Why not just use the Steam app? Because you literally now have a device that can run apps.

引用自 Edifier：

Why not just use the Steam app? Because you literally now have a device that can run apps.

Because Steam Guard is useless when your password gets leaked.
What's the point of Steam Guard if you can use it with the same password that you log into Steam with?
If someone has your password, they can just download the steam guard app and log in with your password.
A third party 2FA app could stop this.

If you give away your account details including your password then why would using a third party app make you suddenly become security adept, it wouldn't.

引用自 XRealX：

引用自 Edifier：

Why not just use the Steam app? Because you literally now have a device that can run apps.

Because Steam Guard is useless when your password gets leaked.
What's the point of Steam Guard if you can use it with the same password that you log into Steam with?
If someone has your password, they can just download the steam guard app and log in with your password.
A third party 2FA app could stop this.

You can't login into a second SMA without using a SteamGuard code. Your hypothetical scenario does not work in the real life as there are already countermeasures in place.
Valve isn't that stupid.

引用自 Kusa：

If you give away your account details including your password then why would using a third party app make you suddenly become security adept, it wouldn't.

Bruh, data breaches happen.
Your password can get leaked even if only you know your password.

For instance if my Steam account's gets leaked in a Steam Databreach, then I'll be safe because with Authy I use a completly different password compared to Steam. So the hackers cannot access my Steam account, because only I can get the one-time codes from Authy.
Authy uses passwords only for recovery. It's not mandatory.
So if I don't set up a recovery password for Authy, then in case I lose my phone, no one will be able to access my accounts that use 2fa. Not even me.
THIS is why I want Valve to implent this feature.

引用自 Cathulhu：

引用自 XRealX：

Because Steam Guard is useless when your password gets leaked.
What's the point of Steam Guard if you can use it with the same password that you log into Steam with?
If someone has your password, they can just download the steam guard app and log in with your password.
A third party 2FA app could stop this.

You can't login into a second SMA without using a SteamGuard code. Your hypothetical scenario does not work in the real life as there are already countermeasures in place.
Valve isn't that stupid.

Then how did my friend's account get hacked with just accepting a friend invite from a random user?

This is what happened:

One day he received a friend invite from a random account, and when he accepted the invite, his Steam client crashed and he couldn't log in. After a while with Valve Support's help he get his account back but his CS:GO skins were missing. He was using a 32 character long password and Steam Guard. How did he get hacked?
And this is not even the first case he got hacked with a really good password and with steam guard enabled.
If you want to talk with that guy, I can refer him to you.

引用自 XRealX：

引用自 Kusa：

If you give away your account details including your password then why would using a third party app make you suddenly become security adept, it wouldn't.

Bruh, data breaches happen.
Your password can get leaked even if only you know your password.

For instance if my Steam account's gets leaked in a Steam Databreach, then I'll be safe because with Authy I use a completly different password compared to Steam. So the hackers cannot access my Steam account, because only I can get the one-time codes from Authy.
Authy uses passwords only for recovery. It's not mandatory.
So if I don't set up a recovery password for Authy, then in case I lose my phone, no one will be able to access my accounts that use 2fa. Not even me.
THIS is why I want Valve to implent this feature.

I know this is kinda off-topic, but I'm curious to what will you reply.

you dont understand 2fa and bent yourself to a single feature of a single software(authy master password/protection pin) when already your phone and computer should be the first door lock to access 2fa codes and those are in no way less secure than what authy provides as extra.

also, standard security procedure is to not use the same password twice among any accounts, so it is completely irrelevant if one password gets breached.

引用自 wuddih：

you dont understand 2fa and bent yourself to a single feature of a single software(authy master password/protection pin) when already your phone and computer should be the first door lock. to access 2fa codes and those are in no way less secure than what authy provides as extra.

also, standard security procedure is to not use the same password twice among any accounts, so it is completely irrelevant if one password gets breached.

Sure... I'm not an expert in this topic, nor would I ever claim to be one.

So you mean that Steam Guard is just as safe as Authy or any othe 2FA app?

引用自 XRealX：

引用自 Kusa：

If you give away your account details including your password then why would using a third party app make you suddenly become security adept, it wouldn't.

