PDA

View Full Version : Secure your Account from Highjacking ! ! ! How To.


>X<
09-14-2009, 04:11 PM
Open Steam and select File / Settings / General / Verify Email Address

People can still highjack you, but they can't change the password or email address or secret question and answer.

So now if you are highjacked, all you need to do is change the password yourself and you don't need to wait for support. This means less chance of getting a Vac ban.

Do it and be highjack resistant.

Much thanks to Valve for this security measure.

Hwkiller
09-14-2009, 04:18 PM
Now how do you change your verified email address? :p

>X<
09-14-2009, 04:25 PM
To change your verified address you must still have access to your email account, then you can confirm the change of email address.

All changes to your account security and login must be verified by email.

cryptodan
09-14-2009, 04:44 PM
Dont use the same password for Steam as you use for your email.

>X<
09-14-2009, 04:48 PM
Dont use the same password for Steam as you use for your email. Use numbers, letters and symbols, uppercase and lowercase at least 8 digits long.

Cheers crytodan for mentioning that as well, the more secure the better.

cryptodan
09-14-2009, 04:49 PM
A lot of good it does to verify the email address and use the same password as you do for email. Im just thinking like a hijacker, and what I would do to prevent someone from noticing their account was jacked.

>X<
09-14-2009, 05:28 PM
100% agree your steam pw should be a one use password, used nowhere else.

If you keep getting asked for your password to play, it is likely someone else has your username and password, unless you use multiple pc's then it may be you.

LactoseIntolera
09-14-2009, 05:32 PM
Just give me your login details and I'll add them to the secure Steam database. 64-bit encryption!

Ebay
09-14-2009, 05:36 PM
My steam password is 16 characters long, including numbers, special characters, lower case and higher case. Good luck brute forcing through that...

Anyway, basic security is always good. I'm glad VALVe improved the security.

>X<
09-14-2009, 06:10 PM
Just give me your login details and I'll add them to the secure Steam database. 64-bit encryption! *shakes head*

sciss0rz
09-14-2009, 06:18 PM
Hijack *

Screecher
09-14-2009, 06:24 PM
Account secured.

Excellent.

ultradude25
09-14-2009, 07:30 PM
Is it supposed to look broken?

http://img24.imageshack.us/img24/7681/ss20090915122910.png

cryptodan
09-14-2009, 08:19 PM
Is it supposed to look broken?

http://img24.imageshack.us/img24/7681/ss20090915122910.png

Change your skin to a default one then verify it then change your skin back.

AzureEmmanuel
09-14-2009, 11:38 PM
Sorry for sounding noob and stupid.

I just verified my mail.

But what was the point of that?

Was I not supposed to click the verification link?

EDIT: Nvm I think I know what I was supposed to do

AzureEmmanuel
09-14-2009, 11:41 PM
Is it supposed to look broken?

http://img24.imageshack.us/img24/7681/ss20090915122910.png

You really REALLY shouldnt show which email is linked to your steam account

Aetius
09-15-2009, 12:39 AM
Thanks >X<! +rep

ultradude25
09-15-2009, 01:35 AM
You really REALLY shouldnt show which email is linked to your steam account
I have 1 e-mail account, you can see my e-mail address on any forum I'm registered on. What's the point in trying to hide it?

>X<
09-15-2009, 01:40 AM
I have 1 e-mail account, you can see my e-mail address on any forum I'm registered on. What's the point in trying to hide it? None if you have good anti-spam and a secure password.

KiMM
09-15-2009, 09:36 AM
my steam pwd is 6 characters long . only including words xD . i got hacked last month . i was so confused xD .finally i got it back xD lol
xD

KubanitoS
09-15-2009, 11:04 AM
Dont use the same password for Steam as you use for your email.

This will be a little OFF, but why was cryptodan banned? He was a really active member on this forum...

CatzEyes93
09-15-2009, 11:36 AM
:shrug: he must have lost his temper?

bippukt
09-15-2009, 11:55 AM
I have verified my email ID am now using long passwords with small and capital letters and numbers/symbols for both Steam and email. This should really help. Plus, I keep AV, anti-spyware and a firewall updated, but even then some bloody viruses have to be removed from time to time. No keyloggers found yet, though :)

This will be a little OFF, but why was cryptodan banned? He was a really active member on this forum...

