Is Valve responsible for creating a more secure network?
I feel safe right now with web protection and mobile protection tbh
Comment has been collapsed.
The fact that so many people are being scammed had me worried, but at the same time I agree with you.
Comment has been collapsed.
But it dosent mean people just watch, walk around and do not help to young or to people with low experience. Why you think that everyone must know everything? What if noone teach you to use a computer or corny to read and write? It make you stupid?
Comment has been collapsed.
Yeah, I had to deal with some scammers too. People have to ask someone to explain how does it work with trades and how to protect themselves first.
Comment has been collapsed.
People will just moan for having to provide a phone number to verify you're a real fucking person. They're already fucking butthurt on the need of having an authenticator (which you can emulate on windows)
Comment has been collapsed.
It's the fact that you can emulate it that makes it so weird- it ends up not doing anything an e-mail couldn't. The real important part is that initial SMS verification (which any phone can do, and you don't need a smartphone for), and that goes through either way.
So in the end, it seems like completely needless hassle for steam users;
But if you can offer insights as to why that component is legitimately more beneficial, by all means. :)
(Is the concern that e-mails are less secure and more easily hacked?)
Though, as far as the butt-hurt bit goes, I think once you actually realize it can be emulated, most people having issues no longer really are too concerned; certainly that was how it was in my case. Not really a notable hassle, once you get it figured out.
Comment has been collapsed.
Why don't they send the SMS to the owners real mobile number?
Then at least they'll have slightly better security in terms of authentication using the emulator.
Comment has been collapsed.
:scratches head:
You still have to get the SMS to your real phone, emulator or no.
As noted, the SMS goes through either way, and that's the only "real" security element, unless there's a reason to believe that emails can be easily compromised.
Honestly, I get the suspicion most of Valve's security features are to stop people from being excessively stupid, than to provide actual mechanical security elements.
Comment has been collapsed.
Haha, I like that, "excessively stupid."
At the end of the day, Valve also loses if an account is hacked and that person no longer wishes to return to Steam. Not sure I'd want to start from scratch, but then again, where do we get most of our games from.
Comment has been collapsed.
I hacked my own email once because I had forgotten my password. And that was only possible because I did not have 2-step verification enabled. So yeah, I'd say emails are less secure.
Comment has been collapsed.
That's a matter of fact, and wasn't being argued.
I asked if the fact that they ARE so, is the concern- since, regardless of their security, they really shouldn't be at risk unless Steam or its users are actually giving the e-mails out to the crackers.
Hence my making this comment:
Honestly, I get the suspicion most of Valve's security features are to stop people from being excessively stupid, than to provide actual mechanical security elements.
Comment has been collapsed.
Didn't emails leak a while ago during that cache error? Even if someone had your phone number, there is nothing they could do unless they physically get to it.
Comment has been collapsed.
unless Steam or its users are actually giving the e-mails out to the crackers
:P
Well, their handling of that matter was abysmal, no doubt.
That aside, you can utilize basically the exact same approach, but lower the number of prompts sent, and offer an alternative method of confirmation to users without smartphone app access.
As an example: You put up a trade. Steam sends a confirmation code to your phone or app, as your settings indicate you wish. You type that code in, you get unrestricted access for the next 15 minutes or 2 minutes past last trade [meaning you can keep trading past the 15 minute mark so long as you're doing it steadily].
If selling a high value item, you get another prompt,
Likewise, if someone is accessing your account from an unfamiliar IP? Also a prompt.
Bam, more convenient for all users, but with far less annoyance to all users.
Am I missing a reason that that approach is not more desirable?
Comment has been collapsed.
Why limit it to Steam? I mean what if a RL friend comes over and steals your stuff.. nope.. avoid them all!
Comment has been collapsed.
Damn straight. No joke since marriage, i actually have a small number of RL friends. Since most of my good friends from school got married and moved away as well. And they don't play video games.. So fuck em.
