Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
Valve want their own solution which they are entitled to do because it is their system, just like Blizzard and my Bank have their own mobile app.
As for phishing end users need to stop giving away all their account details, because in 20+ years i have never lost access to my account and that includes before Steam Guard Email and Steam Guard Mobile existed.
Please don't take the high ground and patronize people for falling for scams. You've lasted 20 years without being phished, good for you! But others aren't so lucky, and losing their accounts can be devastating.
Phishing is becoming more and more convincing as time goes on. Attackers utilize convincing fake login pages on typosquatter domain or from fake security alert emails to steal login credentials in real time. People think they're logging into Steam when in reality it's a script on the other end inputting login details into the real Steam website.
Just because you've gone 20 years without falling for it, doesn't mean that everyone else is a complete idiot for falling for it. Any tools to help reduce these attacks should be embraced and appreciated.
Also I literally just said Valve can keep their proprietary app? In the actual part you quoted???
ALL 2FAs can be phished. It just takes a fake UI that directs the phished inputs to the real UI, interactively communicates between user and server and stores the generated session token. It doesn't matter how the key looks if the home owner is willing to give it away.
I take my account security seriously hence why i have never lost access, whereas those who have lost access gave away all their account details voluntarily. Hopefully they will learn from that experience.
There is no gold at the end of the rainbow, greed overrules commonsense and they compromised their own account despite it being secured behind Steam Guard Mobile.
As a sidenote Steam Guard Mobile has biometrics.
So we go back to:
Valve want their own solution which they are entitled to do because it is their system, just like Blizzard and my Bank have their own mobile app.
In turn we go to:
https://store.steampowered.com/subscriber_agreement
C. Your Account (snipped)
You may not reveal, share or otherwise allow others to use your password or Account except as otherwise specifically authorized by Valve.
You are responsible for the confidentiality of your login and password and for the security of your computer system.
Valve is not responsible for the use of your password and Account or for all of the communication and activity on Steam that results from use of your login name and password by you, or by any person to whom you may have intentionally or by negligence disclosed your login and/or password in violation of this confidentiality provision.
This particular part is not just applicable to Steam:
You are responsible for the confidentiality of your login and password and for the security of your computer system.
But also to Ubisoft, EA, Blizzard, Epic, GOG, Rockstar, Bank, Credit Card, Pension, Insurance etc accounts.
How generous to suggest that Valve can keep their solution while ignoring:
Valve want their own solution which they are entitled to do because it is their system, just like Blizzard and my Bank have their own mobile app.
I understand that Valve is entitled to come up with their own solution. That goes for ALL steam products. But if that alone is reason enough to shut down any discussion of improving, changing, adding to, or cutting from the systems maintained by Valve, then why the hell does the "Suggestions/Ideas" forum exist at all?
That argument makes me think you're just trying to shut me down for the sake of shutting me down because you're a contrarian.
It exists for end users to discuss suggestions not to affirm them and Valve to look at.
Did you forget you posted:
You are the one stating phishing is an issue and Valve needs to adopt other solutions and that those other solutions are resistant to phishing, so how do accounts get phished that use those other solutions? The answer is because despite the security offered end users will always find a way to break it.
So we go back to:
This particular part is not just applicable to Steam:
You are responsible for the confidentiality of your login and password and for the security of your computer system.
But also to Ubisoft, EA, Blizzard, Epic, GOG, Rockstar, Bank, Credit Card, Pension, Insurance etc accounts.
As a sidenote Steam Guard Mobile has biometrics.
You are grasping at straws to argue against security keys, as I predicted would happen! You are literally the brigade of old-timers I knew would show up!
Mel Brooks could make a movie out of these forums I swear…
You were not here for discussion as can be seen in the quote above. You are here for affirmation of your suggestion.
Then there are other examples:
And of course:
Because god-forbid others actually find the security offered by Valve, secure. Those selfsame old timers as you refer to them who have never lost access to their account.
Just because Valve is not responsible for people giving away their username and password, does not in itself rule out any possible proactive measures to reduce the rate of successful phishing attacks.
Going on a tangent, but you ever heard of section 230? It says that websites are not responsible for the content their users post. So why do all forums have a moderator team? Because that does not preclude them from being able to still keep the community safe. They can take proactive measures even though there is a law saying they're not responsible for users causing trouble,
Same concept would apply here. Valve might not be responsible for users getting phished, but that doesn't mean we can't suggest something here that would help with the problem.
Btw you mentioned that Steam Guard has biometrics; that still requires you to pull out your phone and open the app, and in fact adds another step to logging in. That is not the same as passkeys and security keys, which only require one tap, fingerprint scan, or pin entry, and don't require getting out your phone and switching apps.
Also as a side note, this whole thread has been ignoring the rest of my post, all the other reasons in favor of passkeys and security keys — the convenience and flexibility of security keys and passkeys are also points of consideration.
Successful because end users give away all their account details.
So how do accounts get phished that use those other solutions you deem secure?
And that is the great thing. To get on my account you need my phone and a finger and not just for Steam but also the Blizzard app and the Bank app on my phone. Not one of those accounts have being compromised and yet here you are stating valve has to have additional options, when it basically comes down to you do not want to pull out your phone.
Alas, here on Steam, I have to make a forum post.