Origineel geplaatst door Satoru:

Origineel geplaatst door zyhkz:

'''And when user use the QR code to login, the login info and username/password should not be saved in the PC.'''
QR code itself may not improve, but
the important thing is this.
Again, this solution are verified by many game companies in our Country. I wont against you if you still think that not work...

Again this is pointless

Once you scan my phishing QR code I OWN YOUR ACCOUNT

I don’t need to know your password. I’m already in. You’re totally screwed. I’ll change your password and you’re dead.

QR codes don’t stop account hijacks

If you want to change your password, of course you need to input your old password... you really dont know how qr code protect the account...
with qr code, maybe you can login easilier. but it will be harder to stolen the accounts and items.

Origineel geplaatst door zyhkz:

Origineel geplaatst door crunchyfrog:

Well, that's the old catch 22 isn't it?

They need to be educated, and the sad reality is that those that need the education are often those that don't WANT to hear it.

All you can do is just do your bit.

Yes, with the PUBG become popular, we got a super large amount of new players... they dont know any thing about steam, they just play PUBG and bring a lot of stolen accounts posts.

Yup, and I can honestly say Satoru is also correct.

QR isn't a mgical trick to cure what you think. As Satoru says, it likely makes things worse.

Any additional route you add to log in, people will foolishly place their total trust in and that's when these problems start.

Phishing website - submit Steam QR code to login and receive skins/keys.

Well, I just provide an option to improve the security, I think Valve developers will investigate it. (this solution is used in a app with billion users, yes billion. I mean wechat and LOL)

Rencently PUBG will be free, and more new players is coming... that is scared

Origineel geplaatst door zyhkz:

Well, I just provide an option to improve the security, I think Valve developers will investigate it. (this solution is used in a app with billion users, yes billion. I mean wechat and LOL)

Rencently PUBG will be free, and more new players is coming... that is scared

You can't protect people from themselves.

If they are foolish enough to get their account stolen, maybe it'll teach them a valuable life lesson.

Origineel geplaatst door zyhkz:

Well, I just provide an option to improve the security, I think Valve developers will investigate it. (this solution is used in a app with billion users, yes billion. I mean wechat and LOL)

Rencently PUBG will be free, and more new players is coming... that is scared

Yes, you did indeed, but that doesn't mean it CAN be solved. Assuming because people are smart they can fix something is a fallacy.

The problem is that enabling QR codes, no matter how well done it is, is STILL burdened with problems making it easier to scam in some cases.

You cannot get around this. Reality doesn't work like that.

It's like when I was at university in the 1990s. I was in Manchester, England. Manchester City Council decided to renovate their bus stops and introduce these sleek little tempered glass and steel things they stupidly dubbed the "vandal-proof bus stop".

That was the worst thing they could have said, because people took that as a challenge. As soon as they went up you could hear the same evening the smashing noises as various things were hurled through them.

That's human nature for you. People think of a solution and put FAR too much faith in it being able to solve everything.

Origineel geplaatst door zyhkz:

Well, I just provide an option to improve the security, I think Valve developers will investigate it. (this solution is used in a app with billion users, yes billion. I mean wechat and LOL)

Rencently PUBG will be free, and more new players is coming... that is scared

You realize Valve mly implements things that are realistic, right?

This is unoriginal. Everyone thinks they have some genius measure to prevent more losses. It doesn't. The phishing dcame are so common that even Steam Guard codes are given out along with logins.

QR code. Otp. Anything and everything the user can disable or give to the other party makes it meaningless.

You want to make these things happen less? Start having education systems teach basic internet security. Make smarter more informed users. Less, tiktok social media "oh cool free stuff here's my login" and more "that's just another scam site" kind of users.

Valve knows better than to waste their time with something a lot of people will bypass the same as steam guard. They're also not obligated to " investigate " rather bad suggestions.

Origineel geplaatst door Mr. Gentlebot:

Origineel geplaatst door zyhkz:

Well, I just provide an option to improve the security, I think Valve developers will investigate it. (this solution is used in a app with billion users, yes billion. I mean wechat and LOL)

Rencently PUBG will be free, and more new players is coming... that is scared

You realize Valve mly implements things that are realistic, right?

This is unoriginal. Everyone thinks they have some genius measure to prevent more losses. It doesn't. The phishing dcame are so common that even Steam Guard codes are given out along with logins.

QR code. Otp. Anything and everything the user can disable or give to the other party makes it meaningless.

You want to make these things happen less? Start having education systems teach basic internet security. Make smarter more informed users. Less, tiktok social media "oh cool free stuff here's my login" and more "that's just another scam site" kind of users.

