KeePassXC supports Steam. If you want 1Password to support Steam auth, you need to ask them. Valve can't update other people's software.

引用自 Ben Lubar：

KeePassXC supports Steam. If you want 1Password to support Steam auth, you need to ask them. Valve can't update other people's software.

Yeah please tell me how I can use KeePassXC for Steam and never touching a phone in the process.

Letting an extra party be party of the security just ADDS another vector for bad actors to attack.

The Steam Mobile Authenticator has had NO issues and works as Valve intends it to work.

A third party app cannot confirm trades, let you access the forums, browse the store, buy games, or remote start downloads.

Using a third party app for security would be a downgrade.

引用自 tyl0413：

引用自 Ben Lubar：

KeePassXC supports Steam. If you want 1Password to support Steam auth, you need to ask them. Valve can't update other people's software.

Yeah please tell me how I can use KeePassXC for Steam and never touching a phone in the process.

Don't corporate drones want us limited to just a physical 2fa? We at least have the freedom to use our 2fa on different phones.

引用自 The Living Tribunal：

引用自 tyl0413：

Yeah please tell me how I can use KeePassXC for Steam and never touching a phone in the process.

Don't corporate drones want us limited to just a physical 2fa? We at least have the freedom to use our 2fa on different phones.

Thye don't because they can't spy on you with that like a phone. One a phone you have 0 freedom, well you would if Steam allowed TOTP, but they don't, thats the entire issue.

引用自 Hikari Light：

Letting an extra party be party of the security just ADDS another vector for bad actors to attack.

The Steam Mobile Authenticator has had NO issues and works as Valve intends it to work.

A third party app cannot confirm trades, let you access the forums, browse the store, buy games, or remote start downloads.

Using a third party app for security would be a downgrade.

Using an open standard used and audited by everyone like FIDO or TOTP is a major upgrade.
Just plug in the key/type in the TOTP for market or whatever.

引用自 tyl0413：

引用自 The Living Tribunal：

Don't corporate drones want us limited to just a physical 2fa? We at least have the freedom to use our 2fa on different phones.

Thye don't because they can't spy on you with that like a phone. One a phone you have 0 freedom, well you would if Steam allowed TOTP, but they don't, thats the entire issue.

引用自 Hikari Light：

Letting an extra party be party of the security just ADDS another vector for bad actors to attack.

The Steam Mobile Authenticator has had NO issues and works as Valve intends it to work.

A third party app cannot confirm trades, let you access the forums, browse the store, buy games, or remote start downloads.

Using a third party app for security would be a downgrade.

Using an open standard used and audited by everyone like FIDO or TOTP is a major upgrade.
Just plug in the key/type in the TOTP for market or whatever.

Now you just sound like a conspiracy theorist.
That's throws your whole argument out the window.

引用自 Hikari Light：

引用自 tyl0413：

Thye don't because they can't spy on you with that like a phone. One a phone you have 0 freedom, well you would if Steam allowed TOTP, but they don't, thats the entire issue.


Using an open standard used and audited by everyone like FIDO or TOTP is a major upgrade.
Just plug in the key/type in the TOTP for market or whatever.

Now you just sound like a conspiracy theorist.
That's throws your whole argument out the window.

and you don't have an argument to begin with so.

引用自 tyl0413：

引用自 Hikari Light：

Now you just sound like a conspiracy theorist.
That's throws your whole argument out the window.

and you don't have an argument to begin with so.

All you have been doing is demanding Valve add more security options, when the existing security works and has had NO issues.
The only issues is the USER giving away all the security info, which your methods WILL NOT FIX.

引用自 Hikari Light：

引用自 tyl0413：

and you don't have an argument to begin with so.

All you have been doing is demanding Valve add more security options, when the existing security works and has had NO issues.
The only issues is the USER giving away all the security info, which your methods WILL NOT FIX.

It has issues which is relying on a closed third party platform like phones instead of a completely open and universal standard like TOTP and FIDO.
Stupid users are not my issue, which is exactly why we should not cater to them and the annoying market restrictions were only introduced because of stupid people.

引用自 tyl0413：

引用自 Hikari Light：

All you have been doing is demanding Valve add more security options, when the existing security works and has had NO issues.
The only issues is the USER giving away all the security info, which your methods WILL NOT FIX.

