Valve announces Steam Guard security feature
A new Steam security feature will allow users to lock account management to one specific PC, if they have the right Intel system.
Valve today announced a new Steam security feature named Steam Guard, which can use a feature on new Intel processors to link their account management with one single PC. Attempts to change account details must be approved, stymieing would-be hijiackers.
Steam Guard requires a PC supporting Intel's Identity Protection Technology, which can be found in its new second-generation 'Sandy Bridge' Core processors. Built into the CPU, IPT generates a passcode every 30 seconds, which is used in conjunction with your regular login to provide an extra layer of security. It's the same principle as Blizzard's Battle.net Authenticator but a lot harder to lose.
Users will be able to authorise other PCs, and will be notified if someone on an authorised system attempts to log in or change their details.
"Account phishing and hijacking are our #1 support issues," Valve president Gabe Newell said in the announcement. "With Intel's IPT and Steam Guard, we've taken a big step towards giving customers the account security they need as they purchase more and more digital goods."
Steam Guard has been added to Valve's Steamworks suite for others to use too.
You'll also be able to amuse yourself by freely giving your login details to every phisher who messages you, pretending they work for Valve support and need to verify your password. Just imagine their little faces screwing up with rage. Brilliant.
-
Shacknews
replyComment on Valve announces Steam Guard security feature, by Alice O'Connor.
-
Cool.
-
I wonder how long it'll take to sweep down to the everyday PC user.
-
-
-
-
-
That'll be fun. I've already had plenty of "adventures" with Microsoft's call center calling me a thief because the workstation that had Office 2003 installed had its hard drive die, or the server running Windows Server 2003 isn't onsite so I can't "read the product key" (that last one was a combination of an OEM install, and a memory leak bug in the Windows product activation DLL; thank you, Microsoft, for jeopardizing a production server).
-
-
[deleted]
-
-
-
Is there only one "management PC" allowed though? That doesn't seem very Steam-like. I would imagine that any Sandy Bridge PC that you authorize could be used to authorize other Sandy Bridge PCs. So as long as all your authorized PC's don't suddenly explode at the same time, it wouldn't be a problem.
-
Kinda seems like it flies in the face of Steam Cloud, too. If you can only login from one pc then whats the point of having save games that "follow you everywhere"?
-
-
-
-
that was my thought exactly. the first, last, and best line of defense against account hijacking is the user. multi-factor authentication makes it harder for attackers, but keeping basic authentication details out of the hands of an attacker will do more for your security than all the extra layers in the world. that, and following best practices with your accounts like having strong passwords, not using the same passwords in multiple places, changing passwords regularly, not being an idiot, etc.
-
-
-
-
-
-
No, this would prevent them from logging into your account from an unauthorized PC even if they had your credentials.
-
-
-
I think the idea is good in theory, not so good in practice. How many steam users have a Sandy Bridge chip compared to those who don't and won't for a long time. So they spent all that R&D time to help maybe 2,500 users. Then those users are going to have issues based on the questions you guys are all asking.
Time not well spent Valve. Where's my HL3?-
Who had multi-monitor set-ups before they allowed weird resolutions? Or, for that matter, widescreen, when they added 16:10 to the 4:3 options? Are they going to just restrict it to the current Sandy Bridge implementation forever, never adding in an AMD alternative if AMD add a similar on-chip protection mechanism, never adding in the possibility of a more conventional authorisation applet a la Blizzard, or anything like that?
It's a first step. Give them some credit. (But I wouldn't say no to Ep3/HL3.) (Also, my Post button seems to be sticky, so if this triple-posts, my bad.)
-
-
My single biggest computer-related fear is something happening to my Steam account, so I am all for this kind of thing.
-
So uhh.. What happens if you upgrade or your CPU dies? How are you supposed to reverify?
-
-
This is true. CPUs don't really die unless you're messing about with overclocking without taking proper precautions or simply don't mount your heatsink correctly.
No moving parts = pretty long lasting.
-
-
-
[deleted]
-
-
To enable this Valve needs to reconfirm your username and password. To make it easier on shackers they said you can just reply to this thread with your steam login and password. To non valve employees it will just appear as *s. But to you and valve employees they will see your username and password.
Here is mine: ********* / *********
So make sure you post your username and password for increased security -
-
You can change the email address it is associated with, just not the login name. https://support.steampowered.com/kb_article.php?ref=3176-RTKC-3810
If you signed up before you could pick your name, that "address" doesn't matter, that login name can't change, but it is not directly tied to the confirmation email address.
-
-
-
[deleted]
-
-
