Steam Guard - Great

[Scouzer]

https://support.steampowered.com/kb_article.php?ref=8232-WSGZ-8021&snr=1_41_4__42&l=english

What a welcome update. My Steam account is one of two accounts I've ever had hacked, so this should be a pretty resilient hacker protection.

In a nutshell anytime you log in with a new computer you must click a verification link sent to your email. My Gmail I have linked to the Google Authenticator app (multifactor security) so unless someone cracks my Steam password, then cracks my Gmail password, then steals my physical iPhone, nobody can access my Steam account. I'd recommend the same to anyone.

 

[I4AT]

Edit, nvm. Decided to stop being lazy and just read the post.

 

[mb]

Just make sure your email password is not the same as your steam password!

 

[Lonyo]

http://forums.anandtech.com/showthread.php?t=2147359

Thread on other elements of this which don't seem to be in the current release and Steam's historical (lack of) security.

 

[Scouzer]

http://forums.anandtech.com/showthread.php?t=2147359

Thread on other elements of this which don't seem to be in the current release and Steam's historical (lack of) security.

Oops. I didn't think to search because I thought it was brand new.

 

[Jules]

so do you need a intel cpu for this ?

 

[Scouzer]

Does Steam Guard take advantage of the Intel® Identity Protection Technology solution that Valve and Intel recently announced?

No, not in the current release. We hope to offer additional forms of authentication soon though, so you'll have your choice of secondary authentication methods with Steam Guard.

So this seems separate from the Intel technology right now.

 

[Jules]

So this seems separate from the Intel technology right now.

Coo coo thanks.

 

[Lonyo]

Oops. I didn't think to search because I thought it was brand new.

That's why I didn't say repost, since the actual thing in this announcement isn't quite the same, although the name is. But the other thread has some discussion on the topic of Steam security.

 

[oogabooga]

So this seems separate from the Intel technology right now.

I was confused. I thought steamguard was part of the new line of SB intel processors. But my account is protected and I am getting an email on my second computer about an unauthorized access and a passcode to allow it.

I guess I'll just leave it be for now, wondering how they are enabling it - I'm using a Q6600.

 

[Texashiker]

What steam really needs is an account lock down feature - that if you enter the wrong password more then 5 times, your locked out for 15 minutes.

As long as there is no account lockdown feature, there is nothing to stop a brute force attack. But now with the passcode, even if your password is bruteforced, they will need the passcode from the email.

 

[Zargon]

What steam really needs is an account lock down feature - that if you enter the wrong password more then 5 times, your locked out for 15 minutes.

As long as there is no account lockdown feature, there is nothing to stop a brute force attack. But now with the passcode, even if your password is bruteforced, they will need the passcode from the email.

yeah, I cant beleive they dont have that

 

[darkewaffle]

This is seperate from the Intel hardware protection. Rather, I think it's a different implementation. If you have a supported Intel SNB CPU, I think it will use the internal SNB protection (whatever that may be) to identify that computer. Whereas non SNB protection may identify new computers by IP address or some MAC address or something else altogether, I don't think we actually know.

Point being, either works.

One thing I noticed using this last night though, when you authenticate via email do you have to do that every time you go to use that secondary PC? Last night I put steam on a second PC, authorized it with the email code, started installing a game and then had to restart for updates, paused Steam and when it all came back up I had to re-authorized it. Anyone else had that or might it be because Steam updated or didn't shut down properly?

 

[aka1nas]

This is seperate from the Intel hardware protection. Rather, I think it's a different implementation. If you have a supported Intel SNB CPU, I think it will use the internal SNB protection (whatever that may be) to identify that computer. Whereas non SNB protection may identify new computers by IP address or some MAC address or something else altogether, I don't think we actually know.

Point being, either works.

One thing I noticed using this last night though, when you authenticate via email do you have to do that every time you go to use that secondary PC? Last night I put steam on a second PC, authorized it with the email code, started installing a game and then had to restart for updates, paused Steam and when it all came back up I had to re-authorized it. Anyone else had that or might it be because Steam updated or didn't shut down properly?

The link in the OP states that they don't yet support the new extensions in Sandy Bridge.

 

[darkewaffle]

The link in the OP states that they don't yet support the new extensions in Sandy Bridge.

Link in post #4 seems to indicate otherwise, though I can't see them at the moment to know which is more recent.

 

[Raduque]

I suddenly had a problem with Steam connecting while in the DMZ, so I had to get my PC out of the DMZ in order to login. At which point, it prompted me for a code they emailed me.

Then I upgraded my PC without reinstalling Vista (went from e6300/965p-s3 to e8400/ep45-ud3r) and steam did not prompt me to enter a new code. :hmm: