I think the problem is the latest SCR download link scam going around doesn't actually Steal your passwords or anything. It is an automated script to trade your valuable items and gifts away. And that's it. So the SecurID token wouldn't work, since it just tricks your client into doing it without having to log in using these tokens.

Indeed the current scr scam doesn't even touch your credentials. It simply knows you're logged into steam because it's sent via chat, then executes a trade under your credentials for very specific items, then exits.

An RSA token would only help if you invoked it on every single trade you did.

I did think about using the token for every trade, but figured that would be excessive. Of course it wouldn't be a required token... which also means that the ones using it are the ones least likely to need to use it... which then boils down to why bother honestly?

It may look like the real solution actually sits with Microsoft, and securing a hole caused by the screenshot executable. But even then, if a person is downloading and running an scr file, they'd probably download and run an exe (heck, they do with the "Steam Guard" fake file).

So it still boils down to people downloading and installing software. And the ones that would benefit the most from the tokens are the ones that would be the least likely to use them. Making them manditory simply wouldn't fly.

Цитата допису Satoru:

An RSA token would only help if you invoked it on every single trade you did.

And traders would totally love that. /sarcasm