Add F2A keys option as an alternative to Steam Guard

모든 토론 > Steam 포럼 > Suggestions / Ideas > 제목 정보

이 토론은 잠겼습니다.

Erethros 2023년 1월 24일 오후 7시 52분

Add F2A keys option as an alternative to Steam Guard

I'd love to be able to use this option as a way to improve Account Security.

Since several years ago, I've been surprised after seeing a notification on my smartphone telling me that I need a code to enter into steam, as if someone where trying to access my acount.

Obviously I changed my Password but I received the same notification even on the same day...

Althogh I asked for help to support, the only answer I could get was to change my password again but, to no avail, I still recive this notification sometimes, even after formating my computer and even changing my smartphone.

I know that I may be a bit paranoid but, I would feel more at peace if I could add this extra layer of security by changing to a non hackable device as a second factor authentication method.

I use an F2A key to login on my email now and once set up, is as easy as connecting it to the USB port on my computer after introducing my password or just tap it on my smartphone and in this way I know that if someone wants to read my emails, it needs to get also one of my F2A keys (I keep a second one just in case the first one gets damaged).

I asked to the suport team about this Idea and they told me that they will take it to the corresponding department as a sugestion and have invited me to also make this sugestion here so, what do you think about?

I'm not asking for it to be an obligation, just an option stronger than an autenticator that is less probable to be stolen than my smartphone.

If someone steals my smartphone, they still would need the key. If someone steals my key, they still need to figure out that it's not a normal pendrive apart from my username or email and my password to be able to cause any damage.

< >

7개 댓글 중 1-7개 표시

rawWwRrr 2023년 1월 24일 오후 7시 57분

Does your USB F2A key alert you when someone has attempted to log into your account?

Erethros 2023년 1월 24일 오후 8시 02분

Nope, that is still being done by the responsible server, by emailing me or by an app notification but, with the diference that I don't get the authoritation code in the same moment the atacker is trying to access my acount, I need to tap my key via NFC or plug it in via USB to reveal the one use code that its only alive for 30 seconds.

RiO 2023년 1월 25일 오전 12시 15분

rawWwRrr님이 먼저 게시:
Does your USB F2A key alert you when someone has attempted to log into your account?

Take a step back and first ask yourself: does that even matter, if it's impossible for a would-be attacker to sign in without physical access to the hardware token anyway?

Just being sent an out-of-band email or even a toast notification the next time the real user logs in (assuming they log in regularly) should more than suffice if you want them to be aware.

The next question is: why should they be made aware specifically?
Tracking repeat attempts and establishing a paper trail, should their account and their account specifically be targeted? (E.g. popular figurehead?) In that case Valve still has that paper trail on their servers. Because they undoubtedly cumulatively track failed logins and associated IP addresses for security purposes.

[N]ebsun 2023년 1월 25일 오전 1시 01분

rawWwRrr님이 먼저 게시:
Does your USB F2A key alert you when someone has attempted to log into your account?

Neither does any 2FA key generator.
Alerts are an entirely separate function to a 2FA system.

You might have 1000's of attempted logins... does that mean anything at all ? not really - they were unsuccessful.

[N]ebsun 님이 마지막으로 수정; 2023년 1월 25일 오전 1시 02분

Nx Machina 2023년 1월 25일 오전 2시 11분

The ship has sailed. Valve added biometrics, qr code, one touch to Steam Mobile Guard app.

Secondly been here 18+ years and never had my account compromised because like my bank account no one needs to know my Steam account details but me.

And finally you cannot trade with those 3rd party keys, apps.

Erethros 2023년 1월 25일 오전 4시 03분

Nx Machina님이 먼저 게시:
The ship has sailed. Valve added biometrics, qr code, one touch to Steam Mobile Guard app.

Secondly been here 18+ years and never had my account compromised because like my bank account no one needs to know my Steam account details but me.

And finally you cannot trade with those 3rd party keys, apps.

Well, there is a small problem and that is that once you have a cookie on your browser that tells that you are the user, the atacker can just use that cookie as a loggin method, without needing to use your password or username...

And sadly, on the same steam app you have everithing, which makes it easy to access your acount just by steeling your device.

That's why I think this method wich has been proven as the more secure way of 2FA culd be a great option for those who want it.

Im not asking for making it compulsory, but to get also the option to use them.

After all, this kind of keys are cheaper than any AAA game and you can use them to protect your email, password manager, your paypal acount... all with the same key.