Originally posted by XRealX:

By the word leaked, I meant getting leaked in a data breach, not by giving my information away to anyone.

Data breeches are so extraordinarily rare they just don't play into this in any way.

The far more common - daily, hourly in fact - issue at hand is that people still willingly give their information out. The sheer volume compared to actual data breeches being in any way part of the security issues here is... yeah, no.

I dont have a phone and I can't use 2FA that doesn't follow the RFC 6238 standard. Atleast I use an email service that does.

I don't have a dire need for this but can definitely get on board with using a 3rd party auth provider here, to be honest.

Also, how do I vote for a suggestion on these forums?

Originally posted by EternalWulf:

.... Also, how do I vote for a suggestion on these forums?

There is no voting. Threads here may be read by someone(s) from Valve, but they aren’t polling forumgoers to make client/service decisions.

Originally posted by Culex:

I dont have a phone and I can't use 2FA that doesn't follow the RFC 6238 standard. Atleast I use an email service that does.

Then just use the existing email based SteamGuard if you're just using email anyway

Originally posted by XRealX Idle-Empire.com:

[
By the word leaked, I meant getting leaked in a data breach, not by giving my information away to anyone.

That is not an I-WIN button to explain any account hijacking you don't have the details for or personally can't explain. People who get their accounts hijacked tend to not have a clue how it happened, and some of them are convinced they can't possibly be at fault. And without any evidence to demonstrate it's Valve's fault they assume it must be because that's more convenient for one's ego. On top of that sometimes people just outright lie to save face even if they know, or realize after the fact, that they were fooled by a pretty simple cam.

The reality is it's so much easier to get a person to cough up their credentials than it is to break into most systems. Users really are the weakest link in the security. Which is why so many scams and such focus on exploiting user weaknesses as opposed to being l33t hackerman nonsense.

The other side of it is that Steam Guard is a private app, that does not work with other services. If I have 5 other authenticators built into Authy, then I feel like Steam is incredibly inefficient trying to make me switch apps just for 'it especially'. Like its yee old royal highness creating problems for the serfs. Authy works on PC, so I can literally tab over and its no problem. Steam currently is the only app I have to get on my phone to actually authorise. Its frustrating, and for a pointless reason.

Originally posted by Siren:

The other side of it is that Steam Guard is a private app, that does not work with other services. If I have 5 other authenticators built into Authy, then I feel like Steam is incredibly inefficient trying to make me switch apps just for 'it especially'. Like its yee old royal highness creating problems for the serfs. Authy works on PC, so I can literally tab over and its no problem. Steam currently is the only app I have to get on my phone to actually authorise. Its frustrating, and for a pointless reason.

But the Steam Mobile app has so many other features embedded into it, in that it is not just a dedicated authenticator to sum up with the rest of its kind.
You can access the forums, community content, the store and so much more that it sounds like you are trying to undermine all of these features and focus solely on the authenticating part.

Doesn't authentication through your personal computer kind of nullify the point of being able to log in at your will on any device as long as you have your phone to check with you? Excusing laptops, of course.
And on that note, and perhaps this is solely an iOS feature, I only need to bring up my phone to view the auth-code on my start screen as a notification so I wouldn't ever have thought to suggest that the mobile app gets any further royal stature from the rest when all I want to do is log in somewhere.

I haven't used Authy at any point, let alone considered implementing authentication on my PC so perhaps there is a benefit to all of it that I am just now not realising. Unless it doubles for a password manager maybe.

Originally posted by Siren:

The other side of it is that Steam Guard is a private app, that does not work with other services. If I have 5 other authenticators built into Authy, then I feel like Steam is incredibly inefficient trying to make me switch apps just for 'it especially'. Like its yee old royal highness creating problems for the serfs. Authy works on PC, so I can literally tab over and its no problem. Steam currently is the only app I have to get on my phone to actually authorise. Its frustrating, and for a pointless reason.

Microsoft have one for their games and their client. Uplay uses another authenticator. Blizzard uses another one. Not sure about Origin.

But for Steam, it's the Steam app on mobile. It's easy to remember which it belongs too which is much harder with Xbox client, Uplay and Blizzard ones because they all look the same.
I basically have to request the code and see which app starts to beep.

Originally posted by XRealX Idle-Empire.com:

Originally posted by Edifier:

Why not just use the Steam app? Because you literally now have a device that can run apps.

Because Steam Guard is useless when your password gets leaked.
What's the point of Steam Guard if you can use it with the same password that you log into Steam with?
If someone has your password, they can just download the steam guard app and log in with your password.
A third party 2FA app could stop this.

I noticed I never replied back. Must have been doing other stuff.


But you losing your password to some hijacker won't matter with Steam Guard. They still need your phone and have full access to your phone. At which point you can most likely report them to the actual police and have them arrested for stealing your stuff. Your phone for example.

I believe Gabe showed his password to his account when he announced SteamGuard for mobile. Seeing that he hasn't been on a massive posting spree it's safe to assume no one got into it.

If someone manage to beat you to installing SteamGuard before you do it it'd be something I'd love to hear about. Because right now I have never heard about it happening.
Once you've installed it you're in full control as long as you got access to your mobile phone.

Originally posted by Siren:

The other side of it is that Steam Guard is a private app, that does not work with other services. If I have 5 other authenticators built into Authy, then I feel like Steam is incredibly inefficient trying to make me switch apps just for 'it especially'. Like its yee old royal highness creating problems for the serfs. Authy works on PC, so I can literally tab over and its no problem. Steam currently is the only app I have to get on my phone to actually authorise. Its frustrating, and for a pointless reason.

So you render the entire point of two factor authentication moot by having it setup on the system that is the one that has to be compromised anyway to get access to your account in most cases.

Congratulations you are one of the reasons why they don't allow people to use other applications to authenticate. You have punched a truck-sized hole in your security. One virus run on your machine later and they have full access to your account and can do whatever they want.

I'd like to see some movement on this by steam. I don't want the steam app installed on my phone but I want the security of 2FA. Assuming they are just using TOTP there is no reason i'm aware of not to do this from a security standpoint. Basically everyone is allowing 3rd party 2FA now standards are maturing, even google will let me use my open source 2FA app of choice instead of authenticator.

Originally posted by cSg|mc-Hotsauce:

Originally posted by DracoChartin:

I'd like to see some movement on this by steam. I don't want the steam app installed on my phone but I want the security of 2FA. Assuming they are just using TOTP there is no reason i'm aware of not to do this from a security standpoint. Basically everyone is allowing 3rd party 2FA now standards are maturing, even google will let me use my open source 2FA app of choice instead of authenticator.

This is what they are working on...

What's next?

We’re already working on improvements to the Steam Chat app, including voice chat. With Steam Chat moving to its own dedicated app, the original Steam Mobile app will see significant upgrades focused on account security. Our plans include better Steam Guard options to help securely log into your Steam account, such as QR codes and one-touch login, and improved app navigation.

https://steamcommunity.com/games/593110/announcements/detail/1621770561065348220

Steam Mobile App - The mobile app is getting a refresh to add more login types and help users secure their accounts.

https://steamcommunity.com/groups/steamworks/announcements/detail/1697229969000435735

So, in ValveTime.

:qr:

Nice

ValveTime! Lol! Its 2020 and you can use your own TFA app to manage your account for your refrigerator and light switches but not for your games. Better late then never I guess. 🤣

Originally posted by neclimdul:

ValveTime! Lol!

https://developer.valvesoftware.com/wiki/Valve_Time#Valve_Time

It gets sillier towards the end.