引用自 Chaplain Svenn：

So first and foremost let me just say that two factor authentication is ♥♥♥♥♥♥♥♥ ever since it's been found out that your account can be hijacked by clicking on a link, so why does anyone use it anymore? It's just a hindrance and it's annoying if it can be easily bypassed and ignored by a ♥♥♥♥♥♥♥ link.

With that out of the way, I can't even turn that ♥♥♥♥ off because if I wanna reset my password, I NOW HAVE TO CONTACT STEAM SUPPORT WHO THE HELL THOUGHT THAT WAS A GOOD IDEA????????????

I can't log into my app because I don't remember my password, I can't turn this ♥♥♥♥ off because I can't access my app because it's asking for a code THAT IS GENERATED INTO THE STEAM APP ITSELF SO HOW AM I SUPPOSED TO GET A CODE THAT I CAN'T ACCESS?????????

I would like to know who designed this and who greenlit it because they should be banned from anything IT related for life

Anyways I guess I am going to contact steam support TO RESET MY PASSWORD

♥♥♥♥♥♥♥ stupid

That's a lot of 'you' problems right there.

Just clicking on a link should not get your account compromised unless the link installed malware and compromised your computer.

However, clicking on a link and then entering your steam credentials can get your steam account compromised.

And in other news bullet resistant vests aren't actually bullet proof. So there is obviously no good reason for anyone to wear them. Taxpayers shouldn't have to pay to supply them. To members of law enforcement or members of our militaries. If that sounds stupid to you. Then you know how your argument sounds to me.

Two factor authentication is an added layer of security. It's up to you to ensure that it can actually do its job. Stop clicking on links, visiting strange websites, and wading into grey markets. Frankly if you can't or refuse to stop doing those things. Then invest in some additional security solutions, and lastly get a piece of paper and a pen. Then when you change your password write it down.

2FA cannot be bypassed with clicking a link, so rest of the rant post is null and void. Would require someone to be dumb enough to enter their information into a fake login. And if someone does that, just LOL.

nothing wrong with this steam, this is a user issue

I'm able to reset and change my password with 2FA active on my steam account just fine. Sounds like a skill issue.

引用自 craigal：

However, clicking on a link and then entering your steam credentials can get your steam account compromised.

... provided you are confirming the login with your 2FA...

1. person requests to be added to your friends list.
2. agree (mistake #1)
3. person asks you to click their link
4. you do that (mistake #2)
5. link brings you to a fake steam site and asks you to log in
6. you log into their fake site with your steam password (mistake #3)
7. they steal your stuff and often get your account banned just for fun
8. you blame everybody but yourself (mistake #4)
9. you go to the steam forums to complain (mistake #5)
10. you decide to leave out everything that happens and condense it into a simple "the magical link stole everything instantly and there was nothing I could do!" (mistake #6)

引用自 Vamp：

1. person requests to be added to your friends list.
2. agree (mistake #1)
3. person asks you to click their link
4. you do that (mistake #2)
5. link brings you to a fake steam site and asks you to log in
6. you log into their fake site with your steam password (mistake #3)
7. they steal your stuff and often get your account banned just for fun
8. you blame everybody but yourself (mistake #4)
9. you go to the steam forums to complain (mistake #5)
10. you decide to leave out everything that happens and condense it into a simple "the magical link stole everything instantly and there was nothing I could do!" (mistake #6)

That's typically exactly how it happens.

It's kind of "odd" that I've had my steam account since 2003 and I've never been "hacked" even once.

It is amazing how far proper security habits and a rudimentary understanding of scams can take you.

It's amazing how hapless victims become experts and can find fault with everything and everyone except themselves.

Insert Captain Picard facepalm meme...

You can't blame Assa Abbloy because you gave away the keys to your home to the homeless guy behind the dumpster at the BestBuy.

Don't click on random links which is not a Steam recommendation, its a general recommendation

Passkeys would be a useful addition for Valve to add because it is impossible to fake the origin of the site requesting authentication unless you have actual malware on your PC.

That said, the app is already useful because even in the event of malware, the infected PC cannot worm into a phone and vice versa, the only problem is that an insufficiently attentive user can be tricked unlike a passkey. So the problem depends on if the User or the PC are the security risk.
Also use a password manager so you can't lose passwords. I don't even look at my 64 char passwords with my own eyes.

There are no single-click vulnerabilities with Valve as far as I know. The only way is if a single click installs a RAT that controls your PC. That is not a problem that Valve is able to defend against unless the app is mandatory.


If you look at the URL. All parts between https:// and the TLD ( .com ) are the URL, only the last .(whatever) is the part that is valid.
So if it shows some normal domain but it has a .fun or whatever tacked on the end, then it is a fake domain.
If your browser doesn't show the https bit, then everything before the final dot before the slash (/) is the domain
If you aren't paying any attention to the domain name at all, then it is no suprise that you got hacked.

引用自 Violet Skies：

There are no single-click vulnerabilities with Valve as far as I know. The only way is if a single click installs a RAT that controls your PC. That is not a problem that Valve is able to defend against unless the app is mandatory.

If someone has rodents in their computer then they have a bigger problem than worrying about their passwords.

引用自 Chaplain Svenn：

your account can be hijacked by clicking on a link

That is a myth. People are phished and expose their data to authorize access.

引用自 Chaplain Svenn：

I can't log into my app because I don't remember my password, I can't turn this ♥♥♥♥ off because I can't access my app because it's asking for a code THAT IS GENERATED INTO THE STEAM APP ITSELF SO HOW AM I SUPPOSED TO GET A CODE THAT I CAN'T ACCESS?????????

It looks like you have reached a point in your life where its best to stop and rethink your entire approach to online security and data storage. Accountability and education are your solution for the future.
To put this into perspective: malicious actors now use AI voice calls with voices from relatives to get money as a well organized scam attack. And here on Steam we still discuss phsihing from 15 years ago.