Steamをインストール
ログイン
|
言語
简体中文(簡体字中国語)
繁體中文(繁体字中国語)
한국어 (韓国語)
ไทย (タイ語)
български (ブルガリア語)
Čeština(チェコ語)
Dansk (デンマーク語)
Deutsch (ドイツ語)
English (英語)
Español - España (スペイン語 - スペイン)
Español - Latinoamérica (スペイン語 - ラテンアメリカ)
Ελληνικά (ギリシャ語)
Français (フランス語)
Italiano (イタリア語)
Bahasa Indonesia(インドネシア語)
Magyar(ハンガリー語)
Nederlands (オランダ語)
Norsk (ノルウェー語)
Polski (ポーランド語)
Português(ポルトガル語-ポルトガル)
Português - Brasil (ポルトガル語 - ブラジル)
Română(ルーマニア語)
Русский (ロシア語)
Suomi (フィンランド語)
Svenska (スウェーデン語)
Türkçe (トルコ語)
Tiếng Việt (ベトナム語)
Українська (ウクライナ語)
翻訳の問題を報告
ルールとガイドライン
この投稿を報告する
This message is widely misleading and heart-attack inducing and I think Valve should look into changing that if it's possible.
Are you using ExpressVPN by any chance? I have been using it for about 2 months, but only started having the Steam credentials issue for the past week. I actually have ExpressVPN configured so that only my browser goes through the VPN, while everything else should remain connected directly. I'm wondering if something in the recent ExpressVPN software update changed/broke how it handles apps that should have direct internet access, causing an issue for Steam.
Edit: I want to add though, that when I test connecting and disconnecting my VPN, I cant get it to log me out of steam and/or trigger the credentials error. Everytime I've notice the credentials message is when I've returned to my PC after being afk for about an hour or more (screen turned off, but computer awake, ExpressVPN open in my system tray but not connected). I can't be sure if it happened while I was AFK, or maybe before I went AFK and I just didnt notice the msg, hidden behind my other open windows.
The other 2 things that I've recently changed over the past couple of weeks are moving my Steam authenticator to a new phone and also installing Windows 10 on this PC, while still logging into Windows 7 where I am facing this steam error. Though I booted into Windows 7, played a few games without an issue (steam auto logged in when booting up) and only got the error a while later (probably while AFK).
Does your ISP give you a new IP address every time you login?
And ISP gives the router an IP, not the computer, so it has nothing to do with that. I strongly suspect it's caused by Steam trying to connect when there's no internet connection, which causes it to fail and basically log out of the account, and once logged out, 2FA is required to log back in. As for the message, Valve is just too stupid and incompetent to set it to display the appropriate message based on what's happening, so they just use this one as a catchall.
So the way IP addresses work is that there is a public facing IP address that is what Valve is told is associated with you. This can either be a static one assigned to your router, a dynamic one assigned to your router or a shared one. In any case there will be translations involved at every level it is shared to route replies to messages you make back to you.
That publically visible IP address (which works differently based on your ISP) is what Valve is using as part of the information to decide whether a stored token is valid or not. i.e. if you send them a stored token and Bob sends it to them they don't want Bob to be able to login to your account just because they've copied the token. So when your public facing IP address changes Valve starts to think you are Bob, so your token no longer works and has to be refreshed.
Right, I get that. And my point was that just because I put my laptop to sleep, that has no effect on the public IP. Whatever happens on my laptop, or between it and the router, doesn't change the other, public-facing side of the router. So I can sit here and switch from 192.168.0.1 to 192.168.0.2 and so on until I get to 200, and as far as Valve is concerned I'm still, e.g., 171.146.202.184 (random #'s, *not* my actual IP). *That* only changes when rebooting the router or occasionally by the ISP if it's dynamic. I suppose it's possible they're changing it very frequently, and that's something I'll have to keep an eye on, but that's still an issue then if Steam is going to be that "fragile," and it should use a different system like a file token/cookie.
It lets you know if a user who isn't you isn't you or at your location is logging in.
It's FAR better to be over zealous than the reverse. Steam simply sees ANY changes to IP or anything as new. And that's a good thing.
It is a file token, and it didn't used to use public facing IP address as part of it's verification, but that resulted in a vulnerability that malware makers exploited (all you needed to do was copy that token which had a predictable name and location and you had full account access to everything that didn't require you to re-enter your password) which made a lot of scam attempts easier as they had easy access to a lot of functions (clearing your profile and putting a ban message on there with a link to a location they controlled to contest it, monitoring, cancelling and creating trade requests they couldn't confirm them but they could do everything but).
As a result Valve adjusted the token so if your public IP changes the token itself isn't usable. This make these kind of scams a bit harder. It does mean that some people whose public IP address changes often are finding their tokens getting invalidated more frequently. Most of these people are using VPNs but some just have an ISP that is replacing their public IP for one reason or another.
Makes sense, but doesn't explain why I've been having to use the Steam generator every time lately, unless the ISP is changing the IP frequently, which I'll be watching. But the real issue is their requirement to use their 2FA instead of allowing people to use 3rd party ones like Authy. At least with that I could get the code in a few seconds on my computer instead of having to grab my phone, which may not even be in the same room, unlock it, open the Steam app, and get the code, all of which is made even more annoying by the fact my phone has become frustratingly slow. Or they could have actually improved the token instead of having it be so predictable, like simply append the device ID to it, but why do things smartly?
There are unofficial desktop authenticators that support Steam's 2FA (it's just TOTP but then encodes into their 5 character format instead of the normal 4 character ones).
WinAuth is an example that has Steam support in their desktop authenticator.
To be clear however a Desktop Authenticator isn't 2-Factor anymore. The point of two factor is you are accessing your account on one device and authenticating with a separate device. This provides the maximum protection as someone has to compromise both devices in order to get access to your account. If you access and authenticate on the same device they only need to compromise that one device to have full access to your account.
It's still two-factor, just not multi-device. I realize that takes away from it, but it doesn't make it not two-factor. After all, if someone gets my password, they still don't have my computer. If they get my computer, they don't have my password (or, really, the authenticator, since the computer would almost certainly be locked). And I looked at one unofficial authenticator, but it was very clear that using it isn't safe, and I'm not willing to take risks with my account. Valve should just add official support for Authy, et al, just like almost everybody else does. It's bad enough to provide an inferior product, or to require use of their product, but to do both...