Valve knows better than to waste their time with something a lot of people will bypass the same as steam guard. They're also not obligated to " investigate " rather bad suggestions.

Fortunately, it is Valve to define what is `bad suggestions`, and they allow all people to submit the `Suggestions / Ideas` not only someone: "You don't need to change anything at all!"

They do not need to setup this channel if they really don't like to hear new ideas.

About `waste their time`, I just know the customer support waste a lot of time with the stolen accounts. That is not interesting enough.

They do not need to add a QR code option, they need to add Multi Factor Authentication (MFA), which also involves the mobile device. This is already implemented. You just need to enable it.

https://help.steampowered.com/en/faqs/view/7EFD-3CAE-64D3-1C31

The main issue is often times not the system, it is the user and most people are not aware of such security options nor do they care until it is too late. Valve should enforce this option to secure that border, but Valve also cannot enforce this on people.

Good news (except for all the people convinced that Valve would never even think of adding QR code login because it's clearly a horrible idea), Valve's already been working on QR code login!

See: https://steamcommunity.com/public/javascript/applications/community/localization/shared_english-json.js

Search in there for "QR" to see the localisation strings relating to logging in with a QR code. Those localisation strings were added there in October.

I wonder if it's as easy to make as when I pay for games here or paying for anything really? I just use my "bankID" and scan a QR code with my phone to pay. It can't be any easier, and as, at least, one whole country seem to be able to use it without issue I'm sure Valve can as well! :D

Though I'm not gonna try and say I know everything that could happen I still "feel" like it's possible.

Origineel geplaatst door aiusepsi:

Good news (except for all the people convinced that Valve would never even think of adding QR code login because it's clearly a horrible idea), Valve's already been working on QR code login!

See: https://steamcommunity.com/public/javascript/applications/community/localization/shared_english-json.js

Search in there for "QR" to see the localisation strings relating to logging in with a QR code. Those localisation strings were added there in October.

Also been mentioned on PC Gamer back in October.

https://www.pcgamer.com/looks-like-steam-is-getting-a-qr-code-login-option/

That is a lot of back and forth about something Valve told us over 2 years ago when the chat app was released.
https://steamcommunity.com/games/593110/announcements/detail/1621770561065348220

Origineel geplaatst door aiusepsi:

Good news (except for all the people convinced that Valve would never even think of adding QR code login because it's clearly a horrible idea), Valve's already been working on QR code login!

See: https://steamcommunity.com/public/javascript/applications/community/localization/shared_english-json.js

Search in there for "QR" to see the localisation strings relating to logging in with a QR code. Those localisation strings were added there in October.

Note I don't disagree with QR code implementations

I disagree with the OP's insistence that QR codes will magically stop phishing and hijacking attempts, especially when they give the actual use case and situations in which these supposed 'hijackings' occur

If the OP thinks a QR code login is going to magically stop phishing and hijacking they are in for a surprise

Note the main reason the OP wants QR codes is because QR codes are highly ubiquitous in China/Asia and thus are commonly implemented. While in western countries QR codes are not very common in usage aside from the sort of boom in it due to *insert worldwide pandemic*

Origineel geplaatst door zyhkz:

Origineel geplaatst door Mr. Gentlebot:

You realize Valve mly implements things that are realistic, right?

This is unoriginal. Everyone thinks they have some genius measure to prevent more losses. It doesn't. The phishing dcame are so common that even Steam Guard codes are given out along with logins.

QR code. Otp. Anything and everything the user can disable or give to the other party makes it meaningless.

You want to make these things happen less? Start having education systems teach basic internet security. Make smarter more informed users. Less, tiktok social media "oh cool free stuff here's my login" and more "that's just another scam site" kind of users.

Valve knows better than to waste their time with something a lot of people will bypass the same as steam guard. They're also not obligated to " investigate " rather bad suggestions.

Fortunately, it is Valve to define what is `bad suggestions`, and they allow all people to submit the `Suggestions / Ideas` not only someone: "You don't need to change anything at all!"

They do not need to setup this channel if they really don't like to hear new ideas.

About `waste their time`, I just know the customer support waste a lot of time with the stolen accounts. That is not interesting enough.

Here's the thing though.

You keep hiding behind this "oh Valve will know" idea. Stop that, as it's a fallacy.

If we can DEMONSTRAE why this is a bad idea that isn't worth continuing with it ends there.

And that has been done so.

I get it, you thought you had a great idea, and you got shot down. That hurts a bit. But the fact is you can't argue with evidence and reality. This IS a bad idea as people have explained to you.

Ther is no way round this.