Comment has been collapsed.
Must say, I've heard of people who's friends steal stuff from them and just often backstab you.
Why be friends with crazy people like that!?
Ah people, what we gonna do with you.
Comment has been collapsed.
Why be friends with crazy people like that!?
As if they make friend with these types of people on purpose?
Comment has been collapsed.
It's hard to know, especially at the beginning.
But learning from a mistake may be a little too late, but sometimes it's the only way to know.
Lots of people are just downright dubious.
Comment has been collapsed.
That is my point though,you can not walk around the earth thinking everyone is good and honest.If you fail to plan you plan to fail.Also if your going to run a site like this,would you not learn from others and check into issues that maycome up before you do it?Seems to me like they jumped without opening parachute and when things got serious they decided to open it.
I mean i get it they made a mistake and they are trying to fix that we all can and will do that,no way around that.I am just saying it does not take some sort of genius to figure out that people will abuse this.
I mean i did not need someone to tell me when i joined steam there would be scammers and such,i knew that before i even signed up.Every site has people who try and scam or other wise dupe you into something.Being on the internet is 10x worse then being offline as it is filled with 10x as many idiots and dishonest people.
Comment has been collapsed.
There's the same number of idiots offline and online. It's just easier or more common to encounter them online than in real life. Well except for that coworker/classmate of yours, you have to meet with him everyday. It's just that online everyday you meet with a new one or a few new ones if you're (un)lucky.
Comment has been collapsed.
Yeah i wish i could agree with that...but the problem i have with agreeing is that i have run into 10x more idiots online then i have offline.
But when you join a site or forum of this size or like Steam...you will meet 10x more people then you would in person playing games and so forth.
Now i get it there are just as many online as there is off line as those same idiots who are online live offline.Still does not change the fact on internet you will run into them a lot more often.Unless your just spending most of the time not socializing.
Comment has been collapsed.
SteamGuard, and I don't do trades.
Also, many of these people install shady apps or extensions.
Comment has been collapsed.
I don't trust Steam extensions and in-game mods.
Especially seeing the amount of people getting VAC bans.
Comment has been collapsed.
thats a big point. valve increases the security standard from time to time.
The problem is the user, which uses steam to login into hundrets of third party accounts..
Comment has been collapsed.
what if it's just a conspiracy involving valve, just deletin acc's and telling all around they've been hacked... Or even worse all the fake acc's are just valve staff to be able to hack peopls acc's so they hav to buy the games again after losing their acc's O_o
Comment has been collapsed.
That would be a curious situation.
I'd like to think there are a number of audits conducted regularly to prevent that.
Maybe I'm just naive.
Comment has been collapsed.
Valve created a system with Steam Guard and Steam Mobile Authentificator that is save. I mean most people are just dumb clicking on links from people they dont know. Everyone should know about scamming and the tricks, but everyone think hes smarter than others... I read about people arguing against the Mobile Authentificator because you have to authorize every market action. It took me 3 seconds for every action. I can do it whereever I am but others call it bullshit. Dont understand that at all
Comment has been collapsed.
The only weak point of the current system is that people who have WinPhones have to use a Desktop Authenticator which isn't as secure of an option as keeping the authentication on another device. Wish they would address that, I would gladly up my security by that additional bit.
Comment has been collapsed.
Including "everyone" in such a broad statement isn't factual.
I mean, people still think the Nigerian King will send them some money. :)
Comment has been collapsed.
It's safe enough in my opinion, people getting scammed on Steam will get scammed in the rest of the internet aswell. They just need to learn some trigger discipline with that mouse and grab a healthy dose of paranoia when it comes to strangers on the internet, especially when they send random links.
Comment has been collapsed.
I expect them to do 30 day holdings unless you buy the Steam Phone at $99.99. People are still getting scammed on smart phones.
Comment has been collapsed.
