The idea is that Steam Guard is only secure if your phone is secure, and this QR code sign-in was borrowed from Epic who used it for console sign-ins. The PC isn't a console, so I'm not a fan of that change.

I liked the old method - I'm perfectly capable of remembering a password.

yeah I'm not to keen on it either, I like everything in one package not two separate apps, the fact I have to have one app for store,discussions and then another for chat. It's counterintuitive, I liked everything in one easy single app package

Originally posted by mP3+Z:

I mean, anyone who pickup my phone can login my account without knowing my acc and password. how does it better than steam guard code?

Why isn't your phone secured with a PIN?

I find it totally stupid and very annoying that you can no longer log out with the app

I'm really disappointed in this update so far, not what i was expecting at all. Especially a seperate app to chat..what were they thinking. Going down the same route as facebook it seems.

Hopefully they look seriously at the feedback and make changes asap. Especially with regards to the security aspect.

I wouldn't say unsafe, but definitely attention calling, a big QR code in the steam login screen where all you need is someone cellphone with steam mobile app in it

Originally posted by Carcon:

I'm really disappointed in this update so far, not what i was expecting at all. Especially a seperate app to chat..what were they thinking. Going down the same route as facebook it seems.

Hopefully they look seriously at the feedback and make changes asap. Especially with regards to the security aspect.

I believe the idea it's to make it harder for someone with a stolen phone to go phising around other people

Originally posted by Cathulhu:

Originally posted by mP3+Z:

I mean, anyone who pickup my phone can login my account without knowing my acc and password. how does it better than steam guard code?

Why isn't your phone secured with a PIN?

I do have pin on my phone, but not anyone will do that.

Maybe valve can
1) allow user disable qr code login permanently on their logged-in device.
2) add PIN check for qr code login user.

Originally posted by mP3+Z:

Originally posted by Cathulhu:

Why isn't your phone secured with a PIN?

I do have pin on my phone, but not anyone will do that.

Maybe valve can
1) allow user disable qr code login permanently on their logged-in device.
2) add PIN check for qr code login user.

Then if someone wants to steal the account they just reset your password since they'll undoubtedly have access to the person's email on the phone too. End of the day, if you're not putting at least a pin on your phone, you're just asking for a bad time. Secure your devices, people!

Yep, as soon as I saw that, that was the first big red flag. UI and app is horrible now, no sense in using it. Just roll back to previous version.

Yep I completely agree with this, the old method was much better, and yes I have a pass code on my phone but still why fix something that was not broken....

This new app is completely insecure. We are already logged in. Whoever steals your phone can just login to your account using QR or the approval button. Then they can change everything on your account. So this isn't 2 factor anymore. It is very insecure.

I updated and somehow I need a QR code to authenticate the authenticator. I have the recovery code but why do I need that for something that's supposed to, you know, safeguard that level of information.

Steam security evolution:
- 1FA: PC password
- 2FA: PC password + email code
- 2FA: PC password + phone code
- 1FA: phone QR

with the quality of the new mobile app, maybe Steam Desktop Authenticator will be better, similar single-device security level.