News 77,000 Steam accounts hijacked each month, says Valve

With 75million "active" accounts that's only 0.1% affected, and would take just over 81 years for every account to be done-over...

 

Have I mistakenly assumed i was using 2FA? When logging into Steam from a new device they email me a code that i have to enter, i thought that was 2FA but having read this article it's got me doubting how secure my account is.

 

Do Steam have investors? I thought they were a wholly private company?

 

Valve's refusal to use an existing 2FA platform like Google/Microsoft Authenticator has left Windows Phone users like myself at a distinct disadvantage in this regard. Very frustrating.

 

Valve is privately owned. There are no investors to impress. It would just be owners impressing themselves.

Nope, that's 2FA. It is much easier however for a person to hijack two accounts (esp. if you're a dummy who uses the same password) than it is for them to gain physical access to your phone.

Yeah. That's the part I hate. They assume everyone has either iOS or Android, or they know the market share for "everything else" is that they just don't care. That hurts Windows phone and anyone else from being able to compete.

 

Ha. now try being Meego/Mer user. No support from anyone.

 

Thanks for clarifying that, i don't have a smart phone (I'm a luddite when it comes to phones) so the two-step verification is the best I'm gona get, not that there's much value in my Steam account.

 

Yes, sure. 2FA. For people with Apple/Android phones.

 

just make sure you have 2FA login enabled on your google or outlook/hotmail account (use sms way if you don't have a smartphone)

 

I had an attempt on my account last week, some cheeky chap in Minsk supposedly. Luckily I'd initiated the email verification system for new devices, but I will install the mobile app today.

I don't save my payment details in Steam anymore, buy I still don't want to risk access to all my juicy backlog.

 

I don't see the point in this personally, it's great for people who want to secure their steam account further, but personally; i've already got two-factor authentication on my email, and Steam needs two step verification before anything new can log in anyhow, so i've already got two factor authentication, in a roundabout way.

None of this, as far as I'm aware, protects against someone maliciously gaining access to the machine and running off with the steam .blob file, however, as that can supposedly allow any other machine to bypass the two-step verification, as it causes steam to treat it as if it were an already authenticated machine, just logging back in from another location, rather than a new device.

 

Anyone that can gain physical access to a system has all power necessary over that system or anything on it anyway. There are ways to minimise physical exposure (encrypted disks, passworded BIOS/boot, locking the case with fancy screws) but anyone determined enough can get around that with enough time/effort.

 

If someone can make off with your steam .blob file you probably have more to worry about than just your Steam account.

 

What? They still make games like that? Where do you find those?

 

I like that quote "These are not new or naïve users; these are professional CS:GO players, reddit contributors..."

Uhm.. yeah those are probably all geniuses then eh, right. reddit contributors..

 

When steam asked me for my cell phone number I was also 'get the hell out of here'
And apart from me not wanting all that crap in itself I also wonder if people having more and more info on a system is a smart move, the more info there is the more attractive it becomes to hack and the more devastating to the victim if a hack succeeds.