You need the mobile authenticator to get rid of the 15 day trade hold and it is Steam's 2FA.

Problem solved.

I can already tell that video is clickbait nonsense and if you’re referencing it as “proof” then no amount of security is going to prevent you from your greed letting you be scammed

People only get their inventories and Steam wallet funds stolen when they get their Steam credentials phished by a 3rd party. Usually through a look-alike login page or some skin trading/selling site. Then there are people that hijacked through their email account being insecure and finally a keylogger targeting Steam logins getting on their machine.

Adding 2FA to the marketplace is going to... annoy, a whole lot of people. Most people on Steam have never had their account compromised so are in no danger of this self inflicted issue.

Stem guard does not work for selling items only for selling, exchanging and logging. I would like steam to add 2FA also for buying items. Because currently someone can buy $0.01 worth of shuffle from your account for $100 and it doesn't require confirmations. And as for being greedy I'm not stupid enough to believe that someone wants to give away a valuable item for free.

Originally posted by 少女:

Stem guard does not work for selling items only for selling, exchanging and logging. I would like steam to add 2FA also for buying items. Because currently someone can buy $0.01 worth of shuffle from your account for $100 and it doesn't require confirmations. And as for being greedy I'm not stupid enough to believe that someone wants to give away a valuable item for free.

Most Steam users don't get their login credentials hijacked by a 3rd party. Therefore this is a non-issue for the vast majority of Steam users. So there is no need for those users to have to use 2FA just to buy something from the marketplace.

The video you posted literally has the guy say his friend clicked a malicious link. He indirectly described the false login page phishing scam. No form of 2FA works when you literally give away your authorization code. No amount of improving 2FA works against human gullibility or outright stupidity.

A user inside your account has already gone through Steam's 2FA. Asking the same security clearance he's already succesfully gone through for marketplace transactions is bogus.

Accounts are PHISHED not hacked because the end user gave away all their account details. The account name, the password and the KEY to the door, the Steam Guard Mobile code giving them access to your account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't.

More importantly someone would have to "guess" your account name from "millions of possible combinations".

Next they would have to "guess" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

And finally they would have to "guess" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.


Secondly:

https://store.steampowered.com/subscriber_agreement

C. Your Account (snipped)

You may not reveal, share or otherwise allow others to use your password or Account except as otherwise specifically authorized by Valve.

You are responsible for the confidentiality of your login and password and for the security of your computer system.

Valve is not responsible for the use of your password and Account or for all of the communication and activity on Steam that results from use of your login name and password by you, or by any person to whom you may have intentionally or by negligence disclosed your login and/or password in violation of this confidentiality provision.

Unless it results from Valve’s negligence or fault, Valve is not responsible for the use of your Account by a person who fraudulently used your login and password without your permission.


And finally:

Being here 18+ years and have never lost access to my account and this includes before Steam Guard email, Steam Guard Mobile existed, so no, there is no cybersecurity issue with the security offered by Steam, just end users not taking responsibility for their own actions.

Note: Gabe Newell gave away his account details in 2011 to demonstrate Steam Guard and his account remains uncompromised. You can even try to get on his account as his account name and password are on the link below.

https://www.escapistmagazine.com/gabe-newell-gives-away-personal-steam-password/