily for when you do not have a mobile and trading is needed.


update from github

WARNING: Recently there have been fake versions of SDA floating around that will steal your Steam account. Never download SDA from any place other than this github repo!

Don't use anymore, this thread will stay here as a relic of what once was. I have no connection to the github maker, i would of left a comment on github but it isn't allowed.

I dont encourage you use this, you are takings RISKS if use the open source program, you were warned. i have nothing to do with the makers. Read the comments, go to reddit for info




general rule about steam accounts, your more at risk the higher the value of your items are worth. attackers know this and are watching you. There is no metric for this, mid and high hundreds and thousands in worth. Is more eyes on you and its worth attackers time and resources to steal it from you.

*********************
https://github.com/Jessecar96/SteamDesktopAuthenticator

https://www.reddit.com/r/SteamDesktopAuth/

https://www.reddit.com/r/tf2/comments/3ug38r/introducing_the_steam_desktop_authenticator_beta/?st=iv4va1zs&sh=36100af3


*********************

everyone uses email authentication and everyone must have at the very least have a basic mobile that gets calls and sms, all services employ this now.

dont use a voip account that acts like a mobile which you control through your pc, its a measure for being anonymous. But types like this or types of email Valve detect and reject as acceptable, so don't bother. Valve are too smart for most.

steam requires you give them a mobile number, in case your account is hacked. you can have sms sent to you a reset code etc (so keeping mobile updated is important)

but if you fail to do this before losing your mobile, this here will sort you out

(don't rely on steam tickets to fix your problem, unless its not fixable with the below link!)

https://help.steampowered.com/en/wizard/HelpWithLogin/

use steam desktop authenticate (not by valve) its the external software program steam customers wanted so they dont have to use a mobile app, so someone in the community wrote it

steam is an open API, so uses their open api keys so you can login through it like bot sites.

it will just use your accounts mobile number and will activate steam into thinking your using the mobile app. gives you the tokens you need to verify trades with players.


take in consideration security, strong passwords/licensed anti-virus (if you use free stuff, your running risks) channel your trading goods to another account, on a another pc if you can.

So then through that 2nd desktop authenticate account setup which you use to trade with. This will limit harm to your main account as you dont use it to trade with others, only your alt.

but remember you are still NOT SAFE using this, read comments below. You are still taking huge risks. if your lazy about your online security, this isn't for you. However mobile users generally have lacked passwords, which is part of my quarrel.


HOW TO SETUP


INSTRUCTIONS: write everything down

run program> click setup new account (just login)

your steam account login

name
password

(should be long and complicated, no words. mix of letters, numbers, special characters and upper case letters you can even use _ - + = : ; even a space

so you login into like any other bot key, it sends you a email verification code, enter that on the 2nd prompt.

just as the 3rd prompt for passkey below appears, assuming your steam account mobile is up to date. you get a sms code, but dont use it just yet. its after passkey

4th prompt it will ask you to make a passkey, just a password not the same as your steam login, but just as complex.

5th prompt 'its own sauce' it will give out a revocation code ###### (its just 1 letter at the beginning and 5 numbers), use this when it asks for it. write it down. if you skipped revocation code later when it asks you will have to begin again.

6th prompt enter sms code, you were given ###### (its a code of 5 numbers)

7th prompt it asks for the revocation code ######, enter that.

you should get a email notification, steam guard mobile authentication is enabled successfully on your account. GOOD JOB

now go trade, use the automatically generated tokens you see changed every 10 seconds to verify trades with others

Update* Even if you lose your imported mafiles, its easy to redo. Just remove mobile authenicator from account on steam - follow prompts, sends a text code then a email code, enter both.
You cannot restart the process on the program without removing this first, it detects your account is linked etc. Then redo the steps. Take it slow, do it a few times, to restart remove from manifest. As long as you know your username and password and the wizard link above (as a 2nd to last move) It will be all right.

update 30/06/17
new update SDA1.0.8.1, old is 7.2.

you can still get tokens to login but trade confirmations require this update, you also need newer .net framework 4.6.2 for it to work. Old .net was 4.5.2.

Updating 8.1 has me currently confused, the page says the following about updating:

Extract all the files contained inside the ZIP file over your copies of the same files wherever you installed Steam Desktop Authenticator. The program will not run unless you extract all the files.

what you do with the extract files and import of mafiles doesnt work, as far as im concerned.

Honestly it is easier just to follow my steps for complete renewel, using the new version 8.1.
p.s this sort of guide is gotten lengthy, but im too lazy to make it into a guide. Those really dont help.

as always any problems, take it up with the person on github who made SDA, like you i just wanted it to make life easier so i can get on with stuff.



