Go Back   Steam Users' Forums > Steam Discussions > Suggestions / Ideas

Reply
Click here to go to the first staff post in this thread.  
Thread Tools Display Modes
Old 12-21-2010, 07:15 PM   #151
xzec
 
Join Date: Mar 2007
Reputation: 12
Posts: 292
One and only application needed: Sandboxie.
xzec is offline   Reply With Quote
Old 12-21-2010, 07:19 PM   #152
ShaZe
 
 
 
Join Date: Oct 2009
Reputation: 7
Posts: 48
Quote:
Originally Posted by xzec View Post
One and only application needed: Sandboxie.
What the hell are you talking about, what about bruteforce and any other form of hacking. Ok fine, you prevent basic file harvester with that, it still far from doing what the mentionned suggestion will give you.
ShaZe is offline   Reply With Quote
Old 12-21-2010, 08:36 PM   #153
-Oc-Bort
 
Join Date: Aug 2008
Reputation: 13
Posts: 341
Ya!!!!! We really need one of those "Hey! There's a thread like this!" things on this forum. I know it already exists so they wouldn't have to develop it from scratch. I've seen it on other forums. This forum NEEDS one. There's too many people that obviously don't even look to see if their idea's been suggested before because I've seen the same suggestion twice in the 25 posts on the main page of this section more than a few times. Which is ridiculous because I've only been participating here for a few days.

I'm guilty of it. And I'd appreciate it getting thrown in my face. Things would get done faster, good suggestions would be put in to action faster, the forums wouldn't be so cluttered, and we'd all be happier.

True! Search is disabled right now so there's an excuse. There's no reason for it when the search does work.

The suggestion it self is a great idea I support.
Me personally? I wouldn't buy one. I definitely wouldn't appreciate it if we were all of a sudden forced to have one. Maybe that's why steam hasn't implemented it.


It would cost money because having a device like that requires many things.
- manufacturing
which needs packaging, machines (expensive!!!), a warehouse, and workers in all of those departments as well as engineers, more developers, etc.
- store fronts and distributors
- shipping
- return policies
- warranties and licensing
etc, etc, etc...

Probably not applicable for this company to do. I can see something like that digging a hole for them they may not be able to get out of.

Is there a way someone can do it themselves and secure it on their own?

Last edited by -Oc-Bort: 12-21-2010 at 08:43 PM.
-Oc-Bort is offline   Reply With Quote
Old 12-29-2010, 07:46 AM   #154
aop
 
Join Date: Dec 2008
Reputation: 15
Posts: 53
Security idea: USB Account Recovery Key

Since many of us own Steam accounts worth over $1000 and keyloggers are the biggest account security threat and virus makers are always a step ahead of antivirus providers I got an idea:

Account specific USB key that can be ordered via Steam for certain price + shipping. When account is hacked you can use the key to verify the your ownership of the account and return it to yourself.

Because of ever developing keyloggers stealing passwords is easy but it's much harder to steal a key that exists physically.
aop is offline   Reply With Quote
Old 12-29-2010, 08:03 AM   #155
~kev~
 
 
 
Join Date: Jan 2007
Reputation: 269
Posts: 1,913
Years ago I installed some software for a client that required a device to be attached to the serial port of the computer. It verified that they were the person that bought the software, because the device could not be copied.

If someone is willing to pay for a usb device to help them recover their steam account, and its just one more way for the people at valve to make money - so why not?

Sounds like a win, win situation to me. The customer gets an added layer of security, and Valve gets to sale another product.
~kev~ is offline   Reply With Quote
Old 12-29-2010, 08:13 AM   #156
Amaurus
 
Join Date: Apr 2009
Reputation: 0
Posts: 299
Sounds like a brilliant idea! Although it might be able to be spoofed to hack peoples accounts that way. How about something that generates a random number like the blizzard Authenticator?
Amaurus is offline   Reply With Quote
Old 12-29-2010, 08:18 AM   #157
Freeflow
 
 
 
Join Date: May 2009
Reputation: 1
Posts: 26
I'm in support of at least implementing an option to have VeriSign Identity Protection (VIP) Services , like eBay and Paypal.

They have an application for mobiles, so the majority who want an extra layer of protection and owns a phone will be able to get it down for free.

http://www.verisign.co.uk/authentica...ion/index.html
Demo-
http://www.verisign.com/media/vip-demo/index.html (1:25 & 2:30)

Last edited by Freeflow: 12-29-2010 at 08:27 AM.
Freeflow is offline   Reply With Quote
Old 12-29-2010, 08:32 AM   #158
Gone'Postal
 
Banned
Join Date: Jan 2009
Reputation: 1264
Posts: 3,741
Quote:
Originally Posted by Freeflow View Post

They have an application for mobiles, so the majority who want an extra layer of protection and owns a phone will be able to get it down for free.

If Valve want to buy the rest of the package at a massive cost.
Gone'Postal is offline   Reply With Quote
Old 01-16-2011, 05:04 AM   #159
FireFlower
 
Join Date: Jan 2009
Reputation: 0
Posts: 12
I don't think it is bad idea to bring this option for steam.

