The chances are not 0%.

Don't think in terms of "shady/unknown", think in terms of phishing. If you don't ever touch anything unknown, you'll never ever see anything new and that's sad.

With that out of the way, as long as you employ common sense & awareness of phishing (which, again, isn't "shady/unknown") and don't, in fact, feel perfectly safe because you're following best practices, your account(s) are safe.

Without Salt, using a GPU rig, you could maybe find the password in 2 days. (newest GPUs and a lot of them)
however Steam adds salt to passwords and even as little as 2 symbols would turn it into taking centuries for it to be cracked.

Not to mention, steam doesn't allow endlessly guessing passwords. They block ips that send too many requests a second (google standard protection, Cloudflare will also do this)
+ after a number of misttyped passwords you need to reconfirm through steam guard in my guess.

So basically you have nothing to worry about unless steam, even with just 8 characters.

Just don't hand it out to anyone and keep steam guard 2fa up.

Odessa님이 먼저 게시:

steam guard activated with my phone number.

If you are really worried and want to kick security up another level, don't use your everyday cell phone, but a secondary PC or phone, that you use only for confirmation purposes. Might be a bit of overkill though, unless you got a spare one lying around anyhow.
Password cracking is practically unheard of here, and spyware entries are a very rare issue as well; the main issue is indeed phishing (given, that most thieves are working their scripts on second-hand base, this has certainly the lowest skill entry required as well). For this reason, the main focus should be, that you remain very careful on where you sign in. Something as simple as relying on one-click logins (being logged into the main page of Steam, so that legitimate websites will suggest you to confirm your profile instead of asking for login information) should already allow you to sort websites into good and bad ones. Careful about this though; there have been a few new cases, where you are given a legitimate login at first, but are asked to sign in again into a false login a few steps later on the same site.

How high is the risk?
How high is the chance, that someone does so many typing errors in their username, password and code, that they randomly end up in your account?
There is always an "infinite monkey" situation to imagine.

Odessa님이 먼저 게시:

i have a strong over 8 characters long steam password and steam guard activated with my phone number.

whats the likelihood of losing my account IF i never give away my account to someone and i also never sign in on a shady/unknown website?

Even if someone could guess the 3 details, that your account gets picked is likely as a lottery.