I also prefered the old method. Especially since the new login screen seems to be live on the main Steam version.

It doesn't even ask for a Steamguard code.

Check out TCNO account switcher, if you are logging into multiple accounts as it's saves all your credentials including password

Originally posted by Sleepy Cyb:

It doesn't even ask for a Steamguard code.

Apparently, if you don't have a compatible phone (or just don't want your phone infested with Valve's 24/7 adware shoving new releases and deals in your face) and are using e-mail guard instead, the "Remember me" is now also the only way to avoid the token expiring after 24hrs and being forced to re-enter a new token the next day.

So, you get to choose between horrendous usability problems; or horrendous security problems in case your system is shared among more people than just yourself.

(No; using separate Windows accounts doesn't help. Because Valve wrote Steam in such a way that it outright ignores the basic Windows permissions model and userprofile data segregation. it still stores all its info centrally, directly in the application folder. A practice which was abolished in the 90s.)

Just noticed that, even if you don't tick the "Remember me" box, next time you want to log into Steam, the option will be ticked.

So in addition to your account name, password and steamguard code, you have to uncheck the box. You either have an automatic login you doesn't ask for anything or you have to input everything.

I wouldn't have a problem not having to type my password if it asked you a steamguard code everytime. Like what is this ? The old login screen was, at least for me. leagues better. Please fix this.

Originally posted by 5,0 ‰ aka Mantaplatte:

Hey.
Is it possible to get the login screen just with remembered name?
When i say "remember me" its "auto login". I want to type my password every time but not my username.

Have a nice day

That has been killing me for a while
Also make it so that unchecking it makes it remember 2fa still

Originally posted by Sleepy Cyb:

Just noticed that, even if you don't tick the "Remember me" box, next time you want to log into Steam, the option will be ticked.

Yeah, they made really good work.
When i log in, screen disappears and pop ups once for 1 half second and then continue logging in.
New look and feel - looks and feels awesome

Originally posted by RiO:

Originally posted by Sleepy Cyb:

It doesn't even ask for a Steamguard code.

Apparently, if you don't have a compatible phone (or just don't want your phone infested with Valve's 24/7 adware shoving new releases and deals in your face) and are using e-mail guard instead, the "Remember me" is now also the only way to avoid the token expiring after 24hrs and being forced to re-enter a new token the next day.

So, you get to choose between horrendous usability problems; or horrendous security problems in case your system is shared among more people than just yourself.

(No; using separate Windows accounts doesn't help. Because Valve wrote Steam in such a way that it outright ignores the basic Windows permissions model and userprofile data segregation. it still stores all its info centrally, directly in the application folder. A practice which was abolished in the 90s.)

Seems like this token refresh thing wasn't well thought out considering we can literally leave the client idle running when you AFK from an idle/incremental game for more than a day only to find that the updated client has "disconnected" itself and asks us to login again.

Which would be OK but my personal experience with this so far (since I don't use "remember me" with the new login UI) is that when the sign-in window appears to refresh the session, any attempt to login again even by manually typing the password does not work and returns an error message. During this time as well, we can't even focus back to the account name input box - I'm thinking that the login refresh screen shows our account name but actually in the "backend" of the client that input is actually blank, so even when we attempt to sign-in again it won't work because we are only able to enter the password.

This new login UI seems messed up, tbh. And this is in reference to the live client and not beta. Is there a fix in beta for this sign-in attempt problem when refreshing sessions?

Originally posted by dbugz:

This new login UI seems messed up, tbh. And this is in reference to the live client and not beta. Is there a fix in beta for this sign-in attempt problem when refreshing sessions?

I'd rather Valve actually fix the root of the issue: namely, the fact that the session expires in the first place.

With the native login your active session wouldn't expire and your 2FA email token would remain good on a 30 day sliding window. Log back in succesfully during any time in that 30 day window; and it refreshes and is good for another 30 days.

My theory is that this is all due to the fact that the new webview login attempts to re-use a 'universal' login that was built for the website, i.e. uses tokens with expiration times deemed nominally good for web-based use.

The 2FA token is used to ensure a malicious actor who somehow got hold of your password, can't log in to your account immediately from their own machine. That's why the token is machine-bound. New machine; new token required. There's zero use in expiring it after 24 hours for the desktop client, because stealing it off of your machine is useless. So for the desktop client, it makes absolutely no lick of sense.

However, it does make sense that Steam would expire the token after 24 hours when it's for website use. Because maybe you signed into the Steam website on another system for whatever reason; e.g. to quickly grab a deal; to send or accept a friend request; to reply to a forum thread; etc.
And then that 24hr period makes sense as 'safe to clean up'.

That actually makes sense - that it's possible that they went the lazy route and just used the same token validity with the new "react"-based login UI same as the new login UI for the browser client.

There should be a distinction between browser-based sessions and desktop client sessions.

Originally posted by 5,0 ‰ aka Mantaplatte:

Hey.
Is it possible to get the login screen just with remembered name?
When i say "remember me" its "auto login". I want to type my password everytime but not my username.

Have a nice day

I agree. The logon screen should do as the old login screen did, remember your username only always. And have the "Remember me" checkbox default to "Unchecked".

Originally posted by Sleepy Cyb:

I also prefered the old method. Especially since the new login screen seems to be live on the main Steam version.

It doesn't even ask for a Steamguard code.

Originally posted by LOONATIC:

Originally posted by 5,0 ‰ aka Mantaplatte:

Hey.
Is it possible to get the login screen just with remembered name?
When i say "remember me" its "auto login". I want to type my password everytime but not my username.

Have a nice day

I agree. The logon screen should do as the old login screen did, remember your username only always. And have the "Remember me" checkbox default to "Unchecked".

Yes.
+
No steam guard every now and then.
I had to reenter steam guard again and again on other device.
Why cant steam remember the computer like before but without auto login?!

i am 100% not a fan of this new mobile build. its sloppy and over complicated for 0 reason. unless someone can point out some sort of new security because of the update. and if i have to go to the app and confirm that yes i want to login and no i don't want to use the qr stuff. what happened to me just looking for the notification of my guard code and logging in and getting about my steam life not this oh let me open the ap oh no i had not opened it before i logged in now i have to back out log back in and then wait for this prompt with way to much information about the login and because if you don't have it open and ready prior to login it does not seem to prompt you to accept or deny the login. so yeah its a real steam stinker when thinking of the ease of use for the last one.

I can't see where a qr code can be more secure than password + sms (on two separate devices of course). This new login scares me more than anything. Bad move to seduce, once again, every user except desktop ones.

Originally posted by Minuit:

I can't see where a qr code can be more secure than password + sms (on two separate devices of course). This new login scares me more than anything. Bad move to seduce, once again, every user except desktop ones.

SMS can easily be spoofed by someone knowing your number, then contacting your service provider to take full access. So the hacker/scammer doesn't even need your phone nor SIM card to actually log in, while with QR code they do (at least in theory).