Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Soon.
Currently victim usually doesn't notice anything and accepts that trade.
But with QR code that couldn't happen.
Because when victim sends real trade, PC would show QR code that have to be scanned with phone.
If scammer cancels that trade and sends fake trade, that QR code wouldn't work because fake trade would need different QR code to be scanned.
And in this case, when victim scans QR code from trade that was cancelled in the meantime, they could get warning that someone has access to their profile and that they might get scammed.
That's nonsensical
1) You log into my fake website
2) I use your credentials to log into steam
3) Oh wow steam gives me a QR code to 'log in'
4) I show you the QR code on my fake webstie
5) You take a picture of the QR code
6) Thank you, now you've authorized my fake session and I've logged into your account.
QR codes don't solve anything
With regards to 'quick trading'
1) You get a trade
2) The steam api immediately detects it
3) the trade is cancelled and a new trade is created
4) you log into steam and see the fake trade
5) you accept the fake trade
6) you scan the qr code for the fake trade
7) Presto I have your items
QR codes dont solve this problem
QR codes are mostly of convenience. So is one touch logins. They're not designed to fix phishing problems. Nor trade problems
I never said that it could stop phishing.
"1" is wrong because in this scam victim tries to send their items to friend or alt account.
1) You send a trade, accept it and
2) The steam api immediately detects it
3) the trade is cancelled and a new trade and new
4) you log into steam mobile app
5) you scan
6) you get error because that trade was canceled (fake trade requires scanning
When you open Steam login page it shows you authentic QR code.
You just scan it with phone where your mobile authenticator app is installed and you're logged in.
No need for entering username or password or guard code.
The 'push to login' is slightly more convenient for logins. QR codes seem kinda silly and dont really solve any problems imho
QR codes 'might' be useful if like they were linked somehow to adding games to your wishlist automatically, so if you gave out cards at a game convention, people could scan the code to add your game to their wishlist. I could see that as at least 'semi-useful' from a marketing perspective
Again that seems highly annoying compared to the simply 'push to login' systems most use. I dont see why anyone would want to use a QR code to log in, when its slower, and provides literally no benefit security wise.
I dont think you really understand how the scam actually works
1) Someone sends you a trade
2) that trade is immediately cancelled
3) Hacker changes their profile to look identical to the trader
4) "fake profile" sends you a new trade that looks identical to the previous one
5) uesr logs in, see trade from the impostor
6) scans in qr code
7) accepts on device
Presto I now have all your items
Again QR codes dont help because you're simply verifying the fake trade by the time the QR code pops.