Originally posted by Nebsun:

PIN would not function as Steam Guard - you can set a pin using family view, but it is not meant as a way to secure your account.. Steam Guard is meant as a means of 2FA (2 factors), so PIN doesn't work since it's basically the same 'factor' as a password - "something you know"

SMS could work, but it's unlikely to be done

Originally posted by Nebsun:

PIN would not function as Steam Guard - you can set a pin using family view, but it is not meant as a way to secure your account.. Steam Guard is meant as a means of 2FA (2 factors), so PIN doesn't work since it's basically the same 'factor' as a password - "something you know"

SMS could work, but it's unlikely to be done

Originally posted by RiO:

Originally posted by Nebsun:

PIN would not function as Steam Guard - you can set a pin using family view, but it is not meant as a way to secure your account.. Steam Guard is meant as a means of 2FA (2 factors), so PIN doesn't work since it's basically the same 'factor' as a password - "something you know"

SMS could work, but it's unlikely to be done

It's not necessarily the same type of factor.
There are applications of a PIN as 2FA by binding the PIN to the hardware. Making it a surrogate login for an account that only works on a particular hardware device.

At that point it transforms from 'something you know' to 'something you know and have'.


Microsoft uses this as an option to log into MS accounts.
The necessary auth tokens and release of those tokens when the correct PIN is entered on the device, is handled via its TPM. In essence it's a FIDO passkey avant-la-lettre, where the gesture to unlock the authenticator is guarded by a PIN code.

Originally posted by Meyers07:

Originally posted by RiO:

It's not necessarily the same type of factor.
There are applications of a PIN as 2FA by binding the PIN to the hardware. Making it a surrogate login for an account that only works on a particular hardware device.

At that point it transforms from 'something you know' to 'something you know and have'.


Microsoft uses this as an option to log into MS accounts.
The necessary auth tokens and release of those tokens when the correct PIN is entered on the device, is handled via its TPM. In essence it's a FIDO passkey avant-la-lettre, where the gesture to unlock the authenticator is guarded by a PIN code.

Hardware bound authorization is something i can't agree with thanks to how usually low the support time of such hardware (like 3-4 years at most) or how such hardwares could anytime broke down without warning, and emails are, at least the mainstream ones, easy to be compromised. Phone numbers could be compromised but it's less likelier based on my experience
What i can agree with is double passwords and/or double factor authentication that is account based not hardware based.

Originally posted by lolschrauber:

Sms won't happen, it'd cost them quite a bit of money.

A third party 2fa would be great, at least then I'd have no more need for this dysfunctional piece of crap people call an app.

Originally posted by Meyers07:

Originally posted by lolschrauber:

Sms won't happen, it'd cost them quite a bit of money.

A third party 2fa would be great, at least then I'd have no more need for this dysfunctional piece of crap people call an app.

They still do SMS for those who want to change their e-mail or pw.

apart from the app the only other solution is, well, e-mail, just as usual. But like the very first post i shouldn't use primary emails (like G or O) for Steam to increase security, instead moving on to P.

Originally posted by Golden Unicorn:

sms txting can be bought in unlimited amounts for small less then 50 dollar purchases it isn't like the old days when txt cost money or we only received so many txt a month.

cellphone plans start at 50 dollars a month for unlimited txt and calls.

you are really suggesting that steam can't afford a few hundred dollars for a couple automated txt sms bots, sounds weird.

steam needs to get itself together and get away from email and start allowing users the options of Txt based login codes for steam guard pins. if banks can do it steam can do it.

I laugh at the thought that steam is so unequip with modern technology that for over 10 years txt based sms pins have been sent to users around the world for services.

people have the nerve to call steam the biggest gaming platform in the pc world but it can't even send its users a txt message log in protection pin?

just stop the nonsense and get good steam.

Originally posted by lolschrauber:

Originally posted by Golden Unicorn:

sms txting can be bought in unlimited amounts for small less then 50 dollar purchases it isn't like the old days when txt cost money or we only received so many txt a month.

cellphone plans start at 50 dollars a month for unlimited txt and calls.

you are really suggesting that steam can't afford a few hundred dollars for a couple automated txt sms bots, sounds weird.

steam needs to get itself together and get away from email and start allowing users the options of Txt based login codes for steam guard pins. if banks can do it steam can do it.

I laugh at the thought that steam is so unequip with modern technology that for over 10 years txt based sms pins have been sent to users around the world for services.

people have the nerve to call steam the biggest gaming platform in the pc world but it can't even send its users a txt message log in protection pin?

just stop the nonsense and get good steam.

Those "50 dollar unlimited plans" are for private and not commercial use. Not to mention that's not even international.

I'm more than certain they'll terminate that contract instantly if you start sending tens of thousands of texts every day.

Unlimited doesn't mean unlimited. Read the fine print. People with "unlimited data" have had their contracts terminated for downloading too much before.

Side note: don't use "modern technology" and "txt based sms pins" in the same sentence because it really isn't modern at all.

Originally posted by Meyers07:

Originally posted by lolschrauber:

Those "50 dollar unlimited plans" are for private and not commercial use. Not to mention that's not even international.

I'm more than certain they'll terminate that contract instantly if you start sending tens of thousands of texts every day.

Unlimited doesn't mean unlimited. Read the fine print. People with "unlimited data" have had their contracts terminated for downloading too much before.

Side note: don't use "modern technology" and "txt based sms pins" in the same sentence because it really isn't modern at all.

Idk but for me if it's from large providers like Steam, Meta, Google, or Microsoft it didn't cost a dime but from a local agency (like taxation) it did cost.
Plus some services go straight to text me on WhatsApp for some reason and i find it convenient. In fact both emails and smses for me is dominated by either ads, newsletters, and verification codes.

Again there should be a choice of forgoing email/sms in favor of second password (like the PIN for example) and it's not hardware bound given how unlucky ones could have their hardware unusable suddenly.