PDA

View Full Version : Confirm login on a new IP address via verified email


Dotmister
11-29-2009, 03:31 AM
We have verified email address nowadays, why not protect our accounts better using this?

Obviously this would be opt in, due to it being incredibly annoying if you had a dynamic IP address, or at least one which changed frequently. There are always loads of reasons to login to steam on a different IP adress. But then if you wanted to, this adds an extra layer of security which may give you warning, and help prevent someone taking over your steam account.

Any comments or suggestions?

lafingman0
11-29-2009, 03:46 AM
or just have it pop up on your steam window if you were still logged on to the steam account. Kind of like a 'is this you?' sort of question.

unless you mean steam logs your IP and if some hacker with another IP get's a hold of it and then it notifies you that someone else has logged on then that's something kind of different.

It may be a good idea, but I don't know if steam would want to track all the users IP addresses, or if users would like that idea (invasion of privacy?) :P Definitely would have to have an opt-in - default setting off - for it to work.

Alfie-SR
11-29-2009, 03:51 AM
or just have it pop up on your steam window if you were still logged on to the steam account. Kind of like a 'is this you?' sort of question.

This. It should be done already, really.

Seth.Sekhmet
11-29-2009, 04:12 AM
I don't want this to be the default behavior. Perhaps as an option for people with static IP which do not use multiple PCs for the same account.

For me it would be terrible to check & confirm each new IP every time.

ReBoot
11-29-2009, 04:17 AM
As long as it's optional, I could live with it. And yes, it shouldn't be default either.

Krid
11-29-2009, 09:25 AM
By default it should track and log the IPs you've used.
As an option, it should let you force new IPs to be confirmed.

As an advanced option, it should allow you to blacklist IP ranges.
For example, if I ever end up in Africa I think I'm going to have far more pressing concerns than video games, so I'd probably be alright if I blocked Africa's IP ranges.
Also, a handy reference: http://xkcd.com/195/

lafingman0
11-29-2009, 03:29 PM
By default it should track and log the IPs you've used.
As an option, it should let you force new IPs to be confirmed.

As an advanced option, it should allow you to blacklist IP ranges.
For example, if I ever end up in Africa I think I'm going to have far more pressing concerns than video games, so I'd probably be alright if I blocked Africa's IP ranges.
Also, a handy reference: http://xkcd.com/195/

That is one sexy map

Katana No Kage
11-29-2009, 05:05 PM
For something like AIM, confirming a logout is very annoying. Example:

I'm at home, use Steam for a while, and get called away by some people thinking of going somewhere. I grab my laptop and go with them. While there, I decide to play a game on my laptop. When I boot it up, it confirms the logout on my home computer, and...can't.

lafingman0
11-29-2009, 07:22 PM
For something like AIM, confirming a logout is very annoying. Example:

I'm at home, use Steam for a while, and get called away by some people thinking of going somewhere. I grab my laptop and go with them. While there, I decide to play a game on my laptop. When I boot it up, it confirms the logout on my home computer, and...can't.

include a 30 second timer to auto logout if no selection is made and a notification that someone else (ip or whatever) has logged in using this account.

generalm1981
11-29-2009, 07:24 PM
We have verified email address nowadays, why not protect our accounts better using this?

Obviously this would be opt in, due to it being incredibly annoying if you had a dynamic IP address, or at least one which changed frequently. There are always loads of reasons to login to steam on a different IP adress. But then if you wanted to, this adds an extra layer of security which may give you warning, and help prevent someone taking over your steam account.

Any comments or suggestions?

i agree that would be a good thing but some people would prefer an On/Off switch for this :P

Slyke
11-29-2009, 09:38 PM
Could do it by hostname too, for people with dynamic IP addresses.

BigWoop
11-30-2009, 10:08 AM
By default it should track and log the IPs you've used.
As an option, it should let you force new IPs to be confirmed.

As an advanced option, it should allow you to blacklist IP ranges.
For example, if I ever end up in Africa I think I'm going to have far more pressing concerns than video games, so I'd probably be alright if I blocked Africa's IP ranges.
Also, a handy reference: http://xkcd.com/195/

I like the idea overall, I would even like to have to check my mail every time I want to log in to Steam at all, very secure but not everyone's cup of tea I'm sure. So optional yes.

Interested to know Krid, what would your more pressing concerns be if you went to Africa? Reason I ask is because I live there...

praetorian42
11-30-2009, 10:55 AM
geez, do you really go out with friends and then play games on your laptop? I get raked over by my friends if I'm looking something up on my phone.

What about MAC address?

Marcio_xD
11-30-2009, 11:13 AM
geez, do you really go out with friends and then play games on your laptop? I get raked over by my friends if I'm looking something up on my phone.

What about MAC address?
MAC adresses are easily spoofed and I don't believe they are sent to the Internet.

Dotmister
12-01-2009, 01:46 PM
Having a message box which pops up asking you to allow someone (Has to be you according to the SSA I think) into your account wouldn't work in the situation that a hacker has gained access to your account, because they could sit there and block you out, giving them time to change the password. The current system allows you to log back in with potentially enough time to change the password.

BigWoop
12-01-2009, 03:29 PM
I want the option in place that I have to somehow verify by email every time I log in to Steam. It should give your IP address in the mail so that you can be sure it is the one you are coming from.

Superparanoia mode go!

Seriously getting VAC banned by some hacker is my biggest fear with Steam, as it is irreversible and all that. Plus where I come from there are no non vac secured servers, and playing on international servers is out of the question because of high latency.

praetorian42
12-01-2009, 03:40 PM
I wonder if some sort of account disabling thing could work to help people.
I try to login and find my password doesn't work, very sure I'm typing in the password correctly. I could login through something separate and different username/pass that's connected with my account. All it does is freeze my account until the real owner has gone through the proper channels to prove it's theirs.
When my account was hijacked, doing something like that would have at least made me feel better, knowing whoever couldn't use it cheat and get me VAC banned.

ReBoot
12-02-2009, 03:11 AM
If the scammer manages to steal your account login data, it would be the same ease to steal your backup account lock login data.

praetorian42
12-02-2009, 10:44 AM
Maybe not, different username and password, if it does nothing but disable you're account you wouldn't be typing it in all the time for a keylogger. Also who would go after that trying to guess people's info on that? there are griefers in the games but I doubt any that would go to the lengths just to disable you're account for a couple days.
and if you can't remember the info, well it'd be no different then how it is currently.

ReBoot
12-02-2009, 10:55 AM
There is already a backup account. It's your verifyed email address. So locking an account to an IP should just use the verifyed email address.

Dotmister
12-03-2009, 02:52 PM
I think this would be a really helpful feature to prevent accounts being hacked (Easily the biggest worry for steam account owners) Does anybody from valve want to comment?