If your account was phished, it’s due to poor security on your part. Nobody breaks into an account unless the owner leaked details of it. You willingly gave up your account details somewhere.


There is already plenty of security tools available, both on Steam and email platforms. I suggest you look into them and use them. Steam has zero control over third party services (such as email).

For my email, I have physical security keys, back up recoveries, 2FA via text / app, facial recognition, and more set up.

If you give away your home keys to the hobo behind the dumpster at BestBuy, its not Assa Abloy's fault your home got robbed.

You gave away your credentials, and a hijacker used those to change your account settings. If you want 'improved identification', STOP GIVING AWAY YOUR CREDENTIALS

Originally posted by Satoru:

If you give away your home keys to the hobo behind the dumpster at BestBuy, its not Assa Abloy's fault your home got robbed.

You gave away your credentials, and a hijacker used those to change your account settings. If you want 'improved identification', STOP GIVING AWAY YOUR CREDENTIALS

Why do you think, a IT-Security Manager should give away their credentials?

Originally posted by KuroInYourWiFi:

Originally posted by Satoru:

If you give away your home keys to the hobo behind the dumpster at BestBuy, its not Assa Abloy's fault your home got robbed.

You gave away your credentials, and a hijacker used those to change your account settings. If you want 'improved identification', STOP GIVING AWAY YOUR CREDENTIALS

Why do you think, a IT-Security Manager should give away their credentials?

What you do for a living doesn't matter.
You are still just as capable of giving away your login info as anyone else.

If you use any third party trade sites, then that's your security hole right there.
As all of those sites are scams.

I have never lost access to my account in 20+ years and that includes before Steam Guard Email and Steam Guard Mobile existed.

Accounts are PHISHED because the end user gave away all their account details.

The account name, the password and the KEY to the door, the Steam Guard Mobile code, or scanning the QR code or authorising via fingerprint giving them access to the account.

How? by either logging into a known scam site or sites, tailored malware on your PC, the vote for my team scam, you have a pending ban scam on Discord, free knife click the link etc.

How does Steam (a program) know it is not you when all the account details are correct? It doesn't, therefore any action taken on your account is seen as you doing said actions.

The alternative is not plausible:

1) Someone would have to "GUESS" your account name from "millions of possible combinations".

2) Next they would have to "GUESS" your password from "millions of possible combinations" and then match it to your account name with "millions of possible combinations".

3) And finally they would have to "GUESS" the Steam Guard Mobile code "which changes every 30 seconds" to match both your account name and password to then have access your account.

Originally posted by KuroInYourWiFi:

last weekend someone got into my Mail or Steam account and deactivated my Steam Guard by claiming my phone was broken to the Steam Support.

Sorry, I highly doubt that Steam Support would remove SteamGuard just like that.

Originally posted by KuroInYourWiFi:

someone got into my Mail or Steam account

If you don't even know if it were you email or Steam, why blame Steam, Valve have no control over your email account.

Originally posted by KuroInYourWiFi:

The way Steam is identifying the Identity seems to be unsafe the way it is happening now.

Steam security is fine, the weak link is the user. Phishing/malware not something Valve can protect you against, only common sense will do that.

Originally posted by KuroInYourWiFi:

Why do you think, a IT-Security Manager should give away their credentials?

You are an IT-Security manager? Sure...

You did something that gave your account credentials to bad actors. Not a problem with SteamGuard.
If it were a problem with SteamGuard, we would see the forums and media outlets flooded with people losing their accounts, guess what. We don't.

The day you accept your own mistake you'll learn not to repeat it.

BTW. Been here from the start, never got my account compromised.

Originally posted by KuroInYourWiFi:

The way Steam is identifying the Identity seems to be unsafe the way it is happening now.

The way Steam is identifying the user is pretty much run-of-the mill 2FA authetication, like everybody else is doing these days. They're not doing anything out of the ordinary credentials-wise.

But phishers gonna phish.

Originally posted by KuroInYourWiFi:

Why do you think, a IT-Security Manager should give away their credentials?

Oh boy, do I have horror stories about that.

Originally posted by KuroInYourWiFi:

Hello,

last weekend someone got into my Mail or Steam account and deactivated my Steam Guard by claiming my phone was broken to the Steam Support.

I changed my E-Mail and my Password to the Account and re-activated my Steamguard. I also freezed my Credit card and requested a new one but I am more than concerned about my data.

I wish a more improved way to identify it is really the account-owner requesting help in these cases. The way Steam is identifying the Identity seems to be unsafe the way it is happening now.

This can be happening in multiple ways imho.

When you give away the keys to your house, it doesn't matter how many locks you have on the door.

Originally posted by KuroInYourWiFi:

Originally posted by Satoru:

If you give away your home keys to the hobo behind the dumpster at BestBuy, its not Assa Abloy's fault your home got robbed.

You gave away your credentials, and a hijacker used those to change your account settings. If you want 'improved identification', STOP GIVING AWAY YOUR CREDENTIALS

Why do you think, a IT-Security Manager should give away their credentials?

You are far from the first IT professional to publicly admit in these forums that you are not very good at your job.