People that are getting scammed usually have themselves to blame. Stop clicking on links from random sources and stop making trade deals that are too good to be true, and most of the "scamming" goes away.
Comment has been collapsed.
77,000 accounts are hacked on a monthly basis. Jezus.
Because of those dumbasses i can't just sell my cards instantly anymore without an authenticator.
Comment has been collapsed.
That's only 0.06 of estimated Steam base, but still a lot.
But, yeah, a few idiots, either the scammer or scammee, ruin it for everyone.
Comment has been collapsed.
Steam Guard/Authentificator protects against the hacking so I fully support that (though give us a grace period please!).
Unfortunately it doesn't stop all the scamming where Valve cannot intervene. Steam has so many users, and loads are young, so there will always be marks.
Comment has been collapsed.
most hacked account owners are stupid or children.
Comment has been collapsed.
What's so shocking about it? That's barely reaching 0.06% if we count the active accounts, and most of the hacked accounts are abandoned/alt/fake/community banned/VAC banned ones in the first place. At this rate, it would take over a century to even get close to hacking all possible accounts if nobody ever opens another new account from now on. Just to compare: over 30k web pages are hacked/taken over daily.
Comment has been collapsed.
Yeah, I did a quick check earlier, after posting, and there are 125m users, so the percentage is quite small.
But still, that amount of "stupid" people could fill a stadium. :O
Comment has been collapsed.
Stupid people fill up much larger stadiums all the time. (Just look at the NASCAR race viewer rates.) Or even larger squares (just look at the crowd at any populist politician's speech).
Also, as I said, much of these are accounts that were abandoned or forgotten ages ago. Sure, there are many naive and/or stupid people out there, and kids were always easy to trick (especially since on the internet they cannot even learn the basics of how to spot a person with not really nice intents), but that number isn't scary at all. To put it to perspective: almost as many people are murdered monthly as Steam accounts getting hijacked. Somehow this latter number concerns me a bit more than some stupid kid not being able to play CS:GO for a week.
Comment has been collapsed.
What I love about the Internet...ability to take someone's comment and make it more awesome...referring to the NASCAR point. :D
That last statement is worrisome...any amount of people being murdered is one too many. Unless you're convicted or the one causing your own death or...let me not go down that path in this discussion. But you're right in feeling concerned about it.
Comment has been collapsed.
That only sounds like a lot on an absolute scale. On a daily basis, Steam hits a peak of almost 13,000,000 users. 77,000, a monthly figure, is barely over one half of one percent of that daily figure. Put more simply, nearly 500 times as many people log into Steam every day as get scammed in an entire month. The real issue here is that they're being cheap and not wanting to spend money on customer service, an area in which they already spend too little, as evidenced by their legendarily poor service.
Comment has been collapsed.
I agree that the percentage is very small, but those are still users, however ignorant or stupid they may be.
I take it in the last sentence you're referring to Valve as being cheap...which is sort of a shot in the foot, but only until someone else starts dominating the market. Until that happens, I don't see Steam offering revolutionary services in the near future...I mean, they only recently released the discounted bundle if you already own some of the games.
Comment has been collapsed.
77000 a month, that's around a million a year.
We have no number of really active steam users - while Steam says "there's 120 million accounts", SteamSpy said only a bit over 20 million steam accounts has more than 4 games. Add smurf accounts and idle accounts and suddenly we're probably talking about like 50 millions Steam Users.
Which means 2% of them lost access to their account last year.
Comment has been collapsed.
No, please just.. Don't.. I've already lost my ability to trade stuff and sell stuff on the market (since I refuse to use the mobile authenticator or wait that long to trade/sell stuff), I don't want to lose my ability to even play my games just because they decide to force people to use some mobile authenticator just to logg in and play your games.
I'd say that if the hacked people are foolish enough to click on such suspicious links they can only blame themselves.
Comment has been collapsed.
Shhhh, don't mention that idea, Valve employees maybe lurking the forums. ;)
Comment has been collapsed.
