All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
The HopelessGamer™ Sep 30, 2018 @ 9:02am
Send a SMS if your email is changed.
Every day you see users losing their steam accounts... So i think that if you have the mobile authenticator enabled then you should recieve a text msg if your email is changed with a lock option.

Alot of the time when people lose their accounts they have also lost access to their own email thus preventing them from locking their accounts.

I think it would be better if steam sent a text msg if your email was changed and if your number was removed from steam it should text you aswell as send you a email both with a lock option.

Its highly unlikely the user will have lost their number because its always registered to them even if you have lost your phone.

Aswell as what i suggested above it would be good if you received a 1 time use unique conformation code in a text msg to change your email. These optoins would only exist if you have given steam your number.

Implementing this idea would allow users to lock their account and regain access to them in many more circumstances.
Last edited by The HopelessGamer™; Sep 30, 2018 @ 9:05am
< >
Showing 1-15 of 18 comments
Tev Sep 30, 2018 @ 9:29am 
Don't e-mail changes already require the authenticator code from the Steam Guard Mobile Authenticator? I don't see what SMS would really do that SGMA doesn't already do.* Well, unless said victim is stupid enough to use software side SGMA protection.

Similarly, the confirmation is done with a code sent to the (old) e-mail if you're using the regular Steam Guard.

EDIT
* = Unless the heavy focus is on the [Lock] -feature being accessible to the victim.

Like an alert sent via SMS post-confirmation of e-mail change. Not to replace either or, but as an extra.
Last edited by Tev; Sep 30, 2018 @ 9:38am
#1
Dr.Shadowds 🐉 Sep 30, 2018 @ 9:38am 
Not bad.
#2
The HopelessGamer™ Sep 30, 2018 @ 9:38am 
Originally posted by Teutep:
Don't e-mail changes already require the authenticator code from the Steam Guard Mobile Authenticator? I don't see what SMS would really do that SGMA doesn't already do.* Well, unless said victim is stupid enough to use software side SGMA protection.

Similarly, the confirmation is done with a code sent to the (old) e-mail if you're using the regular Steam Guard.

I could imagine SMS as an alternative for those who have their phone number tied to the account, but don't have a smart phone for the mobile app.

* = Unless the heavy focus is on the [Lock] -feature being accessible to the victim.
Yes the lock feature is what im going for here. To my knowledge changing your email can be done without the authentication code. But i dunno... how ever if the lock feature was sent as a sms it would make it easier for the victem to lock their account if they havent access to their email.
#3
Tev Sep 30, 2018 @ 9:39am 
Originally posted by The HopelessGamer™:
To my knowledge changing your email can be done without the authentication code.
It'll do the confirmation via phone number; old e-mail or Steam Support (and proof of ownership) then - depending on how long you go on the chain without having sufficient confirmation.

As for the other stuff, I wouldn't mind an alert to SMS with the lock feature.
Last edited by Tev; Sep 30, 2018 @ 9:40am
#4
Dr.Shadowds 🐉 Sep 30, 2018 @ 9:46am 
Originally posted by Teutep:
Don't e-mail changes already require the authenticator code from the Steam Guard Mobile Authenticator? I don't see what SMS would really do that SGMA doesn't already do.* Well, unless said victim is stupid enough to use software side SGMA protection.

Similarly, the confirmation is done with a code sent to the (old) e-mail if you're using the regular Steam Guard.

I could imagine SMS as an alternative for those who have their phone number tied to the account, but don't have a smart phone for the mobile app.

* = Unless the heavy focus is on the [Lock] -feature being accessible to the victim.

Like an alert sent via SMS post-confirmation of e-mail change. Not to replace either or, but as an extra.
When you change email you get told to verfiy it by going to your new email to verify it.

I do think adding SMS for extra protection would be somewhat a good idea being told your email got changed, but maybe add in as well someone from another location login to your account then notify you about it.

SMS would be pointless if your smart phone was stolen that also has the SGMA on it, as they have access to both, only issue would be is changing the password, but they would have to know what is it, unless the person left a password manager, or somekind on their phone.

At best I can say this idea is not bad.
#5
The HopelessGamer™ Sep 30, 2018 @ 9:50am 
Originally posted by Teutep:
Like an alert sent via SMS post-confirmation of e-mail change. Not to replace either or, but as an extra.
Yes
#6
Tev Sep 30, 2018 @ 9:51am 
Originally posted by Dr.Shadowds 🐉:
When you change email you get told to verfiy it by going to your new email to verify it.
Ah right, that got changed when people had lost access to old e-mails and wanted to change it to the new one. Been too long since I used the regular Steam Guard.

So, the regular Steam Guard only asks for the password for the e-mail change (and then the confirmation from the new e-mail of the change)?

