Change is the only constant in life. That said, regularly changing passwords is useless as security practice.

Yeah, that sounds about right.
I may have a slight paranoia problem, while being drunk.
Have a nice day, mate <3

Security professionals (as in "people working in the field", not "dudez with too much spare time") recommend unique & strong (no dictionary, numbers, letters & special characters) passwords. That, and basic hygiene, like not engaging with malware/phishing and staying away from untrustworthy computers. The next part should be obvious, but were on the Steam forum here: If you're going to let someone else use your computer, give them an own account.

Yeah, that all pretty much figures.
Altough in hindsight I am very surprised that my steam account survived all the third party cs go gambling websites I excessively used a few years ago.

Not all of them indulge in phishing. I dare to claim that most are just regular gambling scams.

True, plus I actually won quite a bit (in cs go skins that is).
Still, as much as I threw my my login data around on some quite fishy looking sites (without mobile authenticator back then), would've been no wonder, if my account would've gotten stolen.

Originally posted by TheBreakervs:

I threw my my login data around on some quite fishy looking sites (without mobile authenticator back then), would've been no wonder, if my account would've gotten stolen.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key https://steamcommunity.com/dev/apikey

Stop giving away your account info to 3rd party skin/case/betting/trade sites.

Originally posted by ReBoot:

Security professionals (as in "people working in the field", not "dudez with too much spare time") recommend unique & strong (no dictionary, numbers, letters & special characters) passwords. That, and basic hygiene, like not engaging with malware/phishing and staying away from untrustworthy computers. The next part should be obvious, but were on the Steam forum here: If you're going to let someone else use your computer, give them an own account.

Regarding passwords, i love using this example:
https://xkcd.com/936/
Length is more important than complexity. But yeah, don't reuse passwords.

This one ain't right anymore. Dictionary password attacks have long evolved to check for sentences. Sure, theres ore entropy here than one word but still less than one "word" with special characters/numbers.

Still, passwords are not that important on Steam. I would be concerned if I got a Steamguard mail, and try to find out how they got the credentials -- but they'll need my mail address and credentials as well to actually get anywhere, so I wouldn't loose sleep over such an incident.

Originally posted by ReBoot:

This one ain't right anymore. Dictionary password attacks have long evolved to check for sentences. Sure, theres ore entropy here than one word but still less than one "word" with special characters/numbers.

That's why you use a language that is rare and hard. If Google can't get their translations right I don't have high hopes for attackers.

Originally posted by simolkaw:

Originally posted by TheBreakervs:

I threw my my login data around on some quite fishy looking sites (without mobile authenticator back then), would've been no wonder, if my account would've gotten stolen.

Generate new back up codes. https://store.steampowered.com/twofactor/manage

Revoke the api key https://steamcommunity.com/dev/apikey

Stop giving away your account info to 3rd party skin/case/betting/trade sites.

Appreciate the concern, but as I said, this has been years ago and I've done all of this since then.
Thanks nontheless