Then buy a cheap tablet, move the authenticator to that, and always keep it plugged in.

You don't have to put the authenticator on your phone, and I know I'm not the only one who doesn't either.

I want a dedicated thing tho like blizzard had a dedicated keychain authenticator you could buy to log into your account

The mobile app is for more than just the codes. A little keyfob will not work for what Valve wants.

Diposting pertama kali oleh Snapjak:

The mobile app is for more than just the codes. A little keyfob will not work for what Valve wants.

But for people who don't trade or sell on the market (or don't mind the 15 day hold), then a keyfob would be all they would need. It would be a nice option for people who only need the 2FA part of Steams security.

I'm not saying we should get rid of the app Im just saying i down want to have to turn on my phone just to log into steam

Diposting pertama kali oleh Will Spliff:

Something that sits on your desk like clock sized that syncs up to wifi and your steam account that will display your authenticator code so you don't have to pull out your phone to get the code.
Too many times My phones been dead and it was just wasted time to get the code from my phone. I'd easily pay 60$ for something as simple as this.

And you don't think that the device you are asking for won't require to be charged? What happens when the battery is dead on said device? As far as the "time wasted" from using the phone, it's an action that requires maybe 30 seconds tops to unlock the phone, hit the app, get the code. Some of these suggestions are out of pure laziness.

If it was something that sat on your desk it could just always be plugged in, it wouldnt draw a huge amount of power it would just display a authentication code. The argument that it's laziness is just a stupid argument to make, its not laziness its just about convienece. and yes its not neccesary but alot of things are unnecesary that i use everyday, that would be like making an argument that ssd's are useless cause they only save you like 30 seconds.

There is also a lot to be said for the tremendous short-sightedness that this 'account security' thing has engendered, pretty much across the board.

Apps? No. Less than useless. Why? I don't *have* a phone. I used to, but got rid of it. Personally, I don't *want* to be accessible at anybody *else*'s convenience, thank you very much, and there is no way I can justify the expense of such a device when I will use it for perhaps three minutes a month - usually within an arms-reach of an *equally viable alternative*. If you've got a cell phone permanently hard-wired into your skull, well, that's your problem, isn't it? For me, it's a vanity, and an awfully stupid one at that.

A fob? Perhaps. But how about *A FOB*. I currently have two of the things. Any of them are as good as any other. Why can't I buy *A FOB* at the local electronics store and then register *it* as the authenticator for all such games that use the things? There's an algorythm at the bottom of this because the things don't work by magic. But the notion that a separate fob is needed for each use is strictly marketing propaganda. That I have to buy them from a sole source supplier is even more such marketing hype. I have two - and I'll bet money that they both came out of the exact same factory. All that differs is the paint job.

Perhaps the best solution I've seen is the current Blizzard set-up. They have a loader that will require the fob's code. It will remember that you're a good doobie, and as long as you're logging in from the same device, it won't require the code again for quite awhile. Periodically and under certain circumnstances it will require a re-verification. A nice balance between enhanced security and ease of use. To get my account, they not only need to steal the basic account info, but they also have to break into my place and steal the fob. That's a lot of risk for a computer game account. Thieves like low-hanging fruit. They're thieves because they *don't want to work*.

But, inevitably, there is a better solution. The fobs/apps will go the way of the Phoenix, as they always have - I've done this whole tap-dance before - twice. They'll die in a conflagration, only to be resurrected from their own ashes again by some witless drone in a decade or so because they're bereft of actual original ideas.

For myself, I like the notion of a secondary security application. This could be done with an application whose actual working would be largely invisible to you, the user, but would provide more than enough validation and authentication to satisfy even a bank. The thing could be installed on any computer, be that desktop, laptop, phone, pad, or whatever - wearable computer of the future that you wear like a t-shirt and has a holographic interface, maybe. It could be underpinned at your side with facial recognition, voice, recognition, biometrics like fingerprint scanners, a plug-in authentication dongle - any number or combination of things. None of this (except the t-shirt computer) is beyond the current state of the art. And frankly, I'm pretty sure somebody out there has the t-shirt computer in alpha trials right now.