Bruh, data breaches happen.
Your password can get leaked even if only you know your password.

For instance if my Steam account's gets leaked in a Steam Databreach, then I'll be safe because with Authy I use a completly different password compared to Steam. So the hackers cannot access my Steam account, because only I can get the one-time codes from Authy.
Authy uses passwords only for recovery. It's not mandatory.
So if I don't set up a recovery password for Authy, then in case I lose my phone, no one will be able to access my accounts that use 2fa. Not even me.
THIS is why I want Valve to implent this feature.

Kind of a mute point as Authy could also have a data breach and your Authy password is now in the public domain.

You need to understand 2FA and how it works rather than rely on a third party app.

Accounts are hijacked, not hacked.

引用自 Kusa：

引用自 XRealX：

Bruh, data breaches happen.
Your password can get leaked even if only you know your password.

For instance if my Steam account's gets leaked in a Steam Databreach, then I'll be safe because with Authy I use a completly different password compared to Steam. So the hackers cannot access my Steam account, because only I can get the one-time codes from Authy.
Authy uses passwords only for recovery. It's not mandatory.
So if I don't set up a recovery password for Authy, then in case I lose my phone, no one will be able to access my accounts that use 2fa. Not even me.
THIS is why I want Valve to implent this feature.

Kind of a mute point as Authy could also have a data breach and your Authy password is now in the public domain.

You need to understand 2FA and how it works rather than rely on a third party app.

Accounts are hijacked, not hacked.

Let's say that I would move to google authenticator that doesn't have passwords. In that case, if my phone would get destroyed, then no one could get the one time codes. Wouldn't that be safer then Steam Guard or Authy with a password for that matter?

引用自 XRealX：

引用自 Cathulhu：

You can't login into a second SMA without using a SteamGuard code. Your hypothetical scenario does not work in the real life as there are already countermeasures in place.
Valve isn't that stupid.

Then how did my friend's account get hacked with just accepting a friend invite from a random user?

This is what happened:

One day he received a friend invite from a random account, and when he accepted the invite, his Steam client crashed and he couldn't log in. After a while with Valve Support's help he get his account back but his CS:GO skins were missing. He was using a 32 character long password and Steam Guard. How did he get hacked?
And this is not even the first case he got hacked with a really good password and with steam guard enabled.
If you want to talk with that guy, I can refer him to you.

Your friend most likely was asked to go into some random website and did then, then gave his login,password and mobile auth code to a fake steam login page.

You cannot hack someone just by accepting friend invite, also even if they knew login/password then even after password change they would still need mobile auth, and to remove mobile auth you need code sent to the mobile.

Im sorry but if Steam's 2fa cannot protect you or your friend then any different 2fa won't help

引用自 XRealX：

引用自 Kusa：

Kind of a mute point as Authy could also have a data breach and your Authy password is now in the public domain.

You need to understand 2FA and how it works rather than rely on a third party app.

Accounts are hijacked, not hacked.

Let's say that I would move to google authenticator that doesn't have passwords. In that case, if my phone would get destroyed, then no one could get the one time codes. Wouldn't that be safer then Steam Guard or Authy with a password for that matter?

If your phone gets destroyed no one would be able to access Steam Guard either.

引用自 XRealX：

引用自 wuddih：

you dont understand 2fa and bent yourself to a single feature of a single software(authy master password/protection pin) when already your phone and computer should be the first door lock. to access 2fa codes and those are in no way less secure than what authy provides as extra.

also, standard security procedure is to not use the same password twice among any accounts, so it is completely irrelevant if one password gets breached.

Sure... I'm not an expert in this topic, nor would I ever claim to be one.

So you mean that Steam Guard is just as safe as Authy or any othe 2FA app?

the app is irrelevant.

the time-based one time password is only available on a device that has been previously setup in verification with the account-based service.

if someone knows your Steam credentials, he still needs your unlocked phone. if someone has your unlocked phone, he still needs your Steam credentials.

if any form of Steam guard is enabled(email or mobile), every scam/hijack/overtake method of Steam accounts requires using you as the weakest link in the security chain by either giving everything needed out to the attacker or you installing malware that observes and intercepts what you do.

.