How To Protect Your Steam Account

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
If you are a Steam user, make sure you read this and update your account if necessary.

There are several methods attackers use that are hard to combat: malware in the guise of other programs like a ‘TeamSpeak update or missing audio codec’ or a ‘CS:GO weapon upgrader!’, malware disguised as images and screenshots, identifying users who reuse passwords on their Steam and email accounts, or via an exploit in their web browser or operating system. It's a complicated situation and even very sophisticated Steam users can fall victim.
 
I have two-step authentication on everything that allows it. I feel like it should be a standard with any secure login system now a days.
 
NickJames said:
I have two-step authentication on everything that allows it. I feel like it should be a standard with any secure login system now a days.
Click to expand...

Every account I have is tied to an email account which uses a two factor authentication system and password that isn't replicated in any way on any other account. I think that and the use of Steam's own two factor authentication system should prove adequate. It surprises me how many people use weak passwords replicated across every account and value the ten seconds they save to login over security.
 
So follow the same practices one should when browsing the internet? Got it.

I really don't understand how people can be so gullible sometimes.
 
I have a 13 year old kid with his own Steam account, and he doesn't have a phone. I could easily see him being duped. He is impulsive and always after the next game he wants. I am hesitant to link my phone to all 4 accounts in the home...
 
Dwango said:
It surprises me how many people use weak passwords replicated across every account and value the ten seconds they save to login over security.
Click to expand...
It has less to do with valuing in the time, and more to do something that one can easily remember.
 
sfsuphysics said:
It has less to do with valuing in the time, and more to do something that one can easily remember.
Click to expand...

Pretty much this. Can't wait for two-factor authentication to become standard. In the meantime, i have three passwords I use, each for different things. Websites like this get my weakest (but easiest to remember) Password, for example.
 
During the process of setting up the Mobile Authenticator Code - the one that I'm supposed to know if I lose the phone or device that is being used to verify the account - the code did not show when it was supposed to show it to me. Now I can't remove Steam Mobile Authenticator (this is a separate thing from the two-factor authenticator).

Oh, and what the hell? When I attempt to log in to Steam on my PC, it says enter the current code displayed in the Steam Mobile app. When I open the Steam Mobile App, it says to enter the current code displayed in the Steam Mobile app. Uh... is it just me or is this kind of fucked up?
 
Okay, I did manage somehow to get the Steam Mobile app to send me a code to my phone to log in there. I've switched "Get Steam Guard codes on my phone" back to "Get Steam Guard codes by email" so I'm out of that confusing loop.
 
Cantroy said:
I have a 13 year old kid with his own Steam account, and he doesn't have a phone. I could easily see him being duped. He is impulsive and always after the next game he wants. I am hesitant to link my phone to all 4 accounts in the home...
Click to expand...

Thats why you lock him to non-admin account on your PC. I have been running my nephew's Steam PC like this for years with no problem. I have to log in remotely for him to be able to install anything. Since im the one that usually buys the games for him, its pretty simple.
 
Cantroy said:
I have a 13 year old kid with his own Steam account, and he doesn't have a phone. I could easily see him being duped. He is impulsive and always after the next game he wants. I am hesitant to link my phone to all 4 accounts in the home...
Click to expand...

Get him the cheapest android device you can find. You don't need to have cell service. Just use your wifi.
 
Now that they've finally started doing phone texts just like everyone else has offered for years, I no longer have to worry.
 
I suppose it's less likely you'll lose you phone? Which probably automatically logs into your linked email account and or steam app. Well and we know phones never get compromised and have no vulnerabilities. Damn computers.... going back into my tin cave now.
 
Two-step authentication is awesome, but it can be a pain in the ass for us in IT. Client wants you to fix something remotely, have to track them down and have them give you a code from their smartphone, etc.
 
Steve said:
If you are a Steam user, make sure you read this and update your account if necessary.

There are several methods attackers use that are hard to combat: malware in the guise of other programs like a ‘TeamSpeak update or missing audio codec’ or a ‘CS:GO weapon upgrader!’, malware disguised as images and screenshots, identifying users who reuse passwords on their Steam and email accounts, or via an exploit in their web browser or operating system. It's a complicated situation and even very sophisticated Steam users can fall victim.
Click to expand...


Welp, guess it's time we all switch to an iMac.:rolleyes:
 
It doesnt help that Steam forgets things.
A while ago I was asked to verify my email address.
I did this but am now being asked to verify my email address again.

What is the point?
 
Nenu said:
It doesnt help that Steam forgets things.
A while ago I was asked to verify my email address.
I did this but am now being asked to verify my email address again.

What is the point?
Click to expand...
This!!! This here grinds my gears!
:mad:
 
Nenu said:
It doesnt help that Steam forgets things.
A while ago I was asked to verify my email address.
I did this but am now being asked to verify my email address again.

What is the point?
Click to expand...

To ensure that your email address is still active. That's the point. It's ensuring that the contact info is still fresh and valid.

This whole thread can be summed up as "WAH WAH WAH PROPER ACCOUNT SECURITY IS INCONVENIENT AND IT SUCKS."

Wrapping malware into third party trojans is NOT a sophisticated form of attack. Only idiots use third party "tools" to cheat and cheating almost always leads to a compromised account.
 
To be clear, I didn't complain about two-factor authentication being extended to phone texts. I complained about what appears to be serious bugs in the process: being given a recovery code that I couldn't see, and the Steam Mobile App asking for the current code displayed in the Steam Mobile app. I feel lucky to have been able to switch back to the email method without knowing the recovery code for the text method.
 
Cantroy said:
I have a 13 year old kid with his own Steam account, and he doesn't have a phone. I could easily see him being duped. He is impulsive and always after the next game he wants. I am hesitant to link my phone to all 4 accounts in the home...
Click to expand...
As it turns out, WinAuth 3.3 now support Steam logins in addition to other two factor systems.
 
When I logged in a few weeks ago Steam notified me that someone had tried to login to my account but Steam Guard blocked it. What's odd is that a code was not sent to my e-mail when there should have been. I wondered if this was a mistake but I changed my password just to be safe. If someone did get my username and password I don't know how. I haven't fallen for any tricks nor will I ever. My e-mail account that I get codes from places also has two step authentication so luckily there is little chance of someone getting into my account.
 
I have Steam Guard enabled and change my password periodically...that's good enough for me...I'm not giving Steam my phone number
 
Nenu said:
It doesnt help that Steam forgets things.
A while ago I was asked to verify my email address.
I did this but am now being asked to verify my email address again.

What is the point?
Click to expand...

Did you clear your cookies or clean reinstall your browser? That's the only time it's ever nagged me.
 
mi7chy said:
Did you clear your cookies or clean reinstall your browser? That's the only time it's ever nagged me.
Click to expand...

No, same Windows.
Mind numbingly the same apart from using different BIOS versions on my gfx card.
This caused me a quite a faff getting Windows to authenticate.
Maybe that was somehow the cause.
 
You must log in or register to reply here.
Back
Top