This topic has been locked
Hiigara Aug 25, 2019 @ 2:23pm
QR code login
Time for QR code inlog with the mobile. Start steam, login and proceed with scanning the QR code by the camera provided on the steam app at the main screen

Something went wrong while displaying this content. Refresh

Error Reference: Community_9734361_
Loading CSS chunk 7561 failed.
(error: https://community.cloudflare.steamstatic.com/public/css/applications/community/communityawardsapp.css?contenthash=789dd1fbdb6c6b5c773d)
< 1 2 >
Showing 1-15 of 26 comments
cSg|mc-Hotsauce Aug 25, 2019 @ 2:26pm 
Originally posted by Hiigara:
Time for QR code inlog with the mobile. Start steam, login and proceed with scanning the QR code by the camera provided on the steam app at the main screen

Soon.

What's next?

We’re already working on improvements to the Steam Chat app, including voice chat. With Steam Chat moving to its own dedicated app, the original Steam Mobile app will see significant upgrades focused on account security. Our plans include better Steam Guard options to help securely log into your Steam account, such as QR codes and one-touch login, and improved app navigation.



:qr:
Eldin Aug 25, 2019 @ 3:18pm 
I hope Steam will put QR code on the login page and when we scan it with phone where Steam guard is enabled, it would automatically log us in without having to enter neither username, password or guard code.
Yup, I can't wait for this one to be added and see what they do with it. Maybe take off some of the restrictions.

:qrcode:
Tito Shivan Aug 25, 2019 @ 7:39pm 
Originally posted by B l u e b e r r y P o p t a r t:
Yup, I can't wait for this one to be added and see what they do with it. Maybe take off some of the restrictions.

:qrcode:
Restrictions are for users not using the authenticator anyway.
Eldin Aug 25, 2019 @ 7:51pm 
Originally posted by B l u e b e r r y P o p t a r t:
Yup, I can't wait for this one to be added and see what they do with it. Maybe take off some of the restrictions.

:qrcode:
I think it would help with scam where scammer cancels the real trade, change their name and picture to match victim's friend and resend that same trade from that profile.

Currently victim usually doesn't notice anything and accepts that trade.

But with QR code that couldn't happen.
Because when victim sends real trade, PC would show QR code that have to be scanned with phone.
If scammer cancels that trade and sends fake trade, that QR code wouldn't work because fake trade would need different QR code to be scanned.

And in this case, when victim scans QR code from trade that was cancelled in the meantime, they could get warning that someone has access to their profile and that they might get scammed.
Nancke Aug 27, 2019 @ 6:07pm 
Originally posted by Eldin:
Originally posted by B l u e b e r r y P o p t a r t:
Yup, I can't wait for this one to be added and see what they do with it. Maybe take off some of the restrictions.

:qrcode:
I think it would help with scam where scammer cancels the real trade, change their name and picture to match victim's friend and resend that same trade from that profile.

Currently victim usually doesn't notice anything and accepts that trade.

But with QR code that couldn't happen.
Because when victim sends real trade, PC would show QR code that have to be scanned with phone.
If scammer cancels that trade and sends fake trade, that QR code wouldn't work because fake trade would need different QR code to be scanned.

And in this case, when victim scans QR code from trade that was cancelled in the meantime, they could get warning that someone has access to their profile and that they might get scammed.
Scammers always find a way to do it
Satoru Aug 27, 2019 @ 6:37pm 
Originally posted by Eldin:
Originally posted by B l u e b e r r y P o p t a r t:
Yup, I can't wait for this one to be added and see what they do with it. Maybe take off some of the restrictions.

:qrcode:
I think it would help with scam where scammer cancels the real trade, change their name and picture to match victim's friend and resend that same trade from that profile.

Currently victim usually doesn't notice anything and accepts that trade.

But with QR code that couldn't happen.
Because when victim sends real trade, PC would show QR code that have to be scanned with phone.
If scammer cancels that trade and sends fake trade, that QR code wouldn't work because fake trade would need different QR code to be scanned.

And in this case, when victim scans QR code from trade that was cancelled in the meantime, they could get warning that someone has access to their profile and that they might get scammed.

That's nonsensical

1) You log into my fake website
2) I use your credentials to log into steam
3) Oh wow steam gives me a QR code to 'log in'
4) I show you the QR code on my fake webstie
5) You take a picture of the QR code
6) Thank you, now you've authorized my fake session and I've logged into your account.

