+54 54 0
Published 5 years ago by Prickl with 8 Comments
Additional Contributions:

Join the Discussion

  • Auto Tier
  • All
  • 1
  • 2
  • 3
Post Comment
  • idlethreat

    Hate "stories" like this. It's the internet equivalent of "something horrible in your home may kill you and everyone you love. More at 11". It's not providing information, it's stirring the pot, getting people worked up. It's also driving clicks to the website where they can post more ads and make more money from the news.

    That being said, I'd love for Steam to release a 2 factor authentication scheme for Stem accounts. Google has it, LastPass has it, they don't. Might make a good time for them to introduce it.

    • Rathenix

      Steam actually does offer two-factor authentication using a mobile phone app: https://support.steampowered.com/kb_article.php?ref=8625-WRAH-9030

      • idlethreat

        I stand corrected. Thanks for the link.

        That being said, the store page doesn't even mention 2 factor authentication, just 'keeping in touch with your friends!' as a feature.

        It's a little irritating that they have a whole separate application (which I have to run in emulation on my Blackberry) whereas Google and LastPass use HMAC, which works fine with third party authenticators.

        But in any case, thanks for the info. I'll install it later and check it out.

        • racerxonclar

          I'm not sure what you mean by "whole separate application". Steam Guard is built into the basic Steam mobile app... at least on Android. Top of the left sidemenu

          • idlethreat

            Auth services which use HMAC send a 'magic number' which you can punch into a HMAC-compliant auth application and the application will then start generating the time-based tokencode without further communication.

            For example, I use authomator on my BB to store 2-factor authentication profiles for my work google account, home google account, as well as lastpass. All from one application. Google's own Authenticator application can store other keys from other sites as well.

            From what I see, it looks like Steam has a dedicated application (the Steam Guard Mobile Authenticator). So, instead of opening up my one app and seeing all of my keys in one place, I have to run their application separately to get a key from it.

            But, this is all of 3 minutes of looking it over. It might be HMAC. But the support page didn't mention that.

            • racerxonclar

              Ah, ignorance on my part. I thought you were saying you had to have Steam on the phone and the authenticator was separate. I didn't know there was a 3rd party application that could handle these kind of authentications.

    • ima11

      the title was misleading and overdrawn, to say the least. +1.

  • FistfulOfStars

    Basically, the authentification process needed to change an account password could be bypassed by... simply ignoring it. Clicking "continue" without entering the password change verification code offered express access to the user's account.


Here are some other snaps you may like...