Steam market and trade authorizations didn't integrate into a Yubikey.

rawWwRrr původně napsal:

Steam market and trade authorizations didn't integrate into a Yubikey.

I dont want trade and market auths for yubikey, i want account login as 2FA, which is still only on steam guard

If every single program, services, windows os, websites.....etc uses the same 2fa

Do you know what the hackers will think????

1) wow, i can use the same hacking tool to get inside the programs, services, windows os, websites.....etc that uses the same 2fa extremely easily

----------

There are already threads lying all over the steam forum with same thread title

steam guard = 2fa

no154370 původně napsal:

If every single program, services, windows os, websites.....etc uses the same 2fa

Do you know what the hackers will think????

1) wow, i can use the same hacking tool to get inside the programs, services, windows os, websites.....etc that uses the same 2fa extremely easily

----------

There are already threads lying all over the steam forum with same thread title

Yubikey is a completely separate device bruh, its not windows, every single major website uses OAuth, steam guard is 2FA yes but its a proprietary 2FA, for logins, physical key or open source 2FA is miles better

✪ Yee Haw původně napsal:

no154370 původně napsal:

If every single program, services, windows os, websites.....etc uses the same 2fa

Do you know what the hackers will think????

1) wow, i can use the same hacking tool to get inside the programs, services, windows os, websites.....etc that uses the same 2fa extremely easily

----------

There are already threads lying all over the steam forum with same thread title

Yubikey is a completely separate device bruh, its not windows, every single major website uses OAuth, steam guard is 2FA yes but its a proprietary 2FA, for logins, physical key or open source 2FA is miles better

Then why gmail, hotmail, blizzard entertainment gaming platform, Ubisoft, Activision......etc didn't use ''yubikey'' as 2fa

✪ Yee Haw původně napsal:

Currently, the steam 2FA system is pretty ass, and not even secure imo,

I disagree as i have being here 19+ years and have never lost access to my account and that includes before Steam Guard Email and Steam Guard Mobile existed.

Why do others lose access to their account?Because they give away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code.

Steam Guard and the Mobile Authenticator is absolutely fine. Keep it secure by not having an infected device or login on phishing websites and you won't have an issue.

✪ Yee Haw původně napsal:

Currently, the steam 2FA system is pretty ass, and not even secure imo,

Well that is your opinion. The facts shows though that the Steam 2FA is perfectly secure as it is.

Yubikey won't make it anymore secure.

The ultimate result of security is the end-user and the ultimate responsible is the end-user. You may get a yubikey, but at end you are still responsible for that extra, precious magic shield.

Common sense and brain are perfectly viable.

no154370 původně napsal:

Then why gmail, hotmail, blizzard entertainment gaming platform, Ubisoft, Activision......etc didn't use ''yubikey'' as 2fa

Google accounts (Gmail) and Microsoft accounts (Hotmail) actually do both support Yubikeys. Google has something they call the Advanced Protection Program[landing.google.com] which is their highest level of account security which requires a FIDO-compliant security key to use. Yubikeys are FIDO-compliant security keys. Google also has their own Google Titan security keys.

normally im screaming about LESS 2fa.

but steam is the only place 2fa has actually helped me.

I think the current 2fa is good, it works, and so long as you arent stupid you should be fine.

no154370 původně napsal:

✪ Yee Haw původně napsal:

Yubikey is a completely separate device bruh, its not windows, every single major website uses OAuth, steam guard is 2FA yes but its a proprietary 2FA, for logins, physical key or open source 2FA is miles better

Then why gmail, hotmail, blizzard entertainment gaming platform, Ubisoft, Activision......etc didn't use ''yubikey'' as 2fa

Yubikeys are a vendor-specific hardware implementation of a FIDO Universal 2nd Factor (U2F) authenticator. FIDO U2F and other FIDO protocols are available in open source specifications created and maintained by the FIDO (Fast IDentity Online) Alliance - an open industry association whose aim it is to create interoperable and strongly secure means of authentication.

Both Google and Microsoft are founding members.

Both Google Accounts and Microsoft Accounts can be signed into using FIDO authenticators ('hardware keys'). Microsoft brought that feature to other platforms like GitHub as well, btw.
And did you know social media platforms like Facebook are also supporting it?
Tons of other services as well. Also quite popular with e.g. password managers and other services that value strong user security in some capacity. Take for instance the popular privacy-minded Proton Mail, which also supports it.

Educate yourself first, before you run your mouth off - maybe?


The reason platforms like Steam, Battle.net and UPlay don't support it is because strong user security is not an identifying selling point to them. Gamers are notoriously a market segment of people with a mostly laissez-faire attitude towards such things, scant few exceptions to the rule withholding - such as people regularly popping up in these type of threads.

Zefar původně napsal:

✪ Yee Haw původně napsal:

Currently, the steam 2FA system is pretty ass, and not even secure imo,

Well that is your opinion. The facts shows though that the Steam 2FA is perfectly secure as it is.

Yubikey won't make it anymore secure.

FIDO would make it objectively, provably* more secure - through the simple fact that FIDO's U2F 2nd factors cannot be phished without malware actually being present on the client device. You literally can't accidentally slip your credentials to a scam site. It is made physically impossible through how the protocol works.


*) I'm not kidding about the "provably" either, btw. There are literally scientific papers that prove through rigorous math that FIDO U2F is always more secure than any protocol involving manual human intervention - such as having to manually scan a QR code; or manually enter back a one-time code.

✪ Yee Haw původně napsal:

Currently, the steam 2FA system is pretty ass, and not even secure imo, can we get proper 2FA standards like Yubikeys? these accounts are worth a lot of money and getting a better 2FA Auth standard should be there rather than steamguard

2fa is as effective as the user. If the user is ass then the authentication will be as well if the user is providing their key to others.

The Living Tribunal původně napsal:

2fa is as effective as the user. If the user is ass then the authentication will be as well if the user is providing their key to others.

Except that one of the design goals of FIDO security keys (of which Yubikeys are an example) is to reduce the impact of user misuse.

For a FIDO security key, to share your key with others means literally sending the physical security key device itself to another person. It's significantly easier to accidentally send a 5-digit alphanumeric code to someone in China (or, scan a fraudulent QR code provided by someone in China) than it is to accidentally internationally ship your security key to China.