I mean I have over 100 games in my steam account and I have used F-secure's method to make password for any application or service. But still I fear a lot that I might loose my account to keylogger or something because the anti-virus software might not be able to detect it enough fast.

Well anyway the password goes like this...

Anyway here is the F-secure's method to make passwords. The idea is to write down 3/4 of the password on the paper and keep it always with you. The rest 1/4 is your password's pincode which is always used at the end of the password and the same pincode is used for every password. This way you don't have to try remember over 12 characters long passwords and writing them completely down threatens the security. So basically you only need to remember username and the pin code and always keep with you that piece of paper that contains the passwords for services.

Needed: a piece of paper and a pen.

Example:
Service name: Steam forum

Generate a 4-6 letters long name that reminds you of the service. In this example we have Steam forum, so lets make it to be: $teaMF

Generate 4-6 letters long random string twice by hitting a keyboard randomly or picking up randomly keys. T4ayj and %32faH

Now you must make 4-8 numbers long pin code that is always used at the end of the password. This pin code never must be wrote on the paper or used in any other device (phone) or service (bank card pin code)

18529643

Now lets make write the password down to the paper: $teamF-T4ayj-%32faH
password is then: $teamF-T4ayj-%32faH-18529643

This way brute forcing it takes a lot time, you cannot guess it. Only problem is the keylogger malware that might steal it.

On paper you will have multiple passwords and you should carry it in your wallet always. Even if you might loose your wallet and the password list, the finder / thief cannot use your passwords even if he knows your username and guesses right the service which you're using. He still will need your pin code until password works. Also if you use the password a lot (no remember me) your hands will eventually remember it and type it down without even thinking what it was.

I have now about 10 passwords and I use daily about 5 of them and I can type it down with qwerty keyboard without any problems. If you ask me to write it down to the paper it will take really long time because I have to think how I hit the keys with keyboard. (Motorized memory)

Hopefully some guys understood how to make very very strong passwords.

Last edited by FireFlower: 01-16-2011 at 05:10 AM.
FireFlower is offline   Reply With Quote
Old 01-16-2011, 08:00 AM   #160
sneax
 
Join Date: Dec 2004
Reputation: 31
Posts: 2,114
Just pick a long password with some numbers and symbols and you are safe. Simple. No need for hardware security.
sneax is offline   Reply With Quote
Old 01-17-2011, 04:35 AM   #161
Sly_Squash
 
Join Date: Jul 2009
Reputation: 227
Posts: 834
Long/strong passwords are nice but they aren't effective in combatting keyloggers. And since gaming/steam is mostly a windows thing, and windows is super vulnerable to viruses, keyloggers, and the like, passwords in general just aren't a good system.

I'm all for anything that increases steam security. Many people have thousands of dollars tied up in their accounts, making them very prime targets for hackers. We need better way to protect ourselves.
Sly_Squash is offline   Reply With Quote
Old 01-17-2011, 04:37 AM   #162
Amander
 
 
 
Join Date: Feb 2010
Reputation: 561
Posts: 8,142
In fact, Windows is not that much of an issue. Unless you click "Yes" on everything, it's hardly possible to get a keylogger.
A thumbdrive is still useless. Especially if you talk about keyloggers which are locally installed malware. Is there any reason why malware (which is running anyway) should not access the thumbdrive too? I am for everything which increases the security. But REALLY increase, such placebo solutions would introduce more trouble than they'd solve. A smartphone app for example would be way more secure.
Amander is offline   Reply With Quote
Old 01-17-2011, 04:49 AM   #163
L.o.D.
 
Join Date: Apr 2006
Reputation: 1647
Posts: 22,671
Quote:
Originally Posted by Sly_Squash View Post
\ windows is super vulnerable to viruses, keyloggers, and the like
Maybe, if you allow it to be & don't use any PC security such as an antivirus/anti-malware suite and/or a firewall.

It's really not THAT vulnerable as you claim it to be.

I started using a computer in 1996 & have only had one virus & the only thing it did was attack ICQ's netdetect software.

Since then, never had any others. This was on Win98SE.
L.o.D. is offline   Reply With Quote
Old 01-17-2011, 05:09 AM   #164
slayvus
 
 
 
Join Date: Jun 2008
Reputation: 787
Posts: 2,728
It's your responsibility to take care of your account's security. It's your own damn fault if your account get's phished by a website or key logger.

Don't download questionable content from websites you aren't familiar with.

Don't click on ads for 'free' stuff.

When you see a pop up that says you have this many viruses, DO NOT CLICK ANY WHERE ON IT AT ALL NOT EVEN TO TRY TO CLOSE IT. Open the task manager and close your internet browser using the task manager.

Don't click on links from your friends unless you know the website or have Google searched the link.

Do not tell anyone your account details! Aka don't share your account! It's against the terms of agreement you agreed to when you made your account and could make you lose your account and all it's games forever.