I can totally see it: use the mobile authenticator to log on to VAC protected games or forget them.
The Chinese Triads would get dirty rich on illegal Android phone smuggling to Russia in that case.
Comment has been collapsed.
valve cant do jack about naive users, thats why with their recent actions they only try to reduce the damage you can do with the stolen accounts.
Comment has been collapsed.
I wonder if there's ever been a case whereby Valve compensates if a users account was hacked and Valve, in fact, are to blame?
I mean, the banks do a good job of nabbing scammers and refund your account for fraud related activity within the week.
Comment has been collapsed.
It all depends how they approach it. A lot of it is simply people falling for social engineering which isn't something valve than actually act against...
Comment has been collapsed.
mobile protection make me more comfort right now ^^
Comment has been collapsed.
Strange how people learn to accept changes once they know the reasoning behind it...Valve PR needs to communicate better, and the engineers need to come up with better solutions.
Comment has been collapsed.
yeah i agree with you about many better solutions, but i think we need to be careful too because about the security of our account is our responsibility also
Comment has been collapsed.
First line of defense is on Steam, since we signed up to their service. But there will always be holes I understand.
Second, is on us to be more secure, yes. Clicking anything is just stupid, but I imagine it often gets more complicated.
Comment has been collapsed.
They came up with better solutions: even longer escrow period for anyone without the authenticator.
Sure, porting it to other operating systems would also mean that more users could actually install the damn thing, but modifying two characters in the code was a lot more easier than actually spending gasp money on software development.
Comment has been collapsed.
You might want to add the blog post to the OP https://securelist.com/blog/research/74137/all-your-creds-are-belong-to-us/
Among other things, It details information about:
- Current Trends of the malwares
- Percentage of infected users per country
- Valve's counter-measures.
Yeah, valve has the responsibility of combating it.
Has valve ever said something about these gambling sites? It's like they're turning a blind eye about this.
(Do you think the new Trade / Market restriction is related to it?)
Comment has been collapsed.
Well, depends: breaking their backs to make sure that all these gambling sites are unobstructed as each new security feature comes out but whitelists their bots counts as what? Even though these sites are supposed be against Steam ToS, they are sure as hell really keen on making sure nothing distracts their operations. And I'm totally 100% sure that it's not because valve takes a huge chunk of all the market transactions that CS:GO and TF2 items generate.
Comment has been collapsed.
Yeah...just like grey market keys, these issues will stay untouched.
Comment has been collapsed.
Thanks for the link, added it above.
Often its bad PR to admit to security breaks, but people want the truth. May not always be good for them.
I'm sure the restriction in some part has to do with fraud, why else would they make it more difficult to sell anything.
Comment has been collapsed.
I'm not going to say that Valve is necessarily responsible, because they can't force users to not be stupid. I had a friend who had his account hijacked; nothing of value was lost and he got it back but he called me that day super upset because he realized he made a stupid mistake a minute too late and was too slow fixing things. Likewise, methods malware uses to hijack accounts can be blocked but ultimately without getting users to stop stumbling upon malware it's not an issue.
That said, I really do not like mobile authentication for Steam because it excludes Windows Phone. While Windows Phone has only about 2% market share (including me T_T) it's still a significant number of users when you consider how huge Steam is. I use BlueStacks which offers only part of the security benefit since you could just boot it up from my computer if you had physical access and now I can't access my account without access to my primary computer (so if I wanted to log in at a friend's place if I didn't have my laptop, I couldn't). It's a good security move, but one that also needs to be more inclusive before launch and one that could be implemented with SMS without losing viability; likewise, confirming trades punishes all users (SINCE YOU HAVE TO CONFIRM EVERY SINGLE CARD SALE) and that doesn't make anyone happy.
Comment has been collapsed.
Fun fact: a lot more Windows Phones are sold monthly than accounts hijacked on Steam.
