But how can you make sure that the same phone that scans the qr code is the same phone as the user

Escrito originalmente por orkivp:

But how can you make sure that the same phone that scans the qr code is the same phone as the user

He would be already logged in on that phone before scanning, right?

Yes but the thing is you dont have to be logged on to use a qr code reader and that basically beats the entire reason for steam guard.

Escrito originalmente por orkivp:

Yes but the thing is you dont have to be logged on to use a qr code reader and that basically beats the entire reason for steam guard.

See, the QR function would be built-in/tight within the Steam app.
You can't use just any QR reader...

Eh ..... I doubt this is a good idea, TBH. Unless the QR code changes after x amount of time, same as the code.

Mainly since one can try creating their mock QR Reader.

Escrito originalmente por ReV0LT:

Unless the QR code changes after x amount of time, same as the code.

Exactly! The QR code would be tight up to the 5 digit code so it'll change as the code changes.

Escrito originalmente por 𝒑𝒔𝒚𝒅𝒆𝒙:

Escrito originalmente por orkivp:

Yes but the thing is you dont have to be logged on to use a qr code reader and that basically beats the entire reason for steam guard.

See, the QR function would be built-in/tight within the Steam app.
You can't use just any QR reader...

And that would mean that steam would need to waist time and money on creating a brand new virsion of qr codes so no other qr code reader would be able to read it instead of useing the easy already built in system, its a cool idea really is a shame steam would never do it.

Escrito originalmente por orkivp:

Escrito originalmente por 𝒑𝒔𝒚𝒅𝒆𝒙:

See, the QR function would be built-in/tight within the Steam app.
You can't use just any QR reader...

And that would mean that steam would need to waist time and money on creating a brand new virsion of qr codes so no other qr code reader would be able to read it instead of useing the easy already built in system, its a cool idea really is a shame steam would never do it.

But why? The QR code would basically represent the 5 digit code which changes every 30 sec.
If you scan it with normal reader you'd still have to enter the digits manually but the built-in reader would enter them for you therefore saving time

Escrito originalmente por Jerry:

You would not need to set up one new program, but one per user. If user B scans a code of user A, the results must not be the same.
Way too much trouble.

Remember! The QR is tied to YOUR 5 digit code, another user can not do anything unless he's logged in with your details on their phone

I don't think this is particularly good idea; what would be a better way is to copy the one-button feature from the Blizzard Authenticator (Search Google for "One button authenticator Blizzard" to find a blog post about it, apparently I can't include a link)

In many cases, you don't even have to open the app, because when you try to log in, it sends a push notification to your phone, and you can approve or deny the log in attempt directly from the notification. It also still supports entering the code manually if you prefer.

Valve really should just make a carbon-copy of this.

Escrito originalmente por aiusepsi:

...when you try to log in, it sends a push notification to your phone, and you can approve or deny the log in attempt directly from the notification. It also still supports entering the code manually if you prefer.

That would be nice too. Any alternative to the manual entering would be welcome

I would really prefer if they would add universal two factor (U2F) support instead.

- No more codes to enter that some users possibly could also enter on phishing sites.
- Only touch the U2F security key or swipe it over the mobile if NFC is supported.

For sure more convenient, faster and secure then entering codes or scanning QR's.