ZsaFreigh t1_j1oj7mr wrote
Reply to comment by sparoc3 in LPT: Got a Steam gift card for Christmas? Hold on to it after you put the code in. If your account gets hacked, you can use the old code to recover your account. by Worst_Support
If your email shared a password with any of those accounts on compromised sites they would have access to your emails too, and be able to get to the 2FA and delete the email before you even knew it arrived. With Steam Guard though, it's not connected to email or a phone number, it's an app on your mobile device, so the only way to get in would be to physically steal your device first. Edit: or trick you into giving them the 2FA code, as another user said.
sparoc3 t1_j1okkx4 wrote
>If your email shared a password with any of those accounts on compromised sites they would have access to your emails too, and be able to get to the 2FA and delete the email before you even knew it arrived.
Nope, it was different. That's what got me so perplexed. Maybe they just stole all pw saved on browser still doesn't explain lack of 2fa mail.
And how does one get tricked in to giving 2fa lol. The same kind of people who share CC details with strangers.
One of my other email was hacked too, and the hacker is still trying to get in, it was a burner account so I don't care but steam keeps sending me 2fa mail which was conspicuously absent for my main account.
Steam guard is too much of a PITA cuz steam just keeps kicking the account off from phone and I had to re-login every time, I had it for a couple of months but then went back.
stoneagerock t1_j1os2dr wrote
Download Authy, or one of the plethora of other mobile Authenticator apps. Unfortunately can’t stop you from getting your creds phished by a fake page.
For that you need something like a FIDO2 key that supports key domain binding
sparoc3 t1_j1oul5b wrote
Naah I wasn't phised, I downloaded Adobe Reader crack and then nearly every account of mine was compromised. There's no way they went and reset every account, they must have simply extracted it from browser.
Now I'm using authy tho.
stoneagerock t1_j1pz3ku wrote
Sounds like you got tricked into downloading a keylogger.. only once!
sparoc3 t1_j1pzevt wrote
Idk if you followed the comment thread, I never entered any password everything was saved.
hitemlow t1_j1ortms wrote
> Steam guard is too much of a PITA
Ah ha! So you don't have 2FA enabled if you disabled Steam Guard.
sparoc3 t1_j1osnxv wrote
Both are different, steam still sends 2FA on mail, guard is only sent on phone.
hitemlow t1_j1ot238 wrote
Having email confirmation is basically worthless if your email was compromised. SMS is only slightly better in that they have to hack 2 devices or do a SIM swap scam. If you're not using Steam Guard through the app, you don't have 2FA.
sparoc3 t1_j1ots5c wrote
>Having email confirmation is basically worthless if your email was compromised.
That doesn't mean it's not 2FA.
My gripe is how the fuck did they get my steam password at all.
>If you're not using Steam Guard through the app, you don't have 2FA.
Two factor authentication simply mean 'two' means of authentication, first is password and the second is the code received on email.
Steam guard is an additional thing that necessitates you should be in possession of a particular phone. It's more than 2FA and more secure can said to be 3FA.
Every site on this world sends you code on mail/phone number when 2FA is activated.
Viewing a single comment thread. View all comments