I use KeePass, maybe I'm not paying attention, what's the 2FA option in KeePass? I just use it as a password manager...

Valve has their own 2FA app.

Steam refuses to put the safety of their users accounts in the hands of a third party.

Since why should Steam bother when they have their own?

If someone gets locked out of their account and doesn't have any of their emergency codes, Steam cannot help if a third party is handling the 2FA.

Originally posted by HikariLight:

Steam refuses to put the safety of their users accounts in the hands of a third party.

Since why should Steam bother when they have their own?

If someone gets locked out of their account and doesn't have any of their emergency codes, Steam cannot help if a third party is handling the 2FA.

Precisely. Yubikeys and all other MFA solutions are hacked all the time and are completely insecure. No serious security professional uses ANY security software or solution that they have not developed themselves. The only way to ensure security is to use a security solution that you made yourself.

Originally posted by William Shakesman:

Originally posted by HikariLight:

Steam refuses to put the safety of their users accounts in the hands of a third party.

Since why should Steam bother when they have their own?

If someone gets locked out of their account and doesn't have any of their emergency codes, Steam cannot help if a third party is handling the 2FA.

Precisely. Yubikeys and all other MFA solutions are hacked all the time and are completely insecure. No serious security professional uses ANY security software or solution that they have not developed themselves. The only way to ensure security is to use a security solution that you made yourself.

And it has been PROVEN that it is the USER is the weak point for the security of the Steam account.
Also, WHY should Steam use a third party to do something they already provide?
Steam provides a 2FA, so there is no need for them to get a third party company involved.

Thanks for all your replies, I was just wondering since I do use keepass and its option to do 2fa and not steam on my phone

Originally posted by William Shakesman:

Precisely. Yubikeys and all other MFA solutions are hacked all the time and are completely insecure. No serious security professional uses ANY security software or solution that they have not developed themselves. The only way to ensure security is to use a security solution that you made yourself.

Accounts on Steam are PHISHED because the end user giving away all their account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code, or scanning the QR code or authorising via fingerprint giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link, signing in through a fake login window etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

The weakest link is the end user, not the security offered.


Of course bank, credit card, pension accounts etc are never compromised, oh! Wait they are because the end user gave away all their account details known as PHISHING.