Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
The 2FA tokens for WoW can only show a 6 digit code. They can not be used to inspect and verify a trade.
So, no.
Get a cheap phone for a few bucks and you're set.
Saying to get a cheap smart phone seems silly. Sure that'll work for some, but those people will already have a phone. The cheapest smart phone on Amazon right now is $39. Adding another line to my husband's plan would be an additional $20 a month, plus another $5 a month for the smallest amount of data. All so I can buy $0.07 hollow knight cards and now own a device that I do not want.
Besides, this is a product that valve could sell and make money off of, while being a convenient option for people that don't have phones.
Install Android x86 or RemixOS in VirtualBox (or dual boot it with Windows) and you'll have working Android OS.
Don''t need a pay monthly sim for it. I have a pay as you go sim for a tablet that I use for my other account with the bonus of a bigger screen. Cost me £5 for the sim, including it's £5 credit. As long as the sim is used to send a sms, phonecall or use some data once in 6 months it'll remain active. I send a 5p sms at the begining of every month to keep it active. More than I need to but it's reassurance for me. That means I have 8+ years worth credit for my intial £5 credit......not counting for price increases. Thats hardly expensive.
Valve can sell to make a profit from? Whats stopping them charging more than a cheap smart phone? If phone companies can slap 50, 100+ onto phones or other products so can Valve. Plus you need to bare in mind any device, no matter how simple needs all the software and hardware to be designed, prototyped, software engineered, tested then manufactured and distributed. As the vast majority already own a smart phone the few that would pay for it would be very little. The less sales = bigger overheads. So even without a large profit margin the price will need to be higher to cover all steps from design to manufacturing. Only by large number of sales will the price be driven down.
I think you are underestimating the market. They are keychains with colorful faces, that could represent a wide array of games. I know plenty of people that would pay $10 just for that, which was/is the going rate for MOA authenticators. The fact that they serve as a confirmation device would be a bonus.
This is a big reason why this would not work.
You don't have to have a data plan, if you only use the phone for trading on Steam. As the good Suicidal Monkey explained above.
As for the cost of other common keychains you speak of. Those basic types are basic. These provide codes, yes, but thats it. How will they be notified of a proposed trade or sale? How can you verify said trade/sale? You can't. They provide a code, that's it. If that would work for trading and marketing we could use another simple app like Googles authenticator app..
It's gets linked to our account and provides a code that changes over time. Again this method would require a smart device to use it. And again most users would choose this free version of a paid version. Especially when a paid version would need to be more advanced than the basic version you suggested and would envolve engineering not just copying other designs.
The Link may have been cheap but it wasn't always so. I think part of the reason it is so cheap is either high demand or more likely to clear old stock as more devices use a Steam Link app making the Link hardware less appealing. Again why buy hardware when free apps can do the job.
Steam tries to be as globally as possible. those authenticators for battle.net were never shipped globally and currently are limited to NA/AU only. Valve even currently has allegedly some issues shipping their hardware to outside of the US. Steam Link is US only right now. Steam Controller also got a few countries removed from purchase afaik, didn't check lately.
https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm
everything mentioned in this thread uses this method. that Steam f.e. uses alphanumeric instead of just numeric is not really something else. it is probably just one function applied to the already generated totp.
it does not require any smart device, a small chip that can handle a few operation is enough. the generation of the codes happens on both ends, all that is needed is a shared parameter and that is embedded into the whole concept, the secret key.
blizzard authenticator displays it to you, steam hides it in files. both are equally vulnerable, so that does not matter.
i would like a standalone physical totp generator for Steam .. just for loggin in of course, nothing else. but i know how many people would think if something like this was available, so i instantly say, nope, do not even consider providing one. people cannot comprehend security procedures.
using a backheaded method to allow trading/marketlistings via a totp would be just stupid af. the current confirmation system was specificly made so you have to confirm it completely on a seperate device. the requests that you could just enter the code from somewhere else would require you to enter this code on the first instance. that makes the whole procedure vulnerable by design.