Keep your anti-virus up to date. Keep Windows itself up to date.

I've been a Steam user since June 2005, in that time I have never lost control over my account. All it takes to have a secure account is to keep your computer secure.

If you can't follow any of my tips, you might find that one day someone's stolen all your money from your bank account when you check it online.

Quote:
Originally Posted by aop View Post
Since many of us own Steam accounts
You do not OWN your Steam account. You do not OWN any game on your account. All your games are LICENSED for use from the developer. Your Steam account is LICENSED for use from Valve.

Last edited by slayvus: 01-17-2011 at 05:12 AM.
slayvus is offline   Reply With Quote
Old 01-17-2011, 05:43 AM   #165
Sly_Squash
 
Join Date: Jul 2009
Reputation: 227
Posts: 834
Quote:
Originally Posted by L.o.D. View Post
Maybe, if you allow it to be & don't use any PC security such as an antivirus/anti-malware suite and/or a firewall.

It's really not THAT vulnerable as you claim it to be.

I started using a computer in 1996 & have only had one virus & the only thing it did was attack ICQ's netdetect software.

Since then, never had any others. This was on Win98SE.
Relative to Mac/Linux, it's still incredibly insecure. And I don't care if you feel you are sufficiently secure.

Quote:
Originally Posted by slayvus View Post
It's your responsibility to take care of your account's security. It's your own damn fault if your account get's phished by a website or key logger.

Don't download questionable content from websites you aren't familiar with.

Don't click on ads for 'free' stuff.

When you see a pop up that says you have this many viruses, DO NOT CLICK ANY WHERE ON IT AT ALL NOT EVEN TO TRY TO CLOSE IT. Open the task manager and close your internet browser using the task manager.

Don't click on links from your friends unless you know the website or have Google searched the link.

Do not tell anyone your account details! Aka don't share your account! It's against the terms of agreement you agreed to when you made your account and could make you lose your account and all it's games forever.

Keep your anti-virus up to date. Keep Windows itself up to date.

I've been a Steam user since June 2005, in that time I have never lost control over my account. All it takes to have a secure account is to keep your computer secure.
No. Passwords are simply a horribly insecure means of accessing account data, period, for a myriad of reasons. It's merely calculated luck that you haven't been hacked.

I'm reminded of something my woodworking teacher said after we learned the shop safety rules. He told us "the thing about safety is that it isn't always fair. Some people break every rule in the book every day of their lives, live to be a hundred, and never have anything bad happen to them. Other people bend one rule just a tiny bit and lose an arm."

Security is the same way. There are people out there with a password of "password" on every one of their accounts and they will never get hacked. There are people that follow every "tip" one could offer and they lose everything to identity theft.

It's
all
just
calculated
luck


Quote:
Originally Posted by slayvus View Post
If you can't follow any of my tips, you might find that one day someone's stolen all your money from your bank account when you check it online.
Let me tell you the story of how I started taking security seriously.

One of my friends knew a guy who hustled his professor. There was a temporary social security number leak at his university and he had nabbed her SS. This is far and away not the only way to acquire someone's SS#, mind you, but this was how he did it. He established a friendly relationship with the prof, and before summer came round asked her casually when she'd be leaving for vacation.

When she left for vacation, he used the social security number to reset the password on her email. Once logged into her email, he found validation for her paypal account. He used the email address to reset the password on the paypal account. Now in control of the paypal account, he transferred over over $100k into his pocket (not directly, of course, but via a scheme of buying/selling gold that disguised giving him away). The purpose behind asking if she'd be away on vacation was to give sufficient time for all transactions to complete (paypal, banks, etc. can take a couple of days to complete transactions on this scale), and while she was away she would be unlikely to check up on these things.

Why did this work? Because online banking does not authenticate *you*. It authenticates anyone who has your password, or who has taken control of your validation account. Even your social security number, the last means of defense in this case, was flawed because a) it is ubiquitous, meaning it is used in a variety of systems and so is easily skimmed, leaked, or intercepted and b) it still doesn't authenticate *you* but rather *anyone who has discovered your social security number*

The point is simply that you are not as secure as you would like to believe, and that even if you are doing everything you can to secure yourself it still doesn't even have to be your fault that your security be compromised. In much the same way a drunk driver can end the life of a responsible driver, responsible computer users can still suffer identify theft.

There are solutions out there. Biometrics. Hardware identifers. Public/private key cryptography. And more. But companies don't take security seriously because people don't take security seriously (facebook?), and people in turn don't take security seriously because most companies don't take security seriously so how can they?

Steam please break this vicious cycle and give us means to protect ourselves from account theft. It is my most requested feature by far.

Last edited by Sly_Squash: 01-17-2011 at 05:52 AM.
Sly_Squash is offline   Reply With Quote
Reply

Go Back   Steam Users' Forums > Steam Discussions > Suggestions / Ideas


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -7. The time now is 08:48 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site Content Copyright Valve Corporation 1998-2012, All Rights Reserved.