Shackpets | Available on iOS and Google Play Store

Valve announces Steam Guard security feature

A new Steam security feature will allow users to lock account management to one specific PC, if they have the right Intel system.

21

Valve today announced a new Steam security feature named Steam Guard, which can use a feature on new Intel processors to link their account management with one single PC. Attempts to change account details must be approved, stymieing would-be hijiackers.

Steam Guard requires a PC supporting Intel's Identity Protection Technology, which can be found in its new second-generation 'Sandy Bridge' Core processors. Built into the CPU, IPT generates a passcode every 30 seconds, which is used in conjunction with your regular login to provide an extra layer of security. It's the same principle as Blizzard's Battle.net Authenticator but a lot harder to lose.

Users will be able to authorise other PCs, and will be notified if someone on an authorised system attempts to log in or change their details.

"Account phishing and hijacking are our #1 support issues," Valve president Gabe Newell said in the announcement. "With Intel's IPT and Steam Guard, we've taken a big step towards giving customers the account security they need as they purchase more and more digital goods."

Steam Guard has been added to Valve's Steamworks suite for others to use too.

You'll also be able to amuse yourself by freely giving your login details to every phisher who messages you, pretending they work for Valve support and need to verify your password. Just imagine their little faces screwing up with rage. Brilliant.

Filed Under
From The Chatty
  • reply
    March 3, 2011 9:45 AM

    Comment on Valve announces Steam Guard security feature, by Alice O'Connor.

    • reply
      March 3, 2011 9:47 AM

      Cool.

    • reply
      March 3, 2011 9:49 AM

      I wonder how long it'll take to sweep down to the everyday PC user.

    • reply
      March 3, 2011 9:50 AM

      So I guess once you enable this, your account will only work on Sandy Bridge PCs? What happens if your management PC catches fire?

      • reply
        March 3, 2011 9:57 AM

        call valve and hopefully it'll be like windows activation calls with microsoft

        • reply
          March 3, 2011 10:16 AM

          call valve LOL

          • reply
            March 3, 2011 10:26 AM

            they're going to have to start having a service center for this, though

            • reply
              March 3, 2011 2:59 PM

              That'll be fun. I've already had plenty of "adventures" with Microsoft's call center calling me a thief because the workstation that had Office 2003 installed had its hard drive die, or the server running Windows Server 2003 isn't onsite so I can't "read the product key" (that last one was a combination of an OEM install, and a memory leak bug in the Windows product activation DLL; thank you, Microsoft, for jeopardizing a production server).

          • reply
            March 3, 2011 10:48 AM

            [deleted]

      • reply
        March 3, 2011 10:00 AM

        Good question. It would suck to be locked out of your own stuff due to hardware failure.

      • reply
        March 3, 2011 11:54 AM

        Is there only one "management PC" allowed though? That doesn't seem very Steam-like. I would imagine that any Sandy Bridge PC that you authorize could be used to authorize other Sandy Bridge PCs. So as long as all your authorized PC's don't suddenly explode at the same time, it wouldn't be a problem.

        • reply
          March 3, 2011 11:56 AM

          I'm just going by how the article was written. It sounds like there's only one management PC.

      • reply
        March 3, 2011 3:07 PM

        Kinda seems like it flies in the face of Steam Cloud, too. If you can only login from one pc then whats the point of having save games that "follow you everywhere"?

    • reply
      March 3, 2011 9:50 AM

      You'll also be able to amuse yourself by freely giving your login details to every phisher who messages you, pretending they work for Valve support and need to verify your password. Just imagine their little faces screwing up with rage. Brilliant.

      hehe

      • reply
        March 3, 2011 10:25 AM

        Then someone finds a vulnerability...

        hehe!

        • reply
          March 3, 2011 10:42 AM

          that was my thought exactly. the first, last, and best line of defense against account hijacking is the user. multi-factor authentication makes it harder for attackers, but keeping basic authentication details out of the hands of an attacker will do more for your security than all the extra layers in the world. that, and following best practices with your accounts like having strong passwords, not using the same passwords in multiple places, changing passwords regularly, not being an idiot, etc.

