1. Would require changing of the database backend, which valve has said would require more work than they want to invest anytime in the near future.

2. Linking is done on the 3rd party side, not valve's. All connections must thus be managed by the 3rd party, not steam.

Originally posted by Kamikaze:

I'd like to propose two key security improvements for Steam. I believe these changes are both necessary and feasible, and they would give users more control and peace of mind.

---

1. A Secure and Bureaucratic Username Change

Many users want to change their login name for various reasons, from personal privacy to security. A permanent username makes accounts vulnerable if that name is leaked in a third-party data breach.
I propose a system that allows username changes with a strict, bureaucratic process to prevent abuse:

---

    
1. 1-Month Pending Period: After a user initiates a username change (e.g., from goku123 to vegeta123), the new name would only become active after a 30-day waiting period. This gives the original owner ample time to revert the change if their account was compromised.
   
       
2. Email and Mobile Notifications: A notification would be sent to the original email address on file, even if a hacker has changed it. A critical approval prompt would also appear on the Steam Guard app, giving the rightful owner the final say.
   
       
3. Limited Changes: The username could only be changed once per year. An exception would be made for verified hacking incidents, allowing an emergency change within that year.
   
   
4. Steam ID Remains: The account’s permanent Steam ID would remain unchanged, ensuring all links and friends lists continue to function normally.

---

2. Centralized Third-Party Permissions Management

Users often connect their Steam accounts to various third-party sites for trading or game tools. Over time, they may forget about these connections, which can pose a security risk.
I propose a centralized hub in Steam's security settings where users can see and manage all these connections:

    
1. Full Transparency: A single page would display every site and application with access to your account data.
   
       
2. Instant Control: Users could instantly revoke access with a single click, providing a powerful defense against potential threats.
   
       
3. Peace of Mind: This would allow users to easily clean up old, unused connections, reducing their digital footprint and minimizing their exposure to risk.

Together, these two features would empower Steam users to proactively manage their account security, making the platform both safer and more user-friendly.

---

The Steam Log In username is not known to anyone except the User.... It can not be hacked from the steam servers in anyway. The user is 100% responsible for the security of their steam account, per the SSA / TOS that the user agreed to. No one else is ever to know this log in username. If someone else knows it, that is on the account owner.

Steam already provides way more then needed security for user accounts.

Simple, do not give away your account info.....

1. Username change has been asked since forever. Steam doesn't seem interested the slightest in it, in a good portion because of years ot technical debt and spaguetti code.

2. Third party permissions are not handled by Steam, but by the third party.

Originally posted by Tito Shivan:

1. Username change has been asked since forever. Steam doesn't seem interested the slightest in it, in a good portion because of years ot technical debt and spaguetti code.

2. Third party permissions are not handled by Steam, but by the third party.

It's deplorable that Valve, that's allegedly sitting on billions, isn't willing properly develop an industry leading platfrom even though their entire model rests on it. They got lazy IMO.

Originally posted by ⓢⓔⓇⓘⓊⓢ_ⓢⓘⓂ:

Originally posted by Tito Shivan:

1. Username change has been asked since forever. Steam doesn't seem interested the slightest in it, in a good portion because of years ot technical debt and spaguetti code.

2. Third party permissions are not handled by Steam, but by the third party.

It's deplorable that Valve, that's allegedly sitting on billions, isn't willing properly develop an industry leading platfrom even though their entire model rests on it. They got lazy IMO.

Not really, #1 presents massive security flaws, and with 2fa knowing a user name is useless. So it's just too much risk for no reward, basic business logic

As for #2 it has nothing to do with steam, they don't save the links so they can't manage them.

Security suggestions should be taken from hired employees who are experts in this field, not random people on the internet

I've had the same username for almost nearly 22 years, now surely if there was a problem with security and a permanent username then I would have fallen foul to it by now... I wonder why I haven't...

Sony tried an account name change on the PS4 but it came with caveats. Not all earned trophies would be present for all games. Bloodborne was one example. PS3 and PS Vita trophies were fully lost for those who had those systems, which i did and still do. How do i know? I was a beta tester. Thankfully it was reversible.

As for Steam your account name is tied to many things which have being added over the years. Imagine what would happen if Valve screws it up and it is not reversible. Is it worth the risk? Obviously not and why it is not an option. Note: Some claim to have had their account name changed, none have proven it.

Trading on 3rd party sites is no different than giving the person the keys to your front door and saying "take what you want".

As for account linking and unlinking it is all done on the other side. You are linking your Steam account from them, not vice, versa. There is no record of it on Steam because it was not done on Steam.

Example EA:

Understanding the EA Account Ecosystem

Your EA account serves as a central hub for all things Electronic Arts. It’s your passport to their games, services like EA Play, and community features. Think of it as your digital identity within the EA universe. But here’s the kicker: while you can use the same EA account across platforms, there are limitations to what crosses over.

Linking is Key, but Not Infinitely Flexible

The first crucial step is linking your EA account to your platform accounts (PlayStation Network ID, Xbox Gamertag, Steam account, etc.). This connection is what allows you to access EA games and services on those platforms using your single EA identity. However, there’s a big caveat: an EA Account can only have one account per platform linked at a time. This means you can’t link one EA Account to two PlayStation Network IDs or two Xbox Gamertags.

Note: I have being using Steam for 20+ years (18 Nov 2004) and have never lost access to my account and that includes before Steam Guard Email and Steam Guard Mobile existed. To get on my account you need me to give you all my account details and authorise the log in.

I have also never lost access to my Ubisoft, EA, Blizzard, CDPR, GOG, Rockstar accounts. and just like Steam i have to literally give you my account details and authorise the log in.

You are responsible for your account security and not allowing it to be compromised.

You are responsible for keeping track of which other PC accounts you linked to Steam and the details attached to them.