There is little to no reason not to have some option to disable this. I, and many people who feel strongly about their privacy will literally never give in, so the only reason it could be forced on is to infuriate us.
We need an option for this.

My personal view on the subject is this:
I am seeing an incredibly high amount of people not just on the Steam forums but in the media using completely fallacious arguments for decrease in privacy, anonymity and general freedom. Some of these are "but if you have nothing to hide you dan't have to worry" or "we need to make sacrifices for the greater good" or in this case "but it's still technically physically not 100% impossible to ignore it". We need to stop doing this. It will inevitably lead to a complete lack of freedom of choice. Following this kind of reasoning, we'd have to supply photo ID and three points of reference on signup. If you don't like that idea, rethink the idea that "it's still technically possible".

People who think this way are not tin-foil hat people, they are people who like their freedom of choice and anonymity.

sara_bear님이 먼저 게시:

I'm not confusing things

You were confusing social attacks with actual attacks on phone devices. So yes you were confusing things. You also confused attacks on iOS that required attackers to trick users into installing the malware in question. Only the Android StageFright can be exploited unilaterally. Its all nice to say 'ooh phones are hackable' but you need ot actually understand the vectors if you're going ot make the case that phones are 'hackable'.

The point of the SMS authorization pathway is to satisfy the "something you own" authorization path. Since an attacker is extremely unlike to have phyiscal access to your device, and is unlikely to know your phone number either, and even then somewho would have have to expoit your phone remotely to gain access to read your SMS messages? Is it possible? yes. But for a Steam hijacker that's a LOT of work and simply doesn't scale when you're trying to exploit users.

And thinking one's cell phone is safe from thieves just cause it's still in your pocket is foolish.

Again this mistakes how said attacks can even be carried out. Most attacks require user intevention just like an attack on your PC. Its also a red herring. The exploitation of phones is way more difficult, and thus works well as a secondary authorization mechansim. Just like its way harder to steal a physical token from a user.

Really cause I get hacked at from here far more than any other site.

If you're getting hijacked/exploited then yes you are the weakest link. Even if 'you' are not, users are ALWAYS the weakest link in the security chain. That is why the SMS authentication is there. As a secondary authentication mechanism due to the fact that users are the main problem with the security chain. It provides a 'something I own' authorization mechanism, instead of the cumbersome validation of cc information or cd-keys.

Don't be rediculous. Steam is a vastly used and therefore will be massively attacked. Common hacking of Steam goes with the territory of it's popularity.

Again the one time Steam's infrastructure was exposed showed that they were doing everything 100% correctly for things most organizations don't do

1) Salted hashed password
2) ENCRYPTED personal data EVEN ON OFFLINE BACKUPS

Which is the crux of the matter. An attacker no matter what you say still needs your phone number. They can't get that. If I hijack your account, your phone # is not visible in the Steam account. So again how am I supposed to get it? Hack Steam? Where am I getting your phone # from? Heck Steam wasn't even vulnerable to HeartBleed because they encrypted your login password over the wire. Something that people were questioning years before HeartBleed as redundant due to SSL. Steam said "we do it just in case"

http://forums.steampowered.com/forums/showpost.php?p=28947998&postcount=4

Again your fear of the phone # requires an attack on Steam. Attacks that so far have been fruitless and when successful have proved that Steam follows very good standards for storing private data in ways that cannot be exploited by attackers even if they get access.

Satoru님이 먼저 게시:

sara_bear님이 먼저 게시:

http://money.cnn.com/2015/06/17/technology/samsung-galaxy-hack/

Requires injection of malicious software during a software update of SwiftKey. Good luck trying that on a user.

http://www.express.co.uk/life-style/science-technology/594350/Major-Android-Smartphone-Flaw-Hangouts-Phone

http://money.cnn.com/2015/07/27/technology/android-text-hack/

This is the only hack that could be used in the wild. But note that it still requires you to know the target's phone #.

