don't want one don't need one.

Starwhite님이 먼저 게시:

Forcen님이 먼저 게시:

True, this is also a solution. It might be a bit less unsafe and portable, can you password it somehow? Touch password? Malware could remote your stuff and look for emulators and copy the whole thing with the app and everything and use it to take all your stuff.
This is why separate hardware is what valve wanted and a bit safer if you can afford it.

I'm sure you can somehow, but it's of no interest to me. I want less hassle for simple card trades, not more, which is why I don't want to use my tablet for it either. And my PC is already much more secure than any phone.

People should also stop calling the phone more secure since it's separate hardware, when it's much less secure 1FA. Sure if you trade on PC you need to do extra hassle of confirming it on the phone. But why would they do that when they can just get malware on the phone much easier and require no other device at all.

It's way easier to make malware that looks for the "androidemulator" folder and uploads it them to actually trick people to install malware on BOTH your PC and your phone and get them to work together in a fast way.
if they really have no need for smart devices as they claim they are very unlikely to get malware since they will never install apps or use it for anything, they only bought it for Steam.

You may not need it and that is fine, i'm just asking if it is possible? People in general are the same people who get hacked and they should probably use any password they can.

Remember the old way was to damn easy for hackers, everything was automated. Send someone a file, get them to run it and boom, you got all the items in them inventory traded to you. This is way more of a hassle if not also pretty damn hard.

You use windows? All they need to get into your secure computer is to get a file on it and get you to run it, security is all in the user and not so much in the software anymore.

1FA? Did you forget one? Explain please.

Forcen님이 먼저 게시:

It's way easier to make malware that looks for the "androidemulator" folder and uploads it them to actually trick people to install malware on BOTH your PC and your phone and get them to work together in a fast way.
if they really have no need for smart devices as they claim they are very unlikely to get malware since they will never install apps or use it for anything, they only bought it for Steam.

You use windows? All they need to get into your secure computer is to get a file on it and get you to run it, security is all in the user and not so much in the software anymore.

1FA? Did you forget one? Explain please.

But you don't need to install anything on the PC ever, that's what the 1FA (1 factor authentication) means. You confirm trades done on the PC with the phone, that's 2FA. You confirm trades done on the phone with the phone, that's 1FA. Also the phone is much less secure than the PC, making this still a decrease in security, not increase. People who buy phones just for Steam trading probably aren't installing malware on their PC either.

Of course I use Windows, but how on earth is anyone getting random files on my computer much let making me run them? Same applies to every OS out there as well.

Starwhite님이 먼저 게시:

But you don't need to install anything on the PC ever, that's what the 1FA (1 factor authentication) means. You confirm trades done on the PC with the phone, that's 2FA. You confirm trades done on the phone with the phone, that's 1FA. Also the phone is much less secure than the PC, making this still a decrease in security, not increase

Hmm, I see your point here. The other factor is the steam password and I guess they could get that via some mobile keylogger or something but I bet it's harder than that since you don't really need to re-enter the password. Doesn't the phone number do something about that? Can move authenticators that easy or without the phone number verification? Even if they do it is one week before then can trade and that is one week of the old app not working which will warn the user.
Not sure they could remote control apps enough to get you to verify trades without the user noticing anything since you get notifications and all that but I'm no android security expert..

I have heard that there android hacks out there but less secure than PC's? Sounds a bit much, got any links I could read? Or terms to google?

I still think this seems much harder than just getting someone on a teamspeak server that sends a link to a "plugin" that they need which is malware and bam you got their stuff.

Of course I use Windows, but how on earth is anyone getting random files on my computer much let making me run them? Same applies to every OS out there as well.

They send people teamspeak links as described above or fake voip software that sound legit or mimic existing software and their sites like mumble. They send screenshots (.src) files of items from websites with names like lmgur (LMGUR). Not super obvious stuff for inexperienced users.
My point was that the PC is not more secure than the user usually, but maybe you are unhackable idno.

