- cross-posted to:
- steam@lemmy.ml
- steamdeck@sopuli.xyz
- steam@lemmy.world
- cross-posted to:
- steam@lemmy.ml
- steamdeck@sopuli.xyz
- steam@lemmy.world
You must log in or register to comment.
Two factor auth clan
TL;DR
We have examined the leak sample and have determined this was NOT a breach of Steam systems.
You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at https://store.steampowered.com/account/authorizeddevices
thank fuck
I would really like to auth my steam account with a normal TOTP app.
I know you can extract the TOTP from Steam authenticator but there’s risk involved with it.
what risk?
Doing it wrong and losing access.
Can you fallback to email pin if you lose your steam authenticator?
Yes, you can reset to email in case you break your phone or something. It’s one of the account recovery options.
Some logins now require an interactive prompt in the app instead of a TOTP code though. I see them when my IP address changes due to VPN endpoints lately.
i’ve yet to see an mfa that is as usable and streamlined as steam’s
changed my pw anyway. i don’t know, and don’t really want to know how much money i’ve got sunk into my acct, but it’s a lot
This is why on steam I don’t store my credit card information, nor on basically any other site that I can get away with it.
Yeah it is a pain in the ass for the times I want to buy something, having to put it the card details every single time, but it’s worth my peace of mind if a breach happens. By this point I have memorized my card numbers so it’s not too awful of a pendantic habit now.
Just accidentally memorize it from having to manually pay a bunch of bills online in a short span!
It’s a credit card, you can dispute charges and will likely get a refund.
I’ve done it a few times for different reasons.
So have I, but weigh that against the hassle of needing to call and be on hold and so on. Let alone the additional burden of knowing I have to stay on top of checking my statements for fraudulent charges
I’d rather avoid all that by never letting it grow to be a problem
I’ve always done it on the app, no phone call or chat. But regardless, it’s not like it’s going to happen. I have my cc info (and throwaway cards like privacy.com) in several websites and nothing like this ever happened. All times I’ve requested a refund was due to the service/product not being what was promised, not due to a data leak. The convenience definitely beats the risk.
i use privacy.com with a virtual card with a vendor lock and max limit. it also helps remind me when I’m spending too much there … 😂
Yeah, but you lose out on credit card rewards, aka free money, going that route.
I’ve used them a couple times where my privacy was worth more, and once where I didn’t want a company having a card to put recurring charges on
Technically it costs money even if their fees are forgettable.
So far it either sounds like they are replaying the message, or it’s just a (partial) list of numbers that used steam. Might be good for targeting, but that is about it. They would have to know the associated account to do any intercept attacks.