It has issues which is relying on a closed third party platform like phones instead of a completely open and universal standard like TOTP and FIDO.
Stupid users are not my issue, which is exactly why we should not cater to them and the annoying market restrictions were only introduced because of stupid people.

If your so paranoid about someone getting your info because you use a phone, then you might as well just stop using the Internet as a whole.

That website you last visited? Pretty sure at least 13 other people know you visited that site and none of them are the site staff.

Physically security keys are a dying breed.
They require manufacturing and storage.
2 things that are not cheap.

Phone apps are far easier to use due to no physical manufacturing plants needed and the storage is something you carry with you.

引用自 Hikari Light：

引用自 tyl0413：

It has issues which is relying on a closed third party platform like phones instead of a completely open and universal standard like TOTP and FIDO.
Stupid users are not my issue, which is exactly why we should not cater to them and the annoying market restrictions were only introduced because of stupid people.

If your so paranoid about someone getting your info because you use a phone, then you might as well just stop using the Internet as a whole.

That website you last visited? Pretty sure at least 13 other people know you visited that site and none of them are the site staff.

Physically security keys are a dying breed.
They require manufacturing and storage.
2 things that are not cheap.

Phone apps are far easier to use due to no physical manufacturing plants needed and the storage in something you carry with you.

List the benefits on why Google and Apple need to be involved in the process of getting into my Steam account.

Again you literally know nothing about the topic but that was already proven when you started talking about batteries, FIDO keys are on the rise, many companies are promoting its use some even outright making it difficult to use a password and previous 2FA like Microsoft to promote their use over old methods, i think Google requires them to enroll in some advanced protection program, it makes your account unphishable over the internet, the attacker would need to steal your physical key, perfect for all the morons on here who fall for CSGO scams.

引用自 tyl0413：

List the benefits on why Google and Apple need to be involved in the process of getting into my Steam account.

Again you literally know nothing about the topic but that was already proven when you started talking about batteries, FIDO keys are on the rise, many companies are promoting its use some even outright making it difficult to use a password and previous 2FA like Microsoft to promote their use over old methods, i think Google requires them to enroll in some advanced protection program, it makes your account unphishable over the internet, the attacker would need to steal your physical key, perfect for all the morons on here who fall for CSGO scams.

Those 2FA keys are not hack proof. For Blizzard they had issues with people that botted and stole accounts by just being able to bypass the 2FA security token part.

So much for being unfishable.

Do you know how safe Gabe system is? He gave out his own Steam account name + password for all to know. No one has gotten into his account yet. I'd say that is a pretty good demonstration since he did thing a long time ago.

引用自 Zefar：

Do you know how safe Gabe system is? He gave out his own Steam account name + password for all to know. No one has gotten into his account yet. I'd say that is a pretty good demonstration since he did thing a long time ago.

Decades ago. I already said the same thing to Hikari in another thread. Technology has not stood still since then. Referring to that example is simply negligent.

引用自 ペンギン：

引用自 Zefar：

Do you know how safe Gabe system is? He gave out his own Steam account name + password for all to know. No one has gotten into his account yet. I'd say that is a pretty good demonstration since he did thing a long time ago.

Decades ago. I already said the same thing to Hikari in another thread. Technology has not stood still since then. Referring to that example is simply negligent.

And yet there still has yet to be an announcement of someone getting into his account.
It's not something that can be kept quite about after all.

All it takes is BASIC knowledge to keep your account secure.
And many fail to do that because they let their greed get the better of them.

Adding this physical keys won't change anything, besides giving bad actors another vector to attack.

引用自 Hikari Light：

引用自 ペンギン：

Decades ago. I already said the same thing to Hikari in another thread. Technology has not stood still since then. Referring to that example is simply negligent.

And yet there still has yet to be an announcement of someone getting into his account.
It's not something that can be kept quite about after all.

All it takes is BASIC knowledge to keep your account secure.
And many fail to do that because they let their greed get the better of them.

Adding this physical keys won't change anything, besides giving bad actors another vector to attack.

Fortunately, Valve doesn't share Hikari's mindset, as they have ACTUAL security experience, and, as we have seen, practices defense in depth with features like recently changing the Steam market to require 2FA for every purchase.

Even Valve understands that there still needs to be layers to the defense beyond just username and password and expecting the user to do all the work.