Steamをインストール
ログイン
|
言語
简体中文(簡体字中国語)
繁體中文(繁体字中国語)
한국어 (韓国語)
ไทย (タイ語)
български (ブルガリア語)
Čeština(チェコ語)
Dansk (デンマーク語)
Deutsch (ドイツ語)
English (英語)
Español - España (スペイン語 - スペイン)
Español - Latinoamérica (スペイン語 - ラテンアメリカ)
Ελληνικά (ギリシャ語)
Français (フランス語)
Italiano (イタリア語)
Bahasa Indonesia(インドネシア語)
Magyar(ハンガリー語)
Nederlands (オランダ語)
Norsk (ノルウェー語)
Polski (ポーランド語)
Português(ポルトガル語-ポルトガル)
Português - Brasil (ポルトガル語 - ブラジル)
Română(ルーマニア語)
Русский (ロシア語)
Suomi (フィンランド語)
Svenska (スウェーデン語)
Türkçe (トルコ語)
Tiếng Việt (ベトナム語)
Українська (ウクライナ語)
翻訳の問題を報告
このトピックはロックされています 
ルールとガイドライン
この投稿を報告する
Steam app is secure but it's not really reliable, the thing I hate the most is to depend on my smartphone to do everything.
want to access my twitter? Need to unlock my phone and wait for a SMS authentication
Need to access my google account? Need to unlock my phone and wait for a SMS authentication
Need to access my steam? Need to unlock my phone and have the steam guard authentication
While with a FIDO i just plug and play.
No need to worry because I can buy 10 of them for 150$ while smartphones are really expensive.
On the point of the trading system, it's time to valve make a revamp on it, It's absurd to have that market tax having such archaic methods to ensure users security.
Here is a more recent thread...
https://steamcommunity.com/discussions/forum/10/1609400247623111009/
Not offering FIDO for imortant accounts is so 90ties.
I promise I will buy more game after FIDO support is available ;)
Phishing happens because people log into known scam sites and give away their details including the code from Steam Guard and or click on links. None of those sites are affiliated nor associated with Valve or Steam and that should be warning enough not to log in.
Steam Guard is required for trades whether you trade or not.
Valve do not need to support 3rd party alternatives simply because you want it.
16+ years on Steam, never been scammed.
also if you actually read the title of the topic it says "for login", so we arent asking to have anything for trading, just an option to have an actually secure login, which cannot be phished that easily.
All sites are KNOWN and there is PROTECTION by using Steam Guard and by NOT giving away your details and especially the code. You have a secure login via Steam Guard.
DID you deliberately overlook NOT affiliated NOR associated with Valve or Steam which is under the login of those sites?
And NO Valve DO NOT need to implement a 3rd party alternative because you feel they should.
And MORE IMPORTANTLY (repeated) - 16+ years on Steam never been scammed.
If it was so easy as you claim I would have been scammed would I not.
They produce the leading standards in authentication technology today. The FIDO protocols are the basis for the standard WebAuthn API[en.wikipedia.org] implemented by all modern web browsers.
The use-case here, that you want to be sure that the user has actually agreed to a specific transaction, is not a unique problem that Valve has with Steam trades. So, transaction confirmation is included in the FIDO standards[fidoalliance.org].
Yes, and FIDO has been designed so that won't work; if you're on a fake site, logging in just won't work because the FIDO authenticator checks that the website is right. It's a clear improvement over TOTP-based authentication schemes like the Steam Guard app.
If "just stop giving away your credentials" was a workable solution, we wouldn't have TOTP authenticators and Steam Guard, and the industry wouldn't have gone to the trouble of making FIDO now.
Good for you. I've been on Steam 16 years and never been scammed either, and I still think improving authentication technology is a good idea.
If you have to copy/paste from wiki and their own site as most of your responses, that's not a solid form of defending the idea nor is it bringing credit to it, anyone can make claims about anything on their own site, wiki can be manipulated/isn't a valid source in citations for education as well especially when running an idea vs implementation paper.
Steam Guard is for Steam, they don't want to involve or pay some other site/service, especially when they're coming out with massive updates for Steam Guard / additional security measures.
People suggest we have comment trees like reddit.
People suggest we have karma like other social media sites
People suggest overly absurd thought crime based pre-moderation by means of yet-another script to look for anything they deem offensive & to disallow it
People suggest allowing to see who blocked you
People suggest we only allow upvotes / generally allow up and downvotes on the forum posts.
People suggest a lot of things, a lot of the time the ideas are terrible or would have yet-another party involved between users & the platform itself, which is a store, not a vault. Steam doesn't want yet another party or to likely pay them for such services of implementation, which would also allow another point of potential compromise.
If big companies and government use a service, all the same one, it's far less secure as it's a much bigger target, and two of those companies have withheld the mandatory notification of a security/data breach.
As for linking to Wikipedia for WebAuthn, fair enough. Web standards are promulgated by the W3C, here is their latest version of the standard: https://www.w3.org/TR/webauthn-2/
It's not a service, it's a set of standards. Like, you don't have to pay W3C to use HTML. Or pay Khronos to use Vulkan or OpenGL, or...
You are aware to get certified costs money right? That's in addition to whatever programming hours you have to pay for internally to meet their requirements. I've had to work on government and organizational certifications, its not cheap.
https://fidoalliance.org/certification/certification-fees/
That's not the suggestion, which is supporting using an authenticator device to log in.
To use their authenticator you have to communicate with it over their protocol.
https://fidoalliance.org/certification/
That is the entire point of their brand, if you use their device then you know the company your using the device on meets their standards.
There's a reason why Steam wants full control, their own standards, etc. A lot of it has to do with trading, buying & selling on the market.
On a quick look, their (FIDO) standards is basically what almost everyone already does to protect and challenge logins, else has their own system to protect their own logins & to challenge credentials when needed.
Most people are not wanting to suggest something, where that standards highly pushes data collection of "face, voice, iris, fingerprint recognition, etc.", since this is a store, not a vault.
Using their pushed standards of such, if sought to that level, would also bring immense liability for anyone that stores such in the case of not only data breach, but general laws on data collection per country/government/city/etc.
Steam Guard is clearly the better solution, if people are willing to give sites their Steam Guard Code, they would also use the biometrics to allow the same sites to do what they want to users inventory.
So, since you need to pay to be certified, it's a service. One of which is like almost everything of the sort to exist, going to only certify you for a period of time, of which is going to have tiers to have the better certifications, and likely to alter the cost based upon the amount of infrastructure that would be certified. Without looking at the documents/agreements etc, I'm willing to bet on that.
And there it is.
To show the level of BS they're willing to go to for selling the push for certs, I'll quote this part:
That is an absurd, outright lie I found within seconds on their site, I don't know any help desk that charged $70 for a password reset, or that takes so long to assist that it costs $70. If this is the sort of thing the other individual is copy/pasting things about, then this is just one giant deception campaign to scare people into using their standards and buying certification.