All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
Ç!イ!乙3η-メ Nov 5, 2023 @ 3:35pm
API key Authenication
API key scams have been happening a lot as many people fall for fake logins on third party sites... It would be beneficial to all players if an API key has to be approved by mobile verification before being added.........

A simple "Did you request adding an API key. If this was not you decline here" alert would help a lot of people and maybe help stop a huge amount of I ACCIDENTALLY REPORTED YOU scams

I think it would help a lot of people (especially those that use third party sites)..
Last edited by Ç!イ!乙3η-メ; Nov 5, 2023 @ 3:49pm
< >
Showing 16-18 of 18 comments
Tito Shivan Nov 9, 2023 @ 11:35pm 
Originally posted by Ç!イ!乙3η-メ:
I have not seen heard of anyone having their mobile authentication moved to a scammers device (im not saying it does not happen). As far as I knew any generated code only lasts a small period of time like 30 seconds???

I understand that there will be many that still fall for certain types of scam but without the API access I am sure theses scammers will not be able to change trades of an account using one of their scam accounts and redirecting items.... It may also stop any items under $1 from being sent to another account via backdoor access.
Haven't seen it happen in a while, scam methods come and go out of style periodically (in this case probably because it triggers a small trade cooldown), but it has definetly been a thing. Period of validity of the SMS is largely irrelevant as everything is automated and it's done at the moment of phishing (Not like there's a guy going after his phone to enter the code or anything). Mind Steamguard codes have a shorter lifespan.

And once they swap the victim's authenticator to their device the API key isn't needed anymore they can confirm the trade themselves through the swapped app.


Originally posted by Ç!イ!乙3η-メ:
This was more about making it as difficult as possible for scammers whilst also protecting against certain scam methods....
I do so think an additional hurdle in obtaining an API key would save some people the headache of being scammed. It's not a silver bullet (there's none TBF), but it's another stick in the scammers wheels.
And one with very little impact on how people operate with Steam daily.
#16
Ç!イ!乙3η-メ Nov 21, 2023 @ 6:57am 
I have just seen this posted in another thread

>>>>>>>>>>>> API Key registered to your account
Someone with access to your Steam Account, ********, requested a new Web API key.
If you did not request this key, or are not sure how this is used, please change your password now.
This key is not needed to log in to Steam or any website. It can access certain account-specific data, including viewing trade offers. API keys are only used by automated systems that communicate with the Steam web programming interface.
Your request was observed from: Khimki, Moskva, RU <<<<<<<<<<<
Last edited by Ç!イ!乙3η-メ; Nov 21, 2023 @ 6:58am
#17
Supafly Nov 21, 2023 @ 9:44am 
Phishing sites will just change their login requirements like they did when Valve added Steam Guard.

It'd then be Enter
Username
Password
Steam Guard code
Please confirm the Api key creation that has just been sent to you as this is required to be able to use our site fully

Steam could add 100 hoops....sorry security measures and phishing sites will just add more requests for each of them and all the ignorant users will continue to ignore every warning and basic internet safety advice and do what the phishing sites tell them
#18
< >
Showing 16-18 of 18 comments
Per page: 1530 50

All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
Date Posted: Nov 5, 2023 @ 3:35pm
Posts: 18
Start a New Discussion

Discussions Rules and Guidelines