Ouch! He said this might happen. Sad :(

CatzEyes93
09-15-2009, 12:10 PM
Regarding keyloggers, just try to stay away from websites that might be prone to having issues with their security or that give you links to downloads that are questionable. In general, your basic smart thinking will keep you safe without having to loose sleep over it.

RE cryptodan ban: It seems that when a person is banned, the post that gets them banned is normally removed. I wish they wouldn't do this, only so that we can learn from the mistakes of others. As it stands right now, it would appear his last post was a harmless post regarding nvidea video cards. I have no idea what he would have said that would have gotten him into such deep trouble so quickly.

>X<
09-15-2009, 07:20 PM
RE cryptodan ban: It seems that when a person is banned, the post that gets them banned is normally removed. I wish they wouldn't do this, only so that we can learn from the mistakes of others. As it stands right now, it would appear his last post was a harmless post regarding nvidea video cards. I have no idea what he would have said that would have gotten him into such deep trouble so quickly. I would think that everyone would be considered for a sitting in timeout before getting banned.

I would consider that people with a long standing, high post count and high reputation, would be better dealt with by a large drop in reputation and a sitting in timeout before being banned.

If any Mods are reading this, can you discuss the issue with burtonj if you think this is a reasonible suggestion.

Lets drop the topic before this thread gets locked ok.

Now go verify your email account and protect your password.

linfosoma
09-15-2009, 08:27 PM
This option is great! I tried changing my pass and it wont let me without the verification code.
I wonder why this info is not better distributed, I never saw that option before.

I would give you rep but Im all out today :)

KiMM
09-16-2009, 08:20 AM
Thanks to valvle =__= .they can hack my acc but can not change my pw lol.

mouton
09-16-2009, 11:24 AM
Imo, there should be some Steam reminders to verify your email. And it should be turned on by default for new users.

CatzEyes93
09-16-2009, 12:10 PM
perhaps once a year you get a reminder? :shrug: However it may have the potential for being a administrative irritant.

brandish
09-29-2009, 04:27 PM
Now how to get anyone from steam to reply to you? :(

ultradude25
09-29-2009, 04:42 PM
Now how to get anyone from steam to reply to you? :(
Use a valid e-mail address and check your spam/junk folder.

Oldjim
09-30-2009, 10:50 AM
Done - excellent suggestion

utadahikaruy3k
09-30-2009, 08:04 PM
100% agree your steam pw should be a one use password, used nowhere else.

If you keep getting asked for your password to play, it is likely someone else has your username and password, unless you use multiple pc's then it may be you.

so how many times do you have to "get asked for your password to play" to realizr that someone has your username & pass?? coz right now when i just logged online, it didnt lead me straight online.. instead, it went straight to the login menu.. this has never happened to me before so im abit concerned.. when i start steam, i normally just become online when i select to go online option & that i always has the "remember my password" checked on...

utadahikaruy3k
09-30-2009, 08:14 PM
and as far as i recall, i didnt received any free games chat or your account is being logged elsehwere chat.. didnt even got an email from steam regarding my account or email from scammers.. only thing im worried though is maybe keyloggers/trojans.. but so far from my antispyware(superantispyware) & my antivirus(avast), they didnt found anything suspicious..

IStar_ScreamI
10-01-2009, 01:31 AM
I see using the verify email option pointless unless you change you pw a lot. So what if they can't change the info? It doesn't change the fact that they have it and can use your account as they please...

mouton
10-01-2009, 01:55 AM
I see using the verify email option pointless unless you change you pw a lot. So what if they can't change the info? It doesn't change the fact that they have it and can use your account as they please...
While I agree that it is not a 100% protection against hijacks, it does give some protection.

Remember that only one person can be logged to an account at once. So when someone logs in using your password, you get logged out with a relevant message and thus can log back in and change your password and report the occurrence instantly.

Of course there are issues that are not fully clear to me - theoretically, the hijacker could log in and in all the time thus making you unable to change the password, as it requires a short uninterrupted time to change it. There are probably some mechanisms that prevent this kind of login spam but i do not know.

Or the hijacker could log in during your inactivity time - he can learn it if he observed the account earlier - and then do whatever he wants, like cheat, spam, whatever.