From celebrity hacks to everyday users. It happens and it's easy.

Do not conflate issues. Most of such hacks were social engineering ones. And had nothing to do with 'the phone' or the phone number.

By your logic you should just stop using your computer. Because if you want security breaches due to literaly anything you're using right now, I can make your head spin.

Then if my steam account is secure, why am I being repeatedly asked to make it more secure?

Because the problem with security isnt' Steam

Its a PBKAC issue

Steam is addressing the weakest point in the chain

YOU

Thanks you Satoru. You saved me the time for typing that up myself.

After reading those articles, it looks like the phone OS is at least as secure as a PC, maybe even more so if people don't visit random sites or log onto unknown networks.

I didn't read of any unexpected ways, nor easy ways, for a phone to get hacked and they still seem more secure then the average PC.

sara_bear님이 먼저 게시:

(chuckle) Really cause I get hacked at from here far more than any other site. I'm the weak link buying and down loading a game from them? Using the market? Reading messages from my friends? So I'm the weak link using the common features of a popular site?

No, it is what you do outside that puts the account at risk.

sara_bear님이 먼저 게시:

Don't be rediculous. Steam is a vastly used and therefore will be massively attacked. Common hacking of Steam goes with the territory of it's popularity.

Steam users are targeted and at random. The hope they have is if they send out enough links, someone will fall for it. Sorry to say, it is true.

Steam has only been hacked one time and no account hijackings have been linked to it as the data was encrypted.

sara_bear님이 먼저 게시:

My gripe is that even by opting out I still keep being repetatively asked. Big flasking green banner at the top of the page when I log in.

As I said, if you are getting repeated pop-up for this, then it is not intended and is a bug that Valve will fix as soon as they find the issue and take care of it. You are not going to be forced or bugged to add your phone number. It will just take time for it to get fixed.

I am currently using the stable client and have had no pop-ups at all asking for my number.

Spawn of Totoro님이 먼저 게시:

Thanks you Satoru. You saved me the time for typing that up myself.

After reading those articles, it looks like the phone OS is at least as secure as a PC, maybe even more so if people don't visit random sites or log onto unknown networks.

I didn't read of any unexpected ways, nor easy ways, for a phone to get hacked.

To be clear the Android StageFright exploit is one that's very serious as it can be unilaterally initiated by an attacker.

However even for StageFright you still need the users' phone #. And to get that you basically need to hack into Steam HQ itself to get the phone #. Data taht's likely to be encrypted. That's on top of the fact that you still have to go through the salted hashes to find the username/password first.

The thing people also don't get is that when you use your credit card or any other online transaction, your phone # is generally transmitted. If you swipe your credit card at Tesco, they have it. I have to use my cc at tons of places who are likely not storing my personal information in an encrypted manner and thus are far more likley to get exploited such as Target and such. If one is paranoid that their personal informationis going to leak out from STeam, they should be far more worried about htat happening literally in every other aspect of their lives. Yet we don't freak out when we swipe our card at a restaurant, despite the fact that your data is far more exposed there.

Its easy to say 'omg the world is out to get you' kind of fears. But its equally important to understand the scope of those exploits and what reasonably is your exploit surface. You really can't say "i dont want to give Steam my phone number" then go over to Mcdonalds and swipe your cc and not bat an eye.

Satoru님이 먼저 게시:

SNIP

Definitely, think you'll find this an interesting watch https://www.youtube.com/watch?v=hqKafI7Amd8

I dont care just remove this ♥♥♥♥ !!! after the last update everytime I log in it ask me to put my ♥♥♥♥♥♥♥ number in,,,Here the thing,,, I aint giving you ♥♥♥♥, plain & simple so give us an option at least to cut this spam off...

Spawn of Totoro님이 먼저 게시:

As I said, if you are getting repeated pop-up for this, then it is not intended and is a bug that Valve will fix as soon as they find the issue and take care of it. You are not going to be forced or bugged to add your phone number. It will just take time for it to get fixed.

