Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
If you suspect your account might've been accessed by someone else, do the usual steps, that is deauthorize all other devices and change your password.
Ultimately, that boils down to remembering. Did you ever interact with a phishing site?
Step 2 is to deauthorise all sessions(logs your account off of every device, that includes trade sites and 'other' systems that you may have handed your credentials to)
Step 3 is to log in. Re-authorize any trusted sites and devices.
I don't suspect anything, just like the other user was clueless until the event occurred. That's why I want to make a plan how to check if I need to secure my account. Securing it every day will be a bit excessive, so perhaps there is a way to know when you should do it, before it is too late. Maybe there isn't and my question is pointless.
I only use Steam client to access Steam. So no logins in a browser. Just in case.
That said, you have indeed to secure your account daily. Security is a constant process, constant vigilance. I don't mean "look daily whether there's an API key", I mean "be careful in every single online interaction".
*Deauthorize all other devices https://store.steampowered.com/twofactor/manage
*Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
My account doesn't have AP keys.
So only few devices. One of them I want to deauthorize though. But I don't see a way to do it for that one. Just for all of them.
The only realistic way is contant vigilance when it comes to online interations. You need 2 things:
1. Common sense
2. Awareness of phishing
Grow those two and your account will be safe & secure for good.
Steam probably knows. But it would be rude to ask them to check their logs, every now and then.
If you want to check, you can check yourself. No need to ask. Check for the API key, there's also a login history on the support page.
Quite frankly, regularly(ish) checking those places is a buzzkill if I ever saw one and it's way easier to pay attention to not let baddies into your account in the first place but if you prefer retroactively checking to proactively protecting, sure, go ahead, you can check that stuff yourself.
However checking the login history asks me for a username and password. The exact reason why I do not use a web browser, as I don't want to type those in a browser, even embedded one.
How do I know something is not redirecting this login page to their phishing site?
Set your profile to private. And don't stockpile steam cash in your account, and don't brag to people online that your account has valuables on it.
Oh, and if you have discord, set discord to not display which games you are playing.
Also, I mentioned common sense earlier and common sense says "clicking a Navigation link on the official web site, as well as clicking a menu item on the Steam desktop client, both will lead you to official places, not phishing". Common sense is great!
My profile was set on private, but people complain they do not trust private accounts. Maybe that's better, though. Why should they trust me?
No. I don't have discord. Although i think to join one game discord server, but I'll definitely use a separate e-mail account for that.
It also helps to be clued up on how scams work and avoiding phishing site/3rd party trading sites.