"but wuddih, you already do that while loggin in on Steam".
that is not relevant, the economy of Steam is not affected when someone gets access to your account or to your computer, it is affected when they get to do stuff with your items without you doing anything and that is completely locked to a secondary device right now. making it possible to do trades with totp codes would negate this and make the whole system vulnerable.
right now the only insecurity is the human and that is something you can't secure anyway
all "smart" methods to scam items from you right now do require you to pay less attention when you do the confirmations on your phone. the brute force methods of taking control of your account and locking you out require more then a weeks worth of time to get items out of the account and that is enough to react.
That basically seems to be a case of : "i wan't to go out, but I don't want to leave my room.'
You're 're going to have to figure out which you want dear and the excuse of 'I don't like anything that buzzes or beeps' is straight up weaksauce. I mean your computer buzzes and beeps. all the time.
Those authenticators are for simple login and they cannot display the details of a trade. They'd have to make an authenticator with a human readable screen capable of accepting input and reciving data via wi-fi or some sort of telecommunications network. Or you could just get yourself a cheap smartphone.
This idea is wildly odd. I don't own a foosball table. I could afford one; I could move around my furniture and fit it comfortably in my house. However, I don't like foosball, which trumps every other reason for buying it. The logic is the same for smart phones. (And my computer does not beep or vibrate at me.) I do not like them, therefore, I don't own one.
This makes sense and I certainly wouldn't want to undermine the current system's security features. Couldn't the same thing be achieved with a second device totp, though? In order for a trade to go through, both parties must confirm the trade. For each trade to go through, a code must be inputted. It would take longer than the app, of course, since the only way to see that a trade was instigated would be to log into steam itself and manually look. This would still lock confirmation to to a secondary device and not allow trading to happen if your computer was compromised.
You do have authenticators with an LCD screen to display and verify transaction content.
Several banks use them.
Comes equipped with a camera to snap a QR-like code off of the screen of your PC or device. Said code encrypts both the signing challenge as well as the transaction details. (It uses colored dots which allow it to hold a lot more information than your typical two-tone QR)
Produces one-time signing codes you manually enter, back on your PC or device. No network; USB; Bluetooth; etc. connection required. (Good thing too; those would all be additional channels susceptible to attack.)
My own bank offers the above type of authenticators.
They must be pretty cheap to produce; if your initial one is damaged or lost you can be issued a replacement at production-cost with a small administrative and shipping fee added, for something around € 10.
Also runs off of 2 AA batteries. Mine has been running for 2+ years on the initial pair of batteries now. Certainly beats keeping an Android device charged and ready to use.
Uhm.. I've actually seen the Battle.net authenticators in local shops in the EU.
Not specialized shops that would offer imports, but normal retailers.
Packaging in the local language.
And a CE marking[en.wikipedia.org] present.
Also, the Steam Link and Steam Controller are still on sale in the EU storefront.
Yet a device with a built-in screen would allow you to verify the transaction contents. And if the whole deal is cryptographically tied together, malicious sites can MitM the transactions all they want; they still won't be able to tamper with the contents.
Far more secure than using a smart-phone app, I might add.
The phone can be subverted by malware and the transaction contents can be altered post-decryption at the end-point. That's not the case with a wholy separate device that is not networked.
This. They had no use for a smart phone until now, and because they detest use of smartphones, would rather not use the feature. They are willing to let valve create some sort of device that can be accomplished in a phone app, get charged money, all to do the same stuff. I really don't see the issue with buying a cheap smart phone vs paying a similar (+-) 1 feature device, especially when smartphones are readily available. If valve were to make a device to accomplish this, it would take time for planning, development then shipping, that in itself would cause people to complain. Then when it doesn't function as expected, be it from bugs or lack of features, there are more complaints.
SO I basically decided to live with the tradehold, which hits a little hard around event time but I live with it.