Almost makes you wonder why this isn't a thing for them, like SMS as not only necessarily as an alert, but as a step between.
Last edited by Tev; Sep 30, 2018 @ 9:54am
#7
JPMcMillen Sep 30, 2018 @ 9:56am 
Originally posted by Teutep:
Originally posted by Dr.Shadowds 🐉:
When you change email you get told to verfiy it by going to your new email to verify it.
Ah right, that got changed when people had lost access to old e-mails and wanted to change it to the new one. Been too long since I used the regular Steam Guard.

So, the regular Steam Guard only asks for the password for the e-mail change (and then the confirmation from the new e-mail of the change)?
But Steam should still try to send an email to the old account that basically says:
Hey, your Steam email address was changed. If you did this, ignore this email. If you didn't, click the following link to change it back and resecure your account.

I've seen plenty of other websites send similar emails when account profile information has been changed, and might tip someone off that their account has been compromised.
#8
Tev Sep 30, 2018 @ 9:59am 
Well, if the old e-mail is compromised (which isn't all that uncommon if the device itself is), it would still be smart to have a [Lock] feature on a device completely unrelated to the compromised platform.
#9
Dr.Shadowds 🐉 Sep 30, 2018 @ 10:08am 
Originally posted by Teutep:
Originally posted by Dr.Shadowds 🐉:
When you change email you get told to verfiy it by going to your new email to verify it.
Ah right, that got changed when people had lost access to old e-mails and wanted to change it to the new one. Been too long since I used the regular Steam Guard.

So, the regular Steam Guard only asks for the password for the e-mail change (and then the confirmation from the new e-mail of the change)?

Almost makes you wonder why this isn't a thing for them, like SMS as not only necessarily as an alert, but as a step between.
IMHO I think having more options is good, having to be alert more than one way.

Also yes they would send a code to your old email if you selected the 1st option to be able to change the email. I notice they added that change as I just try using my alt account. If you don't have access to the email there the 2nd option which is prove who you're are.

If you have the SGMA on, it will give you two options before getting the other options, for the SGMA you be ask for a code, if not have access to it, you have the two other options code by email, or prove who you are. Now if they have stolen your phone, or software SGMA, that layer might as well be pointless since they can give the code there themselves since they have access to it.
Last edited by Dr.Shadowds 🐉; Sep 30, 2018 @ 10:08am
#10
cSg|mc-Hotsauce Sep 30, 2018 @ 10:08am 
I think using the Recovery code is the best option. Not the back up codes, just the Recovery code.

:qr:
#11
The HopelessGamer™ Sep 30, 2018 @ 10:17am 
Originally posted by cSg|mc-Hotsauce:
I think using the Recovery code is the best option. Not the back up codes, just the Recovery code.

:qr:
That can only be done if you have access to the account... So if you have no access to your email account or steam account then steam sending a SMS with a lock option would help immensly to getting your account back.
#12
The HopelessGamer™ Dec 27, 2018 @ 4:40am 
Is there anyway i could get in touch with a steam developer?
I have a suggestion, iv made a thread a while back and bumping them is not allowed but i would like to get in touch if possible with a steam developer or just someone who might be able to provide a bit more information on how i might be able to get my idea to steam in some way thats slightly better then the steam suggestion forum, i know steam reads it but i think my idea could make a big difference towards helping others and the steam community.

Now its not just a random idea.... its a really good one just needs a bit of a shove to get out there.

The idea would greatly reduce hijackings on steam and allow users to self recover lost/hijacked accounts much easier. Iv had nothing but good feedback on it aswell.

Original Suggestion: https://steamcommunity.com/discussions/forum/10/2747650363462298503/
Last edited by The HopelessGamer™; Dec 27, 2018 @ 4:53am
#13
Crazy Tiger Dec 27, 2018 @ 4:51am 
No, you can't. They do read the forums, they just don't respond to them. And they have priorities.

Also, in truth, everybody thinks their ideas are a really good one. The devs would be swarmed by people if they could be contacted directly.
Regarding your idea, it wouldn't surprise me if it ended up on their to-do list.
Last edited by Crazy Tiger; Dec 27, 2018 @ 4:51am
#14
Washell Dec 27, 2018 @ 5:06am 
Originally posted by The HopelessGamer™:
The idea would greatly reduce hijackings on steam and allow users to self recover lost/hijacked accounts much easier.
That's an assumption. For all you know Valve is seeing, say, 97% of accounts that are hijacked locked by their users with the current system, and all we see are the 3% complaining on the forums.

You made the suggestion in the proper place. Nothing more to be done about it.
Last edited by Washell; Dec 27, 2018 @ 5:07am
#15
< >
Showing 1-15 of 18 comments
Per page: 1530 50

All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
Date Posted: Sep 30, 2018 @ 9:02am
Posts: 18
Start a New Discussion

Discussions Rules and Guidelines