QR codes don't solve anything


With regards to 'quick trading'

1) You get a trade
2) The steam api immediately detects it
3) the trade is cancelled and a new trade is created
4) you log into steam and see the fake trade
5) you accept the fake trade
6) you scan the qr code for the fake trade
7) Presto I have your items

QR codes dont solve this problem


QR codes are mostly of convenience. So is one touch logins. They're not designed to fix phishing problems. Nor trade problems
Last edited by Satoru; Aug 27, 2019 @ 6:42pm
Ness_and_Sonic Aug 27, 2019 @ 6:46pm 
Originally posted by Nancke:
Scammers always find a way to do it
Indeed. I get this feeling they'd create a new account, spend $5, try to transfer all their stuff over from their previous account, and try again.
Eldin Aug 27, 2019 @ 7:47pm 
Satoru, you haven't read what I wrote.



Originally posted by Satoru:
That's nonsensical

1) You log into my fake website
2) I use your credentials to log into steam
3) Oh wow steam gives me a QR code to 'log in'
4) I show you the QR code on my fake webstie
5) You take a picture of the QR code
6) Thank you, now you've authorized my fake session and I've logged into your account.

QR codes don't solve anything
I never said that it could stop phishing.


Originally posted by Satoru:
With regards to 'quick trading'

1) You get a trade
2) The steam api immediately detects it
3) the trade is cancelled and a new trade is created
4) you log into steam and see the fake trade
5) you accept the fake trade
6) you scan the qr code for the fake trade
7) Presto I have your items

QR codes dont solve this problem
"1" is wrong because in this scam victim tries to send their items to friend or alt account.

1) You send a trade, accept it and :qr: code A gets shown in that trade window.
2) The steam api immediately detects it
3) the trade is cancelled and a new trade and new :qr: code B are created
4) you log into steam mobile app
5) you scan :qr: code that is shown on your PC (that is :qr: code A from original trade)
6) you get error because that trade was canceled (fake trade requires scanning :qr: code B to be confirmed)
Radene Aug 27, 2019 @ 7:58pm 
I honestly don't see how this is any more convenient than the current authentication system.
76561198413383321 Aug 27, 2019 @ 8:05pm 
Originally posted by Hiigara:
Time for QR code inlog with the mobile. Start steam, login and proceed with scanning the QR code by the camera provided on the steam app at the main screen
Eldin Aug 27, 2019 @ 8:07pm 
Originally posted by Radene:
I honestly don't see how this is any more convenient than the current authentication system.
They could make it so we can log in to Steam just by scanning QR code.

When you open Steam login page it shows you authentic QR code.
You just scan it with phone where your mobile authenticator app is installed and you're logged in.
No need for entering username or password or guard code.
Satoru Aug 27, 2019 @ 8:17pm 
Originally posted by Radene:
I honestly don't see how this is any more convenient than the current authentication system.

The 'push to login' is slightly more convenient for logins. QR codes seem kinda silly and dont really solve any problems imho

QR codes 'might' be useful if like they were linked somehow to adding games to your wishlist automatically, so if you gave out cards at a game convention, people could scan the code to add your game to their wishlist. I could see that as at least 'semi-useful' from a marketing perspective
Last edited by Satoru; Aug 27, 2019 @ 8:22pm
Satoru Aug 27, 2019 @ 8:19pm 
Originally posted by Eldin:
Originally posted by Radene:
I honestly don't see how this is any more convenient than the current authentication system.
They could make it so we can log in to Steam just by scanning QR code.

When you open Steam login page it shows you authentic QR code.
You just scan it with phone where your mobile authenticator app is installed and you're logged in.
No need for entering username or password or guard code.

Again that seems highly annoying compared to the simply 'push to login' systems most use. I dont see why anyone would want to use a QR code to log in, when its slower, and provides literally no benefit security wise.
Satoru Aug 27, 2019 @ 8:21pm 
Originally posted by Eldin:
"1" is wrong because in this scam victim tries to send their items to friend or alt account.

1) You send a trade, accept it and :qr: code A gets shown in that trade window.
2) The steam api immediately detects it
3) the trade is cancelled and a new trade and new :qr: code B are created
4) you log into steam mobile app
5) you scan :qr: code that is shown on your PC (that is :qr: code A from original trade)
6) you get error because that trade was canceled (fake trade requires scanning :qr: code B to be confirmed)

I dont think you really understand how the scam actually works

1) Someone sends you a trade
2) that trade is immediately cancelled
3) Hacker changes their profile to look identical to the trader
4) "fake profile" sends you a new trade that looks identical to the previous one
5) uesr logs in, see trade from the impostor
6) scans in qr code
7) accepts on device

Presto I now have all your items

Again QR codes dont help because you're simply verifying the fake trade by the time the QR code pops.
< 1 2 >
Showing 1-15 of 26 comments
Per page: 1530 50

Date Posted: Aug 25, 2019 @ 2:23pm
Posts: 26