Elucidator の投稿を引用：

(see previous posts, this is a bit of an interrupt on the subject, since its more about 'OPs named issue and other steam client issues suddenly'.)

Well, for epileptic users, at least you can use 'small mode'
but you need to login once at least before you can tick that box

... as for the client, the UI can be modified, but....valve doesn't make that easy and understandable from what I have seen. Filenames have numbers as a name which have no human understandable meaning. The JS and CSS files are all one-liners (cropped code with no instant recognizable sense in them), so despite the client's appearance being modable, I can see why no one developed any Steam Client 'UI skin', because this is just chaos.

Anyone with epilepsy problems will get epilepsy from the wall of words upon seeing the CSS code.
sigh-
so in other words, steam hasn't shown proper support for these people, despite them also making room for people who use custom mouses or something.

Im more curious if they plan on doing anything regarding the login.

Like how the hell can the steam app literally kick you out of your own account just cuz the damn steam guard code expires in 24 hours.

That's just insanely stupid.

Mihai_89 の投稿を引用：

Kicking you out of your account randomly is just insanely stupid and annoying, can't they at least find an alternate solution ?

Either enable auto-login; or use the app-based authenticator on your smartphone.
The last one is their preferred solution and the one they've been pushing everyone to because the authenticator is bundled inside a general purpose Steam app that gives them 24/7 access to your eyes to serve you information on new releases; new deals; what friends are doing on the platform; etc. -- all to keep you locked into the Steam ecosystem and preventing you from sharing time with other gaming platforms.

RiO の投稿を引用：

Mihai_89 の投稿を引用：

Kicking you out of your account randomly is just insanely stupid and annoying, can't they at least find an alternate solution ?

Either enable auto-login; or use the app-based authenticator on your smartphone.
The last one is their preferred solution and the one they've been pushing everyone to because the authenticator is bundled inside a general purpose Steam app that gives them 24/7 access to your eyes to serve you information on new releases; new deals; what friends are doing on the platform; etc. -- all to keep you locked into the Steam ecosystem and preventing you from sharing time with other gaming platforms.

What if i just login from my PC and use the email code ?

I don't use steam mobile too much because of how buggy it is.

Mihai_89 の投稿を引用：

What if i just login from my PC and use the email code ?

Then if things didn't change since the beta, the token will expire after 24 hrs.

...
oh damn...
I just realized the reason it expires after 24 hrs.

And it was staring me in the face the whole time:

RiO の投稿を引用：

I suspect that what it is doing, is using the web-based sign in flow that is nominally used when signing into Steam via the browser

If the new login is directly using the web-based sign-in flow, then it would also use whatever expiration windows are set on the 2FA token in the web-based sign-in flow. And iirc those have always been much more limited than when signing into the desktop client.

So there's our probable answer:
Some complete and utter doofus probably forewent adding proper support to the web-based sign-in's 2FA prompts to generate a token with a longer expiration time and a sliding window like the desktop client experience received from Steam's backend.


This would be both good news and bad news.

The good news being that it's probably unintended and actually a bug.
The bad news being that Valve generally still doesn't give two shakes about this type of bug; esp. considering not fixing it aligns with their long-term goal of pushing everyone to install the Steam app onto their smartphones. (And if you don't have a compatible phone; you're apparently a statistically insignificant minority that's worth burning.)

RiO の投稿を引用：

Mihai_89 の投稿を引用：

What if i just login from my PC and use the email code ?

Then if things didn't change since the beta, the token will expire after 24 hrs.

...
oh damn...
I just realized the reason it expires after 24 hrs.

And it was staring me in the face the whole time:

RiO の投稿を引用：

I suspect that what it is doing, is using the web-based sign in flow that is nominally used when signing into Steam via the browser

If the new login is directly using the web-based sign-in flow, then it would also use whatever expiration windows are set on the 2FA token in the wab-based sign-in flow. And iirc those have always been much more limited than when signing into the desktop client.

So there's our probable answer:
Some complete and utter doofus probably forewent adding proper support to the web-based sign-in's 2FA prompts to generate a token with a longer expiration time and a sliding window like the desktop client experience received from Steam's backend.


This would be both good news and bad news.

The good news being that it's probably unintended and actually a bug.
The bad news being that Valve generally still doesn't give two shakes about this type of bug; esp. considering not fixing it aligns with their long-term goal of pushing everyone to install the Steam app onto their smartphones. (And if you don't have a compatible phone; you're apparently a statistically insignificant minority that's worth burning.)

But that's what i mean.

What if we just use the email code when logging in from our PCs and not use the steam mobile app ?

I mean if we still have the option for the email code we don't have to use the steam mobile app right ?

Also you're saying someone had the bright idea of using the steam web-app's features on the desktop app when logging ?

Mihai_89 の投稿を引用：

What if we just use the email code when logging in from our PCs and not use the steam mobile app ?

I mean if we still have the option for the email code we don't have to use the steam mobile app right ?

We do still have the ability to log in on Steam on our PCs and just use the SteamGuard email codes, instead of configuring the SteamGuard app, yes.

But then what I posted before applies:

RiO の投稿を引用：

Then if things didn't change since the beta, the token will expire after 24 hrs.

[EDIT]


Some more evidence towards the theory that the new login experience is just a hack that sits in front of the actual unaltered client:
https://steamcommunity.com/discussions/forum/1/3392923906942636066/?ctp=3#c3392923906946432450

it seems people who experience clock drift couldn't log in successfully until Valve issued a server-side patch that widened the tolerance for it in the cryptographic checks. (Yes; there are time-sensitive cryptographic algorithms that allow for configurable tolerance windows.)