Priorities: focusing on that 77k instead of that other few hundred thousand
Comment has been collapsed.
Many valid points there.
In some aspects, you can force people to be less stupid, by blocking certain aspects, like outgoing links. But then you step on someone else's tale while doing so. There's never a perfect solution, for users, idiots, or scammers.
I wonder if they even thought about Windows Phone before coming up with the solution and implementing it.
Comment has been collapsed.
I don't think many companies/service/whatever-they-are-called consider windows phone.
Most (companies/service/whatever they are called) say "Download our mobile app!"
But it will only be available on Android and maybe iOS, but very rarely on Windows (Phone)
Comment has been collapsed.
Interestingly, even BlackBerry switched to using Android. And some of the older BB10 phones support Android APK installs.
Poor Windows guys, maybe they should look at implementing the same.
Comment has been collapsed.
Ya, have known this number for a while now.
http://store.steampowered.com/news/19618/
http://www.vg247.com/2015/12/10/steam-hacking/
The biggest issues are...
125 to 300 million accounts
8 to 9 million active at any one point in the day (though above someone mentioned 13 million so its more then likely gone up)
and only 300 to 400 people total who work for Valve (of which something like half of them don't do any kind of support work at all).
Even with just 77,000 accounts being hijacked every month thats an over whelming number. This is why support tickets take so long.
Comment has been collapsed.
If 400 people attend to just the accounts being hacked, it may take a month just for that, can't imagine general queries added on top of that. I feel eventually Steam users will have enough, but have to wait for a better alternative. Gamers being held hostage by the system.
Comment has been collapsed.
i feel safer now than i have to confirm every $0.05 card i sell on the market. i was afraid someone would hack my account and just put everything on sale. my cardz are safe now! ;_;
thanks valve for the super awesome security measures. not that it will make everyone install a 3rd party tool on the same pc that steam is to autoconfirm transactions. no way. that would be super insecure. at least valve thought about this and only made it for ios/android phones, because everyone owns those.
brb, need to confirm 3000 cards, see you next week
Comment has been collapsed.
Valve has us by the nuts.
Anything they want to do we have no say against it.
We can only hope that someone there is a real gamer and attempting to bring something good to the masses.
Or they'll just get fired. ;)
Comment has been collapsed.
Or GOG hopefully grows up enough to get real market share. Along with Origin. (Don't laugh: the way things are now, I trust EA and its Origin platform more than Valve and Steam…)
Comment has been collapsed.
I like Origin. It works great, I just wish it had more community-related features like Steam.
Comment has been collapsed.
Frankly, I think one of the reasons it works great is that it lacks community features. No chance for the user base to turn toxic.
GOG has its forums and reviews, sure, but I'd say that if they reached the same size of user base, it would also bring the same shithead idiots Steam started to attract years ago.
Comment has been collapsed.
I did laugh a little at the Origin part, but I do agree with you also.
Was hoping GOG would cater for more of my games, but then also starting from afresh may be too much.
I signed up with GOG in the beta phase, but haven't used them again since I became more active on SG.
Comment has been collapsed.
While I'm sure many people are aware of people's accounts being hacked, and even getting invites from anonymous, private accounts that claim to be someone random you may know and forwards you some link based on a false story of some sort.
But, what shocked me was the fact that 77,000 accounts are hacked on a monthly basis.
Here's an article from Kaspersky on some of the stats: Steam Stealers Target Thousands of Gamer Accounts
That's an insanely large amount of accounts on a regular basis, maybe a few repeat victims, but still large.
It makes more sense to me that Valve are pushing the whole Steam Guard confirmations now, although not carried out in the most ideal manner.
What are your thoughts on this, and whether Valve has the responsibility to do more to combat such high levels of fraud?
Edit: Can't edit the Poll typo. ( ͠°_ °)
Edit: More info from batler0...All your creds are belong to us
Comment has been collapsed.