People who buy phones just for Steam trading probably aren't installing malware on their PC either.

I don't know, that is the easier option for some people. Not sure how easy it is to get android emulators but it sounds hard and that could be enough for some inexperienced users.

But you in the end, you don't need a smartphone as we both agree on and people in this thread seems to miss that fact.

Matt님이 먼저 게시:

There are pros and cons to the current system. There are pros and cons to the new system.

Adding more restrictions to 'improve' security at the cost of making things difficult for responsible people. That doesn't sit well with me at all. People get keylogged? It happened because they are careless and have not taken enough steps of their own to secure themselves. People get scammed? It's a lesson; next time be more careful. In other words, there shouldn't even be any form of item recovery. All of these things are entirely avoidable and your own fault. They also only happen to a small % of the total amount of people that use Steam.

The above has never been an issue for me, but I don't have a smartphone (cellphone works just fine for its intended purpose) so I'm stuck with the 3 day hold up during which prices can really change - usually in a negative way.

And what's the deal with the trade hold message '-user- has not activated trade confirmations or hasn't used mobile auth for 7 days'? Even with all trade confirmations activated, I have to put up with the trade hold. This is just adding fuel to the fire really.

yeah its annyoing especially for new acc

Forcen님이 먼저 게시:

Not sure they could remote control apps enough to get you to verify trades without the user noticing anything since you get notifications and all that but I'm no android security expert..

I have heard that there android hacks out there but less secure than PC's? Sounds a bit much, got any links I could read? Or terms to google?

They aren't moving it anywhere, they infect your phone and the malware uses the keylogged password and your own app to empty your account in an instant without needing any more confirmations. Computers get updates much more often and usually have antivirus, firewall and their browsers have plugins that increase security even if you click links. Of course those aren't foolproof since the universe always manages to make better fools but still something a phone usually lacks.

Forcen님이 먼저 게시:

They send people teamspeak links as described above or fake voip software that sound legit or mimic existing software and their sites like mumble. They send screenshots (.src) files of items from websites with names like lmgur (LMGUR). Not super obvious stuff for inexperienced users.

My point was that the PC is not more secure than the user usually, but maybe you are unhackable idno.

Why would anyone join random TS server if unknown scammer spams you with its address? It's very easy to no do that at all. There are plenty of trusted public ones for games, communities etc. It also gives out your IP to the owner, which can be used for DDoS against you so you lose the game. Just stay away from shady places and there is no problem. The people who do random stuff like that just because someone spammed them a link are the problem on every platform, be it computer or phone.

Personally even if I clicked some link, nothing would still happen. I'm no running IE6 and clicking yes yes on everything. I would have to bother to do work to make any malware on the site work at all, much less get as far as my computer.

Forcen님이 먼저 게시:

I don't know, that is the easier option for some people. Not sure how easy it is to get android emulators but it sounds hard and that could be enough for some inexperienced users.

Personally I run Android x86 in a VM, that's probably something not many would do. But I hear BlueStacks is much easier and there is even the Desktop Authenticator that runs in Windows without any emulation. I just wanted a real Android with official app, instead of some other solution that potentially might be riskier, even when probably not.

I have one but i can't understand why are they forcing use to use it against our will... Why can't there be an option to opt out of this extra hassle like there was with e-mail verification?
I'm ok to not get any refund if i ever get hacked if i don't have mobile authentication just like it used to be if you didn't have e-mail verification.How hard can it be to put an option to opt-out?

Demigod Dan님이 먼저 게시:

The above has never been an issue for me, but I don't have a smartphone (cellphone works just fine for its intended purpose) so I'm stuck with the 3 day hold up during which prices can really change - usually in a negative way.

Purely by your own choice. I've been mobile authenticated all this month without any additional phones or other devices. Everyone should just run the app in some Android emulator or use the Desktop Authenticator instead of whining about having to buy some useless $10 phone for no reason.