Be safe
Last edited by Clan Wolf; May 15, 2018 @ 3:16pm
The author of this topic has marked a post as the answer to their question.
Click here to jump to that post.
Originally posted by The Giving One:
Originally posted by Clan Wolf:
yeah true that, you take this on you are taking a risk...disclaimer.

but the reasoning discussion has yet to begin. i think most agree highly complex passwords that are never the same, are beyond 16 characters (i use 30 or more) and a good anti-virus. format windows if needed and browsers that are not full of malware

how long until attackers find a way through, a first defense is important
Until a user changes such complex passwords on the same compromised device, as in a computer infected with malware, for example, which is the biggest and most well-known source of account compromises.

EDIT..Correction...a big source, if not THE biggest.

That just can give the newly changed password right over to the attacker, possibly.
< >
Showing 1-15 of 27 comments
Mal Nov 4, 2016 @ 10:16pm 
no voip numbers are allowed on steam, there is a good reason for it. a basic android device with android 4.1.2 or higher is so cheap, as little as 15 usd.
#1
Clan Wolf Nov 4, 2016 @ 10:20pm 
good to know!
#2
The Giving One Nov 4, 2016 @ 10:24pm 
Yea, using VOIP numbers is not recommended. We have seen users, for example only, claim to get a VAC ban also due to doing that, as in phone number sharing as per the way VAC works now.

And also, the whole idea is to have two factor authentication, as in......two factors. Having authentication on the same device, such as the same computer that can get compromised more easily, is not having two factors.

Bypassing security is never a good idea, and using the same device for authentication is doing just exactly that. Thanks.
#3
Clan Wolf Nov 4, 2016 @ 11:01pm 
yeah true that, you take this on you are taking a risk...disclaimer.

but the reasoning discussion has yet to begin. i think most agree highly complex passwords that are never the same, are beyond 16 characters (i use 30 or more) and a good anti-virus. format windows if needed and browsers that are not full of malware...the first defense is important

how long until attackers find a way through, is anyones guess
Last edited by Clan Wolf; Nov 4, 2016 @ 11:02pm
#4
The author of this thread has indicated that this post answers the original topic.
The Giving One Nov 4, 2016 @ 11:03pm 
Originally posted by Clan Wolf:
yeah true that, you take this on you are taking a risk...disclaimer.

but the reasoning discussion has yet to begin. i think most agree highly complex passwords that are never the same, are beyond 16 characters (i use 30 or more) and a good anti-virus. format windows if needed and browsers that are not full of malware

how long until attackers find a way through, a first defense is important
Until a user changes such complex passwords on the same compromised device, as in a computer infected with malware, for example, which is the biggest and most well-known source of account compromises.

EDIT..Correction...a big source, if not THE biggest.

That just can give the newly changed password right over to the attacker, possibly.
Last edited by The Giving One; Nov 4, 2016 @ 11:04pm
#5
Clan Wolf Nov 4, 2016 @ 11:05pm 
well i better go format then, lol ....i actaully should. look this is a better discussion to be had on reddit, better minds there in aggregate, they are scary smart. here is just a form of ♥♥♥♥ posting

n fyi i do plan on switching to linux at some point..
Last edited by Clan Wolf; Nov 4, 2016 @ 11:12pm
#6
The Giving One Nov 4, 2016 @ 11:13pm 
Originally posted by Clan Wolf:
well i better go format then, lol ....i actaully should. look this is a better discussion to be had on reddit, better minds there in aggregate, they are scary smart. here is just a form of ♥♥♥♥ posting
If this is your reply in disagreement with me due to me posting facts that apparently dispute your points, that is what a real "discussion" is all about.

There is no point in a discussion where everyone agrees on everything. But thanks for helping in the community, as that is what you posted this here for, I see. And on reddit, if you think the replies are going to be not "hearts", that is hilarious to say the least. These forums are epicly moderated better than on reddit.
#7
Clan Wolf Nov 4, 2016 @ 11:37pm 
Originally posted by The Giving One:
Originally posted by Clan Wolf:
well i better go format then, lol ....i actaully should. look this is a better discussion to be had on reddit, better minds there in aggregate, they are scary smart. here is just a form of ♥♥♥♥ posting
If this is your reply in disagreement with me due to me posting facts that apparently dispute your points, that is what a real "discussion" is all about.

