They already let you use the app as a mobile authenticator…

Originally posted by lsdninja:

They already let you use the app as a mobile authenticator…

Tell me you didn't read the article?

Originally posted by Crashed:

Originally posted by lsdninja:

They already let you use the app as a mobile authenticator…

Tell me you didn't read the article?

Because this has been brought up many times already.
Steam has said no.

Originally posted by HikariLight:

Originally posted by Crashed:

Tell me you didn't read the article?

Because this has been brought up many times already.
Steam has said no.

Can you cite any such statements made by Valve or is it just the community rejecting security measures?

Originally posted by HikariLight:

Steam has said no.

Quote please.

The only people who repeatedly said no to it were the usual nay-sayer brigade. Especially the guy who keeps telling people that GabeN's account using a completely different technology that works by hardware token was never "hacked" and the one that for some reason think that they never geting their banking stuff hijacked has some relevance.

Because they already have an app that does what your wanting. That's why.
Why would Valve pay a third party to handle the security of the accounts of their customers?

Originally posted by HikariLight:

Because they already have an app that does what your wanting. That's why.
Why would Valve pay a third party to handle the security of the accounts of their customers?

I am never not amazed why people who have zero idea about security features are coming into this kind of discussion ...

Originally posted by cinedine:

Originally posted by HikariLight:

Because they already have an app that does what your wanting. That's why.
Why would Valve pay a third party to handle the security of the accounts of their customers?

I am never not amazed why people who have zero idea about security features are coming into this kind of discussion ...

Eh, neither am I, considering what part of the Steam forums we are in...

Lot of people need to look in their mirrors before accusing others about what they know.

Valve relies on their their mobile authenticator. Others have asked for a number of different 2FA solutions. Each has their pros and cons.

Passkeys are not a new idea. The one from the example in the article is a new implementation of it.

Originally posted by lsdninja:

They already let you use the app as a mobile authenticator…

Originally posted by HikariLight:

Because they already have an app that does what your wanting. That's why.
Why would Valve pay a third party to handle the security of the accounts of their customers?

This is a completely different authentication method than what exists currently. It's also not "third-party". It would be native to the Steam application. Steam Guard just uses your current account credentials in order to function (it's essentially just 2FA). Which is great, and it works very well, honestly. That being said...

Instead of using a username/password at all, authentication will be done with public-key cryptography (PKI). I will not explain PKI in-depth but essentially in this case, your private key will be stored either in an OS such as Windows or Android (Google Password Manager), a third-party PW manager app like Bitwarden, or a browser like Chrome. Your public key is stored on Steam's server. You don't have to worry about passwords anymore, and no sensitive information is stored on Steam's servers (just the public key). In addition to being more secure, it's a seamless login experience. You can just use bio-metrics (your phone's fingerprint scanner) to log in. Or just input your Windows pin.

Passkeys are absolutely the future of authentication and adoption is increasing. With how often users log in to Steam, and how prevalent scams are on the platform, it would behoove Valve to adopt this technology sooner rather than later in my opinion. But I'm no Valve employee and I don't know what their internal conversations look like. Maybe they're working through it already.

What are you thinking, Valve? :O

Originally posted by rawWwRrr:

Valve relies on their their mobile authenticator. Others have asked for a number of different 2FA solutions. Each has their pros and cons.

Thousands of hijacked accounts a day can't be wrong!

Yes, people are asking for a FIDO2 implemention for years. And some people still think the mobile guard is the be-all-end-all of security and impossible to improve or even to substitute.

It's up to valve if they want to do it, or not, so when it gonna happen is anyone guess.

The current methods are these.
A) Email 2FA, a code is sent to you each time you want to login.

If using Steam mobile guard app

B) When you login, you get notification on phone/tablet asking do you approve the login.

C) If you're not getting that notification, you can select use 2FA code which can get from the app.

D) QR code scan login, you just scan, and click approve login that it.



I assume they're not doing it because you can pre approve devices to store login which not smartest incase you somehow manage to give Scammer access they now have saved your pre approval login on their device which means they no longer need your login permission since you gave them full access vip since you're looking for feature that doesn't ask for your login approval method if I'm assuming correctly.

Originally posted by cinedine:

Originally posted by rawWwRrr:

Valve relies on their their mobile authenticator. Others have asked for a number of different 2FA solutions. Each has their pros and cons.

Thousands of hijacked accounts a day can't be wrong!

Yes, people are asking for a FIDO2 implemention for years. And some people still think the mobile guard is the be-all-end-all of security and impossible to improve or even to substitute.

New lock, same problem, it doesn't magically stop people from going out of their way to giving out their accounts.

Originally posted by cinedine:

Thousands of hijacked accounts a day can't be wrong! :cozybethesda:

Because they gave away ALL their account details hence why the flaw is the end user and not the security offered by Valve, as the following is not plausible.

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to "then and only then" have access your account.

Originally posted by cinedine:

Yes, people are asking for a FIDO2 implemention for years. And some people still think the mobile guard is the be-all-end-all of security and impossible to improve or even to substitute.

When making your point why do you continually ignore bank accounts, credit card accounts etc are also being phished because the end user gave away ALL their account details.

And then ignore: "You are responsible for the confidentiality of your login and password and for the security of your computer system". - from the SSA.

In 18+ years (19 years on the 18th Nov), i have never lost access to my Steam account and this includes before Steam Guard email, Steam Guard Mobile existed.

Why? Because i take my cybersecurity seriously. I have also never lost access to my bank account, credit card account etc.

Originally posted by Dr.Shadowds 🐉:

New lock, same problem, it doesn't magically stop people from going out of their way to giving out their accounts.

This is untrue has been exhaustively explained in various threads about the topic already.

Originally posted by CokeHyena:

it's surprising that Valve has made no announcement to add passkey support.

Not a surprise at all if you're a little bit familiair with Valve, to be honest.

Originally posted by CokeHyena:

Is there a plan to implement this in the near future?

I very, very, very much doubt it will be ever. And if ever, likely not anytime soon.