2 minutes ago, bofhlusr said:

This was funds from a refund.
 

I'm learning that 2FA as used in Steam just give you a SENSE of protection. But not really. Which kinda begs the question: why does it even exist ie. giving people a false sense of protection by sending 2FA to email instead of text messages to a cell phone?

e-mail is better than nothing. When 2FA was not a thing you could just steal or guess a password and you could enter into someone's account from a different device and country 🙂

SMS and authenticator apps are recommended.

https://help.steampowered.com/en/faqs/view/6891-E071-C9D9-0134

This is what I use.

18 minutes ago, Juliett Alfa Romeo said:

https://help.steampowered.com/en/faqs/view/6891-E071-C9D9-0134

This is what I use.

yep same here 

On 11/14/2024 at 12:00 AM, Juliett Alfa Romeo said:

https://help.steampowered.com/en/faqs/view/6891-E071-C9D9-0134

This is what I use.

Thank you. It's not working for me so far. Hopefully, Steam tech support can resolve the issue:

Just now, bofhlusr said:

Thank you. It's not working for me so far. Hopefully, Steam tech support can resolve the issue:

...

Select Steam Guard

2 minutes ago, SierraDelta said:

Select Steam Guard

Ok. I just did. A new screen pop-up.  Message: "Tap here to scan a QR code". When I tap, I don't get a QR code. Instead, I get another screen that say "Tap to copy xxxxx". When I tap to copy, I get another message "Tap to copy xxxxx"  which re-cycles and gives me more of the same screen again and again but with different 5 digit codes.

3 hours ago, bofhlusr said:

Ok. I just did. A new screen pop-up.  Message: "Tap here to scan a QR code". When I tap, I don't get a QR code. Instead, I get another screen that say "Tap to copy xxxxx". When I tap to copy, I get another message "Tap to copy xxxxx"  which re-cycles and gives me more of the same screen again and again but with different 5 digit codes.

strange its  not  working  for  you  what  do you see when you open up steam on your pc/go  to settings/secuity/ under  steam  guard you should  see 2fa protection on via  the moblile steam app  and  if  you click mange  stem guard  you  get  3  choices  to make  this  is  provided of  course  you already  installed  the  steam mobile app on  your  phone

On 11/13/2024 at 12:23 PM, mspencer said:

The Steam scam is widespread and has been going on for 5 years.

I don't think they hacked your email. Have you logged into Steam recently in your browser? You probably clicked on a phishing link from Discord or your email, and gave them your password without realizing it.

If you share passwords... well... you've given them your password everywhere...

If he has 2FA enabled, just having the Steam pw wouldn't be enough unless they're also spoofing his browser which would up the sophistication level quite a bit.

They either got into both, or 2FA wasn't working.

On 11/13/2024 at 1:14 PM, bofhlusr said:

Here's the thing about password managers though.  How do you know if they are secure as everything else?
 

You don't, as people who used LastPass found out to their detriment awhile back.

I use Bitwarden. It's about as secure as anything else out there other than just memorizing all my passwords, and there are days I feel like I barely remember my name so that ain't happening. 😉

To broaden into overall IT security theory for a moment, just assume you either have been or will be compromised at some point. Unless you're a hermit who lives in the middle of nowhere and has never owned technology, any company you've given payment information to in the last 20+ years has most if not all of the information a criminal needs to steal from you. And companies are notorious for slacking off on the cybersecurity front. The best you can do is to keep actual cash assets as separate as possible from your purchasing activity. Buy everything with a credit card and pay it off at the end of the month. Hopefully when the thief steals your information, they just get the credit card and those have protections built in where they have to refund you if fraudulent transactions happen. Debit cards, checking accounts, Steam Wallet, etc, do not have those protections. I don't return anything to the Steam wallet unless I know I'm turning right around and buying something with it immediately.

 

On 11/13/2024 at 11:23 AM, Patco Lch said:

DuckDuckGo is a secure browser

What makes it 'secure'?

36 minutes ago, eslader said:

It's about as secure as anything else out there other than just memorizing all my passwords, and there are days I feel like I barely remember my name so that ain't happening.

Lol.  In another life, there were months I barely remember my name. I'd have to use 7 passwords just to determine root cause on a computer-generated alert. These usually happened at the middle of the night (these were nightly batch jobs in a very large financial institution) about twice a week.

1st pw to login to my remotely enabled work laptop at home
2nd to login to my desktop pc at work
3rd to login to the local server
4th to login to the front-end app to view the alert
5th to login to a data center in another state
6th to login to our back-end server
7th to login to the back-end mission critical legacy app that was sending the alert

It got worst:
-couldn't re-use the last 10 passwords
-change every *30* days (I developed an intense dislike for who ever invented months that had 28 or 31 days).
-not in dictionary
-at least 12 alphanumeric characters

Edited November 16, 20241 yr by bofhlusr

2 hours ago, pete_auau said:

strange its  not  working  for  you  what  do you see when you open up steam on your pc/go  to settings/secuity/ under  steam  guard you should  see 2fa protection on via  the moblile steam app  and  if  you click mange  stem guard  you  get  3  choices  to make  this  is  provided of  course  you already  installed  the  steam mobile app on  your  phone

This is what I see:

P.S. The 3 choices when clicking "Manage Steam Guard" I don't think applies: remove authenticator, backup codes, and de-authorize devices.

 

Edited November 16, 20241 yr by bofhlusr

9 minutes ago, bofhlusr said:

I'd have to use 7 passwords just to determine root cause on a computer-generated alert.

Yep. Fooling around with annoyances like that is why I finally gave up and got a password manager.

And it's kinda nice because it doesn't just make entering passwords easier, but it also has a notes file so I can also remember all the fake information I give to websites that demand data they don't need. 😉

 

9 minutes ago, eslader said:

Yep. Fooling around with annoyances like that is why I finally gave up and got a password manager.

And it's kinda nice because it doesn't just make entering passwords easier, but it also has a notes file so I can also remember all the fake information I give to websites that demand data they don't need. 😉

 

Interesting.

I keep my passwords offline in a password protected spreadsheet.

I'd have lots of questions if I started relying on another entity for my passwords eg. Will I be able to access my password if I am unable to access the website of the password manager (such as Bitwarden)?  Does the password manager company back up its server offsite and periodically test them, and will I still have access to the backup if the company ceases to exist?

i  got  my passwords written  down in a folder least i know  where  to look  for  them if  need  be

Edited November 16, 20241 yr by pete_auau

19 minutes ago, pete_auau said:

i  got  my passwords written  down in a folder least i know  where  to look  for  them if  need  be

You can't easily carry that folder with you when you go on a trip. 🙂