I am currently using the stable client and have had no pop-ups at all asking for my number.

I've been getting the prompt at least once a week for the last few months. Since they can't seem to nail down this "bug", the least they could do is add an opt out button in the mean time.

Mr.Shaggnificent님이 먼저 게시:

I've been getting the prompt at least once a week for the last few months. Since they can't seem to nail down this "bug", the least they could do is add an opt out button in the mean time.

Try to opt out of the Beta client.

It is pointless to add an opt-out button as there should be a decline already available.

Spawn of Totoro님이 먼저 게시:

Mr.Shaggnificent님이 먼저 게시:

I've been getting the prompt at least once a week for the last few months. Since they can't seem to nail down this "bug", the least they could do is add an opt out button in the mean time.

Try to opt out of the Beta client.

It is pointless to add an opt-out button as there should be a decline already available.

Look like most of us we are not useing the "BETA CLIENT" it started happening right after this last update so ...

I cannot work that quote thing, apologes... I do however have a question , just for my own knowledge for future...

You say to Opt Out of beta client. Okay i understand that...

Can you tell me how, if i have not even opt-ed 'in'? Just curious..

Spawn of Totoro님이 먼저 게시:

Try to opt out of the Beta client.

It is pointless to add an opt-out button as there should be a decline already available.

I am opted out of all Beta programs. That doesn't work. This is something happening in the stable version of Steam. I am getting frequent popups too...very annoying. I am not so sure this is a bug, I think it is intended to ask everytime you log in. Surely they would have gotten reports of this happening in the Beta and fixed it if it wasn't intended. For extra info, I have never opted in to Steam Client Betas and I recently reinstalled Steam so this isn't a bug being caused on my end at least. I have started seeing other reports that are saying even if you do give the phone number it still bugs you to give them your phone number so there is still the chance that something has bugged up, but my inclination is that the bug is that once you give them your number it is supposed to stop asking you and it is supposed to pester you otherwise. Be nice to see an official response from Steam on this either way.

CatharsysGaming님이 먼저 게시:

I cannot work that quote thing, apologes... I do however have a question , just for my own knowledge for future...

You say to Opt Out of beta client. Okay i understand that...

Can you tell me how, if i have not even opt-ed 'in'? Just curious..

Steam--->Settings--->Account

There is a portion in the Account Tab that says Beta Participation and will show your status.

agreeksailor님이 먼저 게시:

I am opted out of all Beta programs. That doesn't work. This is something happening in the stable version of Steam. I am getting frequent popups too...very annoying. I am not so sure this is a bug, I think it is intended to ask everytime you log in. Surely they would have gotten reports of this happening in the Beta and fixed it if it wasn't intended. For extra info, I have never opted in to Steam Client Betas and I recently reinstalled Steam so this isn't a bug being caused on my end at least. I have started seeing other reports that are saying even if you do give the phone number it still bugs you to give them your phone number so there is still the chance that something has bugged up, but my inclination is that the bug is that once you give them your number it is supposed to stop asking you and it is supposed to pester you otherwise. Be nice to see an official response from Steam on this either way.

I fit was intentional, then everyone would get it.

I have not, my wife has not, nor my other account that I use for my son.

Other have given their number and still recive the message.

Not everything is fixed or found out in a beta. Sometimes code is changed at the last minute or things don't patch properly.

Okay i don't think you understand. I know where to go. If i've never opted into the beta settings... How do i opt out.. *smh* It becomes frustrating when it is hard to explain to people already frustrated with the situation at hand.. I think i'll "opt" out of the this topic...

CatharsysGaming님이 먼저 게시:

Okay i don't think you understand. I know where to go. If i've never opted into the beta settings... How do i opt out.. *smh* It becomes frustrating when it is hard to explain to people already frustrated with the situation at hand.. I think i'll "opt" out of the this topic...

I said it has helped some people, not all. Only other thing is to wait for a fix.