        • reply
          March 3, 2011 10:45 AM

          hehehehe :(

    • reply
      March 3, 2011 9:54 AM

      A mobile autheticator app for android/iphone would have been better.

    • reply
      March 3, 2011 10:16 AM

      I've given these a fair shot but they have to go. Ban shacknews.

    • reply
      March 3, 2011 10:46 AM

      So this is just to stop your passwords being changed?

      Because it sounds like people will still be able to steal an account and play the games on it (and get you VAC banned).

      • reply
        March 3, 2011 10:50 AM

        No, this would prevent them from logging into your account from an unauthorized PC even if they had your credentials.

    • reply
      March 3, 2011 10:48 AM

      this is a good idea but I also secretly laugh on the inside when people get phished.

    • reply
      March 3, 2011 10:50 AM

      I think the idea is good in theory, not so good in practice. How many steam users have a Sandy Bridge chip compared to those who don't and won't for a long time. So they spent all that R&D time to help maybe 2,500 users. Then those users are going to have issues based on the questions you guys are all asking.

      Time not well spent Valve. Where's my HL3?

      • reply
        March 3, 2011 11:57 AM

        Who had multi-monitor set-ups before they allowed weird resolutions? Or, for that matter, widescreen, when they added 16:10 to the 4:3 options? Are they going to just restrict it to the current Sandy Bridge implementation forever, never adding in an AMD alternative if AMD add a similar on-chip protection mechanism, never adding in the possibility of a more conventional authorisation applet a la Blizzard, or anything like that?

        It's a first step. Give them some credit. (But I wouldn't say no to Ep3/HL3.) (Also, my Post button seems to be sticky, so if this triple-posts, my bad.)

    • reply
      March 3, 2011 11:03 AM

      My single biggest computer-related fear is something happening to my Steam account, so I am all for this kind of thing.

    • reply
      March 3, 2011 11:31 AM

      So uhh.. What happens if you upgrade or your CPU dies? How are you supposed to reverify?

      • reply
        March 3, 2011 11:42 AM

        Well ideally you would take care of it before you replaced your CPU. And if your CPU dies lol almost impossible unless you suck at mounting your heatsink I would guess support would remove it if you verify your credit card credentials and such, although that I am unsure of.

        • reply
          March 3, 2011 3:19 PM

          This is true. CPUs don't really die unless you're messing about with overclocking without taking proper precautions or simply don't mount your heatsink correctly.

          No moving parts = pretty long lasting.

    • reply
      March 3, 2011 11:32 AM

      [deleted]

      • reply
        March 3, 2011 3:38 PM

        Protect yourself, with SSPPPOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOONNNNNNGUUUUUUUUUUUUUUUAAAAAAAAAAAAAAAAAAAAARRRRRRDDDDDDD

    • reply
      March 3, 2011 11:39 AM

      I don't know why steam is using this, but the intel RSA built in security is EXTREMELY useful for businesses.

      • reply
        March 3, 2011 11:52 AM

        Buying Thousands of dollars worth of games IS serious business.

    • reply
      March 3, 2011 3:23 PM

      To enable this Valve needs to reconfirm your username and password. To make it easier on shackers they said you can just reply to this thread with your steam login and password. To non valve employees it will just appear as *s. But to you and valve employees they will see your username and password.

      Here is mine: ********* / *********

      So make sure you post your username and password for increased security

      • reply
        March 3, 2011 3:33 PM

        wirelesscattle / 1Moooooon! OHNOES IT DIDN'T WORK

    • reply
      March 3, 2011 3:25 PM

      Steam should have an optional 2nd level authenticator just like blizzard offers :/

      I know logging in/out is rare, but its just one more step towards security

    • reply
      March 3, 2011 3:27 PM

      What about changing your account login email? I haven't had access to mine for a year or so :( Account is however verified on another email addy.

    • reply
      March 3, 2011 3:36 PM

      now let me change my username! :(

Hello, Meet Lola