LOUNGE all new asksnapzu ideasforsnapzu newtribes interesting pics videos funny technology science technews gaming health history worldnews business web research entertainment food living internet socialmedia mobile space sports photography nature animals movies culture travel television finance music celebrities gadgets environment usa crime politics law money justice psychology security cars wtf art google books lifetips bigbrother women apple kids recipes whoa military privacy education facebook medicine computing wildlife design war drugs middleeast diet toplists economy fail violence humor africa microsoft parenting dogs canada neuroscience architecture religion advertising infographics sex journalism disaster software aviation relationships energy booze life japan ukraine newmovies nsa cannabis name Name of the tribe humanrights nasa cute weather gifs discoveries cops futurism football earth dataviz pets guns entrepreneurship fitness android extremeweather fashion insects india northamerica
+54 54 0
Published 3 years ago with 8 Comments
Additional Contributions:

Join the Discussion

  • Auto Tier
  • All
  • 1
  • 2
  • 3
Post Comment
  • idlethreat
    +17

    Hate "stories" like this. It's the internet equivalent of "something horrible in your home may kill you and everyone you love. More at 11". It's not providing information, it's stirring the pot, getting people worked up. It's also driving clicks to the website where they can post more ads and make more money from the news.

    That being said, I'd love for Steam to release a 2 factor authentication scheme for Stem accounts. Google has it, LastPass has it, they don't. Might make a good time for them to introduce it.

    • Rathenix
      +7

      Steam actually does offer two-factor authentication using a mobile phone app: https://support.steampowered.com/kb_article.php?ref=8625-WRAH-9030

      • idlethreat
        +5

        I stand corrected. Thanks for the link.

        That being said, the store page doesn't even mention 2 factor authentication, just 'keeping in touch with your friends!' as a feature.

        It's a little irritating that they have a whole separate application (which I have to run in emulation on my Blackberry) whereas Google and LastPass use HMAC, which works fine with third party authenticators.

        But in any case, thanks for the info. I'll install it later and check it out.

        • racerxonclar
          +2

          I'm not sure what you mean by "whole separate application". Steam Guard is built into the basic Steam mobile app... at least on Android. Top of the left sidemenu

          • idlethreat
            +4

            Auth services which use HMAC send a 'magic number' which you can punch into a HMAC-compliant auth application and the application will then start generating the time-based tokencode without further communication.

            For example, I use authomator on my BB to store 2-factor authentication profiles for my work google account, home google account, as well as lastpass. All from one application. Google's own Authenticator application can store other keys from other sites as well.

            From what I see, it looks like Steam has a dedicated application (the Steam Guard Mobile Authenticator). So, instead of opening up my one app and seeing all of my keys in one place, I have to run their application separately to get a key from it.

            But, this is all of 3 minutes of looking it over. It might be HMAC. But the support page didn't mention that.

            • racerxonclar
              +2

              Ah, ignorance on my part. I thought you were saying you had to have Steam on the phone and the authenticator was separate. I didn't know there was a 3rd party application that could handle these kind of authentications.

    • ima11
      +5

      the title was misleading and overdrawn, to say the least. +1.

  • FistfulOfStars
    +5

    Basically, the authentification process needed to change an account password could be bypassed by... simply ignoring it. Clicking "continue" without entering the password change verification code offered express access to the user's account.

    Oops!

Here are some other snaps you may like...