This is more than a bit strange, because during the normal start of the Steam Client it will trigger a start of the Steam Service; and that service will in turn force a clock synchronization. All of this used to happen directly at start up; i.e. before you could ever get to see the login window. (Heck; probably before it would even verify any potentially stored auto-login credentials for validity.)

...
And now it doesn't anymore.

Before Valve issued their patch, affected users were required to manually sync their clocks.
Strictly speaking they're still required to do that. But the tolerance-for-error is now much larger, so the risk of problems surfacing due to a clock that is experiencing drift are less substantial.

RiO の投稿を引用：

Mihai_89 の投稿を引用：

What if we just use the email code when logging in from our PCs and not use the steam mobile app ?

I mean if we still have the option for the email code we don't have to use the steam mobile app right ?

We do still have the ability to log in on Steam on our PCs and just use the SteamGuard email codes, instead of configuring the SteamGuard app, yes.

But then what I posted before applies:

RiO の投稿を引用：

Then if things didn't change since the beta, the token will expire after 24 hrs.

[EDIT]


Some more evidence towards the theory that the new login experience is just a hack that sits in front of the actual unaltered client:
https://steamcommunity.com/discussions/forum/1/3392923906942636066/?ctp=3#c3392923906946432450

it seems people who experience clock drift couldn't log in successfully until Valve issued a server-side patch that widened the tolerance for it in the cryptographic checks. (Yes; there are time-sensitive cryptographic algorithms that allow for configurable tolerance windows.)

This is more than a bit strange, because during the normal start of the Steam Client it will trigger a start of the Steam Service; and that service will in turn force a clock synchronization. All of this used to happen directly at start up; i.e. before you could ever get to see the login window. (Heck; probably before it would even verify any potentially stored auto-login credentials for validity.)

...
And now it doesn't anymore.

Before Valve issued their patch, affected users were required to manually sync their clocks.
Strictly speaking they're still required to do that. But the tolerance-for-error is now much larger, so the risk of problems surfacing due to a clock that is experiencing drift are less substantial.

Sorry i don't i understand what you mean.

Mihai_89 の投稿を引用：

Sorry i don't i understand what you mean.

I am using an older version of windows, which doesn't have an easy sync button.
That said it is based on what I read on my phone which is synced (due to it being a phone). Which time server it is synced to, I don't know, but time.is says my clock is off by 4 seconds.
so that is not too bad.

What RiO is saying is that the Steam Client Service likely has its own clock syncing. It doesn't change your PC's time, but it has basically its own clock that gets synced with whatever time Valve uses, and this then helps determine 'when' you log in from your system.

Edit:
I am surprised Valve employees working on it are actually reading Reddit more than they seemingly are looking on their own discussion boards:
https://www.reddit.com/r/Steam/comments/xxiean/steam_log_in_looks_different_and_not_let_me_log/

if you want to report the mentioned issues and bugs, due to this, I recommend posting about it on reddit for now. (I mean people mentioned it in Steam Client Beta, but perhaps not technical enough... idk)
Steam Support will likely point you to "community" or "steam client beta". but its also an option. I don't think the devs stare at the community board, but the moderators do I guess, so ... 'maybe'. xd

Elucidator の投稿を引用：

Mihai_89 の投稿を引用：

Sorry i don't i understand what you mean.

I am using an older version of windows, which doesn't have an easy sync button.
That said it is based on what I read on my phone which is synced (due to it being a phone). Which time server it is synced to, I don't know, but time.is says my clock is off by 4 seconds.
so that is not too bad.

What RiO is saying is that the Steam Client Service likely has its own clock syncing. It doesn't change your PC's time, but it has basically its own clock that gets synced with whatever time Valve uses, and this then helps determine 'when' you log in from your system.

No. The Steam Service actually programmatically issues a Windows API call to force Windows to sync the actual OS clock with whatever internet server it is configured to. (iirc the default is at time.windows.com)

This ensures the system clock is accurate to roughly the millisecond with whatever time representation Valve has. Having their clock and your clock in sync is important for certain types of cryptography and cryptographically secured verification mechanisms which use the current time (or a window of time around the current time) as a part of their working.

The new login experience could return a very particular error code related to a bad cryptographic result which came from time drift - i.e. a discrepancy between your system clock and Valve's system clock on their servers.

This shouldn't be able to happen if the Steam Service, which starts up just before the main Steam Client, had finished starting before the sign-in prompt. Because then the service would've just finished syncing the clock. And there's no way in hell it would've been able to drift beyond tolerance values that quickly.

Hence, the only logical conclusion is that the new sign-in experience is placed before the Steam Service component is started. But its the main Steam Client which starts that service. So the new sign-in experience has to be started before the main Steam Client.

I.e. it pretty much has to live in the bootstrapper; the bit of code that is responsible for installing the updates to the main Steam Client and is responsible for verifying its integrity.

Elucidator の投稿を引用：

if you want to report the mentioned issues and bugs, due to this, I recommend posting about it on reddit for now.

I would; but I avoid Reddit like the plague.
Same as Twitter.

The expiring of 24 hours is somehow only for not remembered login?

While it doesnt make sense to have an expire .....
A) They say keep logged in is fine
but then
B) its bad being logged out and have a token?

Does not make sense.