Showing a password in plain text is not great for security. There is a forgotten password option if you ever forget it.

Publicado originalmente por Dan958:

Showing a password in plain text is not great for security. There is a forgotten password option if you ever forget it.

I am very well aware of it... but here's the thing using it locks things down on your account for a few weeks. No trading, no market place etc.

I am aware that it would be a risk but if the machine itself is secure well... the password doesn't need to be

Publicado originalmente por Start_Running:

Publicado originalmente por Dan958:

Showing a password in plain text is not great for security. There is a forgotten password option if you ever forget it.

I am very well aware of it... but here's the thing using it locks things down on your account for a few weeks. No trading, no market place etc.

I am aware that it would be a risk but if the machine itself is secure well... the password doesn't need to be

If the machine is secure, can't you just set it to remember your password?

Publicado originalmente por Dan958:

Publicado originalmente por Start_Running:

I am very well aware of it... but here's the thing using it locks things down on your account for a few weeks. No trading, no market place etc.

I am aware that it would be a risk but if the machine itself is secure well... the password doesn't need to be

If the machine is secure, can't you just set it to remember your password?

Which is what I do... which is why I forget the damned password after about 3-4 months which causes problems when I actually need to remember.

There are plenty of password hack programs on the web for the script kiddies to use in this situation. You can google to find one.

Don't set your account to remember your password

Then you HAVE to remember it

You should invest in a centralized password database maybe like KeePass

That's more of a headache... and while I ama ware of such tools existing I'm just saying there should be an option in the steam client. It probably wouldn't even harm security that much. After all.. Someone would require physical access to the PC after all. and if they had the access to do that then they could simply use that same access to steal your stuff anyway.

There shouldn't be an option because the client shouldn't remember the password in plaintext, and there shouldn't be such an easy way for your little brother to find your password. The suggestion only adds security holes. If you need to remember your password and you don't want a password manager and you're confident about physical access to your pc, buy a post it note.

People already complain that Steam isn't secure enough so I can't imagine a measure that reduces security would be very popular.
There are plenty of free programs/apps that store passwords in an encrypted format and since you say this is not a frequent problem it shouldn't be much of a hassel to check something like that the few times it becomes necessary.

The problem is

Steam doesn't store your password

Steam stores a salted/hashed version of your password. Which we know from the Steam breach from a few years ago.

Thus Steam cannot actually show you what your password is. It actually has no idea what it is. The datastream of your login is

1) Type in your password
2) STeam encrypts this data even before it hits the HTTPS tunnel
3) an encrypted version of your password is sent (this is the primary reason HeartBleed did not impact any Steam users because passwords were encryted INSIDE the HTTPS tunnel)
4) Password is decrypted on the other end
5) The server finds your account
6) The server uses the same salt and hashing algorithm
7) The servervchecks if the hashes match
8) You are authenticated

At no point does Steam ever actually store your password in a format where it could give you the plaintext password.