People are listening, make it good!

Starwhite님이 먼저 게시:

Demigod Dan님이 먼저 게시:

The above has never been an issue for me, but I don't have a smartphone (cellphone works just fine for its intended purpose) so I'm stuck with the 3 day hold up during which prices can really change - usually in a negative way.

Purely by your own choice. I've been mobile authenticated all this month without any additional phones or other devices. Everyone should just run the app in some Android emulator or use the Desktop Authenticator instead of whining about having to buy some useless $10 phone for no reason.

Oh I'm the one whining is it? Correct me if I'm wrong, but is this not a 'solution' born out of whining in the first place? Now it comes down to who has the best arguments: the people that get hijacked/scammed or the people who don't have a smartphone. Since avoiding to get scammed/hijacked is even less of a hassle than 'simply' buying a $10 smartphone (it really isn't as simple as that lol), the decision should be very clear.

Edit: Or doing what you suggested for that matter. I do not see Steam advertising this Android emulator or Desktop Authenticator as a solution. That's like saying you should use something because it exists. Derp.

Starwhite님이 먼저 게시:

They aren't moving it anywhere, they infect your phone and the malware uses the keylogged password and your own app to empty your account in an instant without needing any more confirmations. Computers get updates much more often and usually have antivirus, firewall and their browsers have plugins that increase security even if you click links. Of course those aren't foolproof since the universe always manages to make better fools but still something a phone usually lacks.

When they get the most victims the antiviruses don't really detect the stuff yet, it takes a day or two.
Here is a scan of some steam malware when it was a 4 days old it seems: https://www.virustotal.com/sv/file/ea1ac0d38e5f3d0a550902f03a6d3c821a38c6abbbabfead7ba007c586b884a2/analysis/1445707440/ You can see that is well detected in later scans but just three AC detects it after a 4 days. You can also see a link to a detailed analysis of the malware in the comments if you want.

Also the android malware would need to confirm the trade on that device somehow, and create the trades on a PC somewhere else. That is the tricky part. Not sure that controlling other apps is that easy just yet.

Also most android users get their software from google play and they can see that known companies put out apps they want. You can't install apps from other sources without changing settings and so on, more of a walled garden then a PC kind of. There could be exploits but i don't know anything on how common they are.

Why would anyone join random TS server if unknown scammer spams you with its address? It's very easy to no do that at all. There are plenty of trusted public ones for games, communities etc. It also gives out your IP to the owner, which can be used for DDoS against you so you lose the game. Just stay away from shady places and there is no problem. The people who do random stuff like that just because someone spammed them a link are the problem on every platform, be it computer or phone.

They bait people in with the story that they are going to play a csgo tournament for money but they are one short, they just need one more player and they will win for sure and get items easy and all that. Makes victims a bit more motivated to join that TS server. and then voice won't work without the "plugin" a popup says, kind of seems like a real message from the software rather then a message from the server...

Personally even if I clicked some link, nothing would still happen. I'm no running IE6 and clicking yes yes on everything. I would have to bother to do work to make any malware on the site work at all, much less get as far as my computer.

If you use chrome with the default settings it will download the file without asking you and put it in your download bar thing at the bottom with a nice icon of a cool knife or something with the filename "csgo knife.jpg".
Least unsafe thing about chrome right there but it sounds you use noscript or something and that's great, loads of people use chrome however.

Personally I run Android x86 in a VM, that's probably something not many would do. But I hear BlueStacks is much easier and there is even the Desktop Authenticator that runs in Windows without any emulation. I just wanted a real Android with official app, instead of some other solution that potentially might be riskier, even when probably not.

I think bluestacks want money after a week or something, stick with that thing you use.

Fast: They force you because the old solution it doesn't work at all to stop malware from stealing your stuff. Sad truth.

I do have a smartphone. It's rarely used.

Don't have, don't want.

I have a phone.