There is no point in a discussion where everyone agrees on everything. But thanks for helping in the community, as that is what you posted this here for, I see. And on reddit, if you think the replies are going to be not "hearts", that is hilarious to say the least. These forums are epicly moderated better than on reddit.

no i simply agree with you, there is no security, only the power of decentralised workers/attackers can overcome that system that is centralised.

i just dont want to use the mobile app as i hate mobile devices for that use, if i discover later on just how risky the open source program is i'll prolly stop using it. i had a eureka moment..was on steam support ticket wait and all i needed was steam forum comment of the link above.

dont care either way, the internet in aggregate is scary smart n thats all i need to know. either steam forums or reddit or some other, the information is there and its better than any customer service.


Last edited by Clan Wolf; Nov 4, 2016 @ 11:41pm
#8
The Giving One Nov 4, 2016 @ 11:41pm 
@Clan Wolf

I apologize to you then, as apparently, I misinterpreted what you said to mean that there were better minds on reddit than here, as in replying to what I said, thinking you meant that there are better minds there than my mind, specifically.

Sorry about that, and again, thanks for taking the time to post this here and help the community out. That should always be appreciated at the very least, in my opinion that is.
#9
Mal Nov 4, 2016 @ 11:42pm 
if you have the desktop auth, people can steal the files and take the account alot easier, cause they can get both the desktop auth files and your ssfn files right in the same place. having it on a mobile device is really not all that bad and like i said they are pretty cheap.
#10
Clan Wolf Nov 4, 2016 @ 11:42pm 
Originally posted by The Giving One:
@Clan Wolf

I apologize to you then, as apparently, I misinterpreted what you said to mean that there were better minds on reddit than here, as in replying to what I said, thinking you meant that there are better minds there than my mind, specifically.

Sorry about that, and again, thanks for taking the time to post this here and help the community out. That should always be appreciated at the very least, in my opinion that is.

its quite alright, you did make me think more about what it boils down too
Last edited by Clan Wolf; Nov 4, 2016 @ 11:43pm
#11
Clan Wolf Nov 4, 2016 @ 11:44pm 
Originally posted by Nabert:
if you have the desktop auth, people can steal the files and take the account alot easier, cause they can get both the desktop auth files and your ssfn files right in the same place. having it on a mobile device is really not all that bad and like i said they are pretty cheap.


yeah your supposed to back up the files, havent gone through all the documentation yet. im not using it for a few days, as my alt is on a 7 day wait period for loggin into new device (2nd pc)

i should put disclaimers everywhere.
Last edited by Clan Wolf; Nov 4, 2016 @ 11:47pm
#12
Mal Nov 4, 2016 @ 11:57pm 
Originally posted by Clan Wolf:
Originally posted by Nabert:
if you have the desktop auth, people can steal the files and take the account alot easier, cause they can get both the desktop auth files and your ssfn files right in the same place. having it on a mobile device is really not all that bad and like i said they are pretty cheap.


yeah your supposed to back up the files, havent gone through all the documentation yet. im not using it for a few days, as my alt is on a 7 day wait period for loggin into new device (2nd pc)

i should put disclaimers everywhere.
you shouldnt be advising an non official client anyway, it puts users at risk.
#13
Clan Wolf Nov 4, 2016 @ 11:59pm 
Originally posted by Nabert:
Originally posted by Clan Wolf:


yeah your supposed to back up the files, havent gone through all the documentation yet. im not using it for a few days, as my alt is on a 7 day wait period for loggin into new device (2nd pc)

i should put disclaimers everywhere.
you shouldnt be advising an non official client anyway, it puts users at risk.

well we expose it in a healthy discussion for what it is and what it isnt.
#14
Clan Wolf Nov 5, 2016 @ 12:11am 
i like the comment of running this in virtual machines, i'll copy/post this here from reddit tf2

Virtual machines can't protect themselves from the host computer. As in, if malware had admin/root access to your computer already, your VM isn't really safe from the malware. In practice, malware authors are lazy and will likely never write code to break into your VMs for your Steam account. But you never know.

someones reply
Yes, you are correct. It's still a quarantine of sorts though. But I guess if we're talking about VMs it makes more sense to run an Android VM, the likelyhood of someone hijacking your machine and deploying cross-platform/architecture malware is pretty slim, they would have to know it's there in the first place, and they'd have to get through your lockscreen pattern as well.
Last edited by Clan Wolf; Nov 5, 2016 @ 12:12am
#15
< >
Showing 1-15 of 27 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Nov 4, 2016 @ 10:14pm
Posts: 27
Start a New Discussion

Discussions Rules and Guidelines