All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
ortund Jun 19, 2024 @ 6:10am
Secure trades by 2fa to prevent fraud/theft
It's bad enough to know you've been had by malicious Ukrainian incels who have nothing better to do than make other peoples lives miserable by hacking their accounts. It's another thing to know that even though they could make you whole after you've been a victim of such a scammer, Steam patently refuses to take action.

What's worse is the ease with which scammers can buy a new Steam account for next to no expense creates a situation whereby they can continue to perpetrate such fraud and theft with impunity.

You feel bad enough having been a victim of this, it'd be nice to know there's an additional safeguard to protect the value of your account.

I was recently one such victim and although it was still a headache to deal with, I was able to regain access to my account relatively quickly - although not before my Inventory had been cleaned out. What made it easier was the 2fa I had set up on my account requiring the authenticator and codes sent by email to log in.

That's why I'm suggesting that all trades be required to pass a 2fa challenge before the items are moved. At least that way, if my account does get compromised, my items are safe - or at least, more difficult to move.

This would discourage such bad actors from working their scams and enable users to protect the value of their accounts in a more robust way.

Considering the real world monetary value of the items each of us has in our accounts, I see this as an absolute necessity and I am, frankly, shocked that it hasn't been implemented yet.

Something went wrong while displaying this content. Refresh

Error Reference: Community_9743614_
Loading CSS chunk 7561 failed.
(error: https://community.cloudflare.steamstatic.com/public/css/applications/community/communityawardsapp.css?contenthash=789dd1fbdb6c6b5c773d)
< 1 2 >
Showing 1-15 of 17 comments
Tito Shivan Jun 19, 2024 @ 6:23am 
Trades are already protected by 2FA
#1
. Jun 19, 2024 @ 6:51am 
I stopped reading at "Ukranian" and realized you had a political agenda.
#2
𝕸𝕱𝕬𝖅𝕰 Jun 19, 2024 @ 7:01am 
ad
:steamsad:
#3
Nx Machina Jun 19, 2024 @ 7:15am 
Accounts are PHISHED not hacked because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.


Do all the following NOW to secure your account.

1. Scan for malware https://www.malwarebytes.com/

2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

3. Change passwords from a clean computer

4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage

5. Revoke the API key at https://steamcommunity.com/dev/apikey (there should be NOTHING in the APIKEY)
Last edited by Nx Machina; Jun 19, 2024 @ 7:20am
#4
ortund Jun 19, 2024 @ 8:36am 
Originally posted by Garbage:
I stopped reading at "Ukranian" and realized you had a political agenda.
No it just happened that the piece of sh** that stole my entire inventory is indicated as from Ukraine so I decided to mention it.

Apart from that I don't give a damn about a war on the other side of the planet which doesn't involve me.
#5
ortund Jun 19, 2024 @ 8:37am 
Originally posted by Tito Shivan:
Trades are already protected by 2FA
Funny how my authenticator never keyed up for me to authorize it when they stole my inventory out of my account then...

If you're right and this is true, then I'd say the fault lies with Steam as much as with me.
#6
ortund Jun 19, 2024 @ 8:39am 
Originally posted by Nx Machina:
Accounts are PHISHED not hacked because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.


Do all the following NOW to secure your account.

1. Scan for malware https://www.malwarebytes.com/

2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

3. Change passwords from a clean computer

4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage

5. Revoke the API key at https://steamcommunity.com/dev/apikey (there should be NOTHING in the APIKEY)

Thanks for telling me what I already know.

My point is the Steam Guard Mobile Authenticator didn't present a code indicating any trades and it should have as that would've saved me from losing all my ♥♥♥♥.
#7
Nx Machina Jun 19, 2024 @ 8:59am 
Originally posted by ortund:
Thanks for telling me what I already know.

Correct. You gave away all your account details because they cannot GUESS all your account details.

I have being here 19+ years and have never lost access to my account and that includes before Steam Guard Email and Steam Guard Mobile existed.

Originally posted by ortund:
My point is the Steam Guard Mobile Authenticator didn't present a code indicating any trades and it should have as that would've saved me from losing all my ♥♥♥♥.

Because as already stated:

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.
Last edited by Nx Machina; Jun 19, 2024 @ 9:04am
#8
Supafly Jun 19, 2024 @ 10:06am 
You fell for a scam and logged in on a phishing site using your username, password and a LIVE Steam Guard code.

You gave someone access. There is nothing wrong with Steam Guard. The items traded without confirmation were valued under $1 and it's like that because a large amount of people complained of having to confirm 100's of low value items.

Learn from your mistake so that it doesn't happen again. If you keep your **** secure your items and account will remain secure.
#9
nullable Jun 19, 2024 @ 1:07pm 
Originally posted by ortund:
Secure trades by 2fa to prevent fraud/theft

Try securing your account to prevent fraud/theft. You have all the tools you need, you just need to use them properly. More security won't make people stop being careless or reckless with their accounts, and if they're already not securing their account properly it's just more security for them to sabotage whenever it gets in the way. Which someone gets a bright idea, "I know more security! Yeah! You know what Steam needs? 3FA! Because sure people mishandle their credentials and Steam Guard Code, but they won't give away the 3rd thing!" /wishful thinking
#10
HikariLight Jun 19, 2024 @ 1:23pm 
All the security in the world cannot stop the weakest link, the user.
#11
ortund Jul 11, 2024 @ 9:12pm 
Originally posted by HikariLight:
All the security in the world cannot stop the weakest link, the user.
What's funny is you actually think you've contributed value by posting this...
#12
Ben Lubar Jul 12, 2024 @ 1:09am 
I'm pretty sure I had to use my authenticator when I traded TF2 items worth less than a cent each with a bot.
#13
Supafly Jul 12, 2024 @ 6:02am 
Originally posted by Ben Lubar:
I'm pretty sure I had to use my authenticator when I traded TF2 items worth less than a cent each with a bot.
They changed it years ago so items worth less than $1 no longer need confirming using the Authenticator
#14
Ben Lubar Jul 12, 2024 @ 6:04am 
Originally posted by Supafly:
Originally posted by Ben Lubar:
I'm pretty sure I had to use my authenticator when I traded TF2 items worth less than a cent each with a bot.
They changed it years ago so items worth less than $1 no longer need confirming using the Authenticator

I don't know how it would compute that for items that are neither sold nor marketable.
#15
< 1 2 >
Showing 1-15 of 17 comments
Per page: 1530 50

All Discussions > Steam Forums > Suggestions / Ideas > Topic Details
Date Posted: Jun 19, 2024 @ 6:10am
Posts: 17
Start a New Discussion

Discussions Rules and Guidelines