But if you want good security, that's the way you get it. Not by making people do hop-scotch over a mine-field, or bend themselves into pretzel-shapes. By identifying them beyond any reasonable doubt, and then automatically confirming to any system that is interested that you are who you claim to be. Good security will become universal when and *only* when it is so easy that you spend maybe a half-hour setting it up and then it's doing its job invisibly and effortlessly, without your intervention, ALL THE TIME.

Then, when it breaks, Plan B goes into effect, because there must always be a Plan B. Before too long, I expect that Plan B will simply be a device into which you insert your thumb. It will check that the thumb meets the criteria for being alive (proper temperature and electrical conductivity, hearbeat, etc) take a miniscule sample of blood, run a quick DNA analysis, and check that you are you. If the DNA analysis matches, everything else gets reset. Of course, if somebody kills you in order to be able to get past all of that security and then fakes the system into thinking your dead thumb is alive, then your identity isn't really a problem for you anymore, is it? And whatever they wanted from you was worth life in prison. Most of us don't own anything that valuable, and it's certain that no game account is that valuable. If you *do* happen to have something that valuable, then there's a pretty good chance it comes with armed guards. Physical security is always best.

Diposting pertama kali oleh Yrth:

But the notion that a separate fob is needed for each use is strictly marketing propaganda. That I have to buy them from a sole source supplier is even more such marketing hype. I have two - and I'll bet money that they both came out of the exact same factory. All that differs is the paint job.

There's different encryption algorythms used by these devices. You need the FOB with the encryption algorithm or the service you want to use it on, or it'll be of as much use as a rock.

Diposting pertama kali oleh Yrth:

But, inevitably, there is a better solution. The fobs/apps will go the way of the Phoenix, as they always have - I've done this whole tap-dance before - twice. They'll die in a conflagration, only to be resurrected from their own ashes again by some witless drone in a decade or so because they're bereft of actual original ideas.

Business are going the other way around. With the increased threat of phishing, data leaks, and malware more and more services are pushing their users towards 2FA in some shape or form.

Diposting pertama kali oleh Yrth:

For myself, I like the notion of a secondary security application. This could be done with an application whose actual working would be largely invisible to you, the user, but would provide more than enough validation and authentication to satisfy even a bank. The thing could be installed on any computer, be that desktop, laptop, phone, pad, or whatever - wearable computer of the future that you wear like a t-shirt and has a holographic interface, maybe. It could be underpinned at your side with facial recognition, voice, recognition, biometrics like fingerprint scanners, a plug-in authentication dongle - any number or combination of things. None of this (except the t-shirt computer) is beyond the current state of the art. And frankly, I'm pretty sure somebody out there has the t-shirt computer in alpha trials right now.

But if you want good security, that's the way you get it. Not by making people do hop-scotch over a mine-field, or bend themselves into pretzel-shapes. By identifying them beyond any reasonable doubt, and then automatically confirming to any system that is interested that you are who you claim to be. Good security will become universal when and *only* when it is so easy that you spend maybe a half-hour setting it up and then it's doing its job invisibly and effortlessly, without your intervention, ALL THE TIME.

Then, when it breaks, Plan B goes into effect, because there must always be a Plan B. Before too long, I expect that Plan B will simply be a device into which you insert your thumb. It will check that the thumb meets the criteria for being alive (proper temperature and electrical conductivity, hearbeat, etc) take a miniscule sample of blood, run a quick DNA analysis, and check that you are you. If the DNA analysis matches, everything else gets reset. Of course, if somebody kills you in order to be able to get past all of that security and then fakes the system into thinking your dead thumb is alive, then your identity isn't really a problem for you anymore, is it? And whatever they wanted from you was worth life in prison. Most of us don't own anything that valuable, and it's certain that no game account is that valuable. If you *do* happen to have something that valuable, then there's a pretty good chance it comes with armed guards. Physical security is always best.

I find kind of ironic how -for a person who doesn't want the app because doesn't want to carry a phone- the vision of security is an ever increasing and intrusive list of devices you have to carry around to secure everything... Just like a phone.