Kevin the Chicken God Posted January 21, 2018 Share Posted January 21, 2018 I recently lost my phone and got a new one, which I had to re-download steam onto. Steam forced me to use mobile authentication first, which I couldnt because it would've come through on the app I was trying to access. It then made me use a code sent to the phone number I set up on my other phone #. Problem is I can't access this number for a few months, and to change my phone number within steam I would need to completely get rid of steam authentication and fuck up my account. I was wondering if there were any workarounds to this? Link to comment Share on other sites More sharing options...
Axle Change Posted January 21, 2018 Share Posted January 21, 2018 Nope. If you lose your phone and don't have access to secrets you're fucked, have to tank the trade ban. Also the other thing is if someone finds your phone and it still logged in theoretically they could trade all your items from it (assuming you don't have a passlock). Anyway just my two cents on why 2fa is stupid-- you're just off-shifting the weakest link and assuming phone security is better Link to comment Share on other sites More sharing options...
AwesomeMcCoolName Posted January 21, 2018 Share Posted January 21, 2018 2 hours ago, Axle Change said: Nope. If you lose your phone and don't have access to secrets you're fucked, have to tank the trade ban. Also the other thing is if someone finds your phone and it still logged in theoretically they could trade all your items from it (assuming you don't have a passlock). Anyway just my two cents on why 2fa is stupid-- you're just off-shifting the weakest link and assuming phone security is better Well, the likelihood that someone steals my phone and guesses my passcode within ten attempts and before I'm able to disable the phone is orders of magnitude less likely than the odds of someone hacking my steam account. Of course it's not perfect, but 2FA is far from stupid, and is far better than anything else. Link to comment Share on other sites More sharing options...
Axle Change Posted January 21, 2018 Share Posted January 21, 2018 8 minutes ago, AwesomeMcCoolName said: Well, the likelihood that someone steals my phone and guesses my passcode within ten attempts and before I'm able to disable the phone is orders of magnitude less likely than the odds of someone hacking my steam account. Of course it's not perfect, but 2FA is far from stupid, and is far better than anything else. It’s not about someone stealing your phone it’s about someone hacking your phone. If someone has access to your phone they can trade any of your items since they can just do the confirmations on the phone itself. So the only reason it is at all more secure is because phones are less likely to be hacked than computers, mainly because computer security is a joke in general. Of course, it’s not just steam that does this but you get the idea. Link to comment Share on other sites More sharing options...
Kevin the Chicken God Posted January 22, 2018 Author Share Posted January 22, 2018 1 hour ago, AwesomeMcCoolName said: Well, the likelihood that someone steals my phone and guesses my passcode within ten attempts and before I'm able to disable the phone is orders of magnitude less likely than the odds of someone hacking my steam account. Of course it's not perfect, but 2FA is far from stupid, and is far better than anything else. II'm fine with 2-step authentication, but it's clear that they only care about one of the two steps. They have a verified email address, my account information, and my tax information. Yet when I try to change the phone number, which is something I changed not from losing my phone but just from moving countries (but didn't change because I never sent codes via SMS and never knew that was something I should worry about, these are the options when I go to change it: 1. have old phone or have access to steam app 2. have access to steam app 3. use email to gain access to a page to remove steam authentication from your phone which requires a code given... through the app 4. provide my old phone number, the email I'm using that I already confirmed a step ago, and a description of my issue in a fucking steam support ticket They have all this information I've given them but for some reason the only thing I can use to confirm that I am myself is my phone, even though I'm trying to change the number. It's ridiculous how much more they value mobile authentication. If someone found my phone, got into it, for some reason went to steam, they would have been able to send and confirm trade offers before I de-authorized it. They treat their service like they're a bank yet the only information they're protecting is that given to them to help them protect their users. Regardless, we don't really need to get into the effectiveness of different method of security, I'll just bite the bullet on this one. Link to comment Share on other sites More sharing options...
AwesomeMcCoolName Posted January 22, 2018 Share Posted January 22, 2018 1 hour ago, Kevin the Chicken God said: II'm fine with 2-step authentication, but it's clear that they only care about one of the two steps. They have a verified email address, my account information, and my tax information. Yet when I try to change the phone number, which is something I changed not from losing my phone but just from moving countries (but didn't change because I never sent codes via SMS and never knew that was something I should worry about, these are the options when I go to change it: 1. have old phone or have access to steam app 2. have access to steam app 3. use email to gain access to a page to remove steam authentication from your phone which requires a code given... through the app 4. provide my old phone number, the email I'm using that I already confirmed a step ago, and a description of my issue in a fucking steam support ticket They have all this information I've given them but for some reason the only thing I can use to confirm that I am myself is my phone, even though I'm trying to change the number. It's ridiculous how much more they value mobile authentication. If someone found my phone, got into it, for some reason went to steam, they would have been able to send and confirm trade offers before I de-authorized it. They treat their service like they're a bank yet the only information they're protecting is that given to them to help them protect their users. Regardless, we don't really need to get into the effectiveness of different method of security, I'll just bite the bullet on this one. They made it so that you need your phone to protect themselves from the vast number of scammers, because realistically, someone who steals your phone is EXTREMELY unlikely to try and empty your steam account with it. But, in all fairness, when you activated mobile authenticator, there was a nice big warning page saying to write down this code, otherwise you're fucked if you lose your phone. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.