Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
Edit: Read more about scams here: https://help.steampowered.com/en/faqs/view/70E6-991B-233B-A37B
[/quote]
Which is just an extra key. If that key is given out with your username and Password it's useless just like if you had 100000 keys. If they are given away then the other person has access.
When you transfer the Authenticator trades get restricted. Can be 2 days if you're keeping the same phone number if not it should be 15 days. So a few hours doesn't sound right.
To be able to get in and change the password they'd have had to use your username, password AND guard code first.
If you have never logged into to a site you've either had Malware on a system you've used or someone you know had access to your phone and used it to give them access
People often fall for it because the fake link is sent to them by a trusted friend, not knowing that the friend's account has been hijacked by the same trick.
basically i got the email and that changed my steamguard device, and didnt notice it, so 2 days later was when all the trades happed all within a few hours over night. I know they didnt have access to my phone, so assuming they somehow got my user and pass, how were they able to change my steamguard device without the actual device. i refuse to believe they got my phone and comp at the same time. not to mention i havent entered a steamguard key in a long time either
As I said you can transfer the authenticator to a new device in different ways. If the new device is using the same number it gets a 2 day restriction. If its to a new device and new number it's restriction is for 15 days.
Sounds more like you didn't notice the email about it being changed for more than 2 days.
NOT hacks, stop saying hack in anyway. Hijacked not hacked. Hacking requires exploiting weakness in code. That doesn't happen on Steam. Hijacking is the issue and that's when users try logging on using a phishing website that steals their credentials.
If emails from Steam are going into a junk folder flag them as non junk.
Why confirm things via another method? You get notified and have 2-15 days to lock the account down. 2 only if they have your number and 15 days if not. More than enough time to secure the account.
1. I'm sick and tired of all the flipping use this to confirm that thing you just did while YOU are inside your account.
2.I'm sick and tired of all the emails notifying me that I just logged in to my account. If it was me ignore it...blah blah.
3.I'm sick and tired of all the added overly complex systems that waste my time all because people can't think and exercise basic security.
Everyone needs to stop living in a little bubble and read things about online safety practices.
Oh and point 2 = 984563798634570958790 emails that mean I may miss important ones because I'm getting notified about ♥♥♥♥ we never should be. You are point and case on that. You missed it because of all the junk you get. Yet Piss poor security practices are why we all get more junk. We all get junk but thats specific to peoples ♥♥♥♥ security practices and somewhat self inflicted
EDIT:
Which is the exact thing phishers do over email. Send an official looking email with some form of warning and have a link. Users trust the link, click it and then proceed to login on a phishing website leading to their account getting hijacked.
There is no way they can get in without satisfying both factors.
Just for the record, Steam Guard is email protection only, where the shield here is gold :
https://store.steampowered.com/account/
Steam Guard MOBILE, or having the mobile authenticator on your Steam account is green :
https://store.steampowered.com/account/
People often say "Steam Guard" when they have the mobile authenticator. It's very important to understand the difference, and to be sure the authenticator stays active on your account and that you do not give the codes away.
Whitout physically having the second factor in their hand (two factor authentication) it is impossible for them to get in to your account.
Many that came before you and that will come after you say it was a "hack". But Valve's database was not breached just so someone could pull off the hack of a century just to get into your account.
1: hack hijack, sure your right. at this exact moment idgaf dude. im not trying to argue with you on the exact wording here. (maybe be a little more understanding since about $1500 worth of stuff just got stolen from me as a side note)
2: yeah i hate getting all the stupid emails about ♥♥♥♥♥♥♥♥♥ as much as anyone else. that doesn't mean that i shouldn't have to click a confirmation to change my 2FA on an account that does contain items of monetary value, and could contain saved payment information.
3: My steam is not set to junk, it is set to a specific folder that is populated with other account related emails. I typically check it every 3 ish days because i don't sit in my email 24/7, there are typically 30ish emails in there and i normally skim them for anything that seems immediately important.
4. My security practices are just fine, i rarely get out of place junk mail, let alone anything downloaded on my PC without my consent. This is why im rather concerned about how my account information was obtained by whatever did it.
Its my understanding that not only was it put out that steam guard was supposed to be the end all be all of security protecting you when account credentials were lost, but i was also under the impression that there was a trade limit as well, i routinely hear from my friends woes of not being able to make more than 10 trades in a day or two. was this also bypassed or was it simply unimplemented at a time when account "HIJACKING" is at an all time high? It seems entirely unreasonable to make it so easy to steal from an account whose credentials were stolen when id say a large amount of users only use the service once or twice a week.
In denial much? You constantly blaming others for YOUR mistake. You've gradually moved away from you it wasn't your fault but you're still pointing blame elsewhere
1. Plenty of users have had bigger inventories. I don't care whether it was worth 0.01 or 100,001
2. But you GOT emails to say it was changed and as it was changed to a device with a different number you had 15 days to secure the account. But you want a button. Something phishing emails do all the time to trick people into login in on a phishing site.
3. Clearly you need to skim better since you missed the email about changing Authenticator device 15 days ago.
4. Fine? How did someone get your username, password, LIVE Guard code and 15 days before they can to use the Authenticator on new device? You either logged in on a dodgy site, System is infected, Someone got access to your phone.
And your understanding was wrong. 2FA is not a make peoples account immune to compromise. It's a tool to assist but thats it. Just like you have locks on your house. If the keys fall into the hands of someone else the locks, no matter how good, are useless.
You should be reading up so you understand how security features help instead of making assumptions.
I've traded well over 100 items in a day before, no issues. Must be something specific to your friends account.
Doesn't matter if a user accesses the system once a year or 100 times a day. It takes mere seconds to compromise an account. PEBKAC
If they were, how did others get all your account credentials?
How about you investigate when and where YOU messed up instead of arguing on the forums.
My whole reason for this was post was more of a "what new hacks are out there i may not know of" etc than to be told i have a cluttered email, and even less so to have an argument that they could have put a confirmation link in an email they were already going to send me changing my 2FA with only my login credentials. (which would has been standard security process for other companies)
It is because I take measures against this sort of thing I'm looking for answers and, have turned in this case to asking on here, to see if there was something new going around. But as such have gotten nothing particularly useful.