Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
So locking it would be counter productive.
Also, account security is the account owners responsibility, you shouldn't be sharing your login info ANYWHERE or with ANYONE.
The only place you should be logging in with your Steam credentials is on Steam.
Hey, did you pick it up? steamcommumutliy /gift/activation /s
Steam chat rooms are rampant with cyber criminals posting url,s but veterans expect the greenhorns to know better, while Valve allows that spamming behavior day after day.
Also
Valve pays people bounty that find exploits. But what if someone decides that they don't want paid, and they want to exploit instead?
0% Valves responsibility. Maybe 2FA should nag a little more.
What most places do is 'trigger' additional steps when an abnormal login attempt happens, not outright locking you from accessing your account.
However nothing stops the phisher from also requiring that extra step in their phishing site (Like some already do, asking the victim for the SMS required to swap the authenticator away from the victim's phone)
It's not the silver bullet you think it is.
Tell me why I would give anyone my login info. Please, I'd love to hear your ideas, because I can't think of any reasons personally...
This is what I meant by locking, I didn't know what else to call it
Point is, had this been a feature, my account wouldn't have been breached by some schmuck. God knows where he got my login information from and how, because I didn't do anything to leak anything. At least not purposefully
That's how phishing works.
That would only work if I logged in to anything other than Steam, which I did not
Gabe Newell gave his login details to the world when Steam Guard was introduced, nothing happened to his account with Steam Guard enabled. I wonder why. So at some point in time, you maybe logged in into a phishing site or gave away the credentials including Steam Guard related info, if you had it enabled prior to the "incident".
1. User visits phishing website
2. Phishing website can use a VPN or other techniques to appear to come from Users location
3. User then gives phishing website their login details including a LIVE Steam Guard code.
4. Phishing website that appears to come from the users location, country, city or even spoofing their EXACT IP uses the users login data.
5. Steams system has no clue it's not the user
Bottom line Geolocking circumvented by phishers just as quick as it could be implemented.
But it would also cause so many issues. If a user accesses their account whilst travelling they get locked out.
What happens if they are trying to login because there is already something happening with their account, hijacked and friend/family have told them their account is spamming phishing/scam links to them. They can't do anything because Steam locks them out as they're in a different location. This would give hijackers even more time to screw with a Victims account.
Wishlisted Game goes on Sale and you get an email about it. You're on holiday and decide to buy it, can't play till you get back but you can buy it. Oh wait they can't because they are in a different Country and you idea gets them immediately locked.
Users have their accountname, password and Steam Guard to keep their accounts secure. Trying add something that will be circumvented with ease whilst causing so many problems is NOT a solution. Users NEED to educate themselves about basic internet safety. Plenty of warnings on Steam and various other places online. Read the news, doesn't have to be Steam specific as the same **** happens all over the internet all the time
How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on discord, free knife click the link etc.
How does Steam (a program) know it is not you when all the account details are correct? It doesn't.
Someone would have to "guess" your account name from "millions of possible combinations".
Next they would have to "guess" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".
And finally they would have to "guess" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.
Secondly:
https://store.steampowered.com/subscriber_agreement
C. Your Account (snipped)
You may not reveal, share or otherwise allow others to use your password or Account except as otherwise specifically authorized by Valve.
You are responsible for the confidentiality of your login and password and for the security of your computer system.
Valve is not responsible for the use of your password and Account or for all of the communication and activity on Steam that results from use of your login name and password by you, or by any person to whom you may have intentionally or by negligence disclosed your login and/or password in violation of this confidentiality provision.
Unless it results from Valve’s negligence or fault, Valve is not responsible for the use of your Account by a person who fraudulently used your login and password without your permission.
And finally:
Being here 18+ years and have never lost access to my account and this includes before Steam Guard email, Steam Guard Mobile existed, so no, there is no cybersecurity issue with the security offered by Steam, just end users not taking responsibility for their own actions.
Note: Gabe Newell gave away his account details in 2011 to demonstrate Steam Guard and his account remains uncompromised. You can even try to get on his account as his account name and password are on the link below.
https://www.escapistmagazine.com/gabe-newell-gives-away-personal-steam-password/
I don't know why people go to third party websites when Internet Common Sense clearly lays out that it's not a very good idea to do so, nor has been for two decades. I don't know why I have to argue with people who absolutely insist that the website they visited is legit because YouTuber A says it is, or because thousands of others use the site, or because some random who runs the site says they are legit.
But it happens multiple times every single day. Just like old people still fall for the classic phone scams, even though they literally just finished watching a blurb on the news about classic phone scams. Just like people fall for the fake Nigerian Prince scam. At the end of the day, there are a lot of people who are greedy and gullible, but actually do not have the self awareness to realize or understand that they are greedy and gullible and will insist otherwise until the sun goes down.