Valve Unveils Hardware-Based Steam Security

[lacktheknack]

So if my computer explodes, or I go traveling, can I unwire my Steam account?

Yeah, what if we change computers or something? Or, like he said, travel?

Thats one of Steam's selling points, which is "take Steam with you wherever you go, and download your games anywhere!".

Well, it IS optional.

I don't know if someone has already mentioned, but it ties account management to a single PC. So you can log in from elsewhere, but you can't change your name/password/email and other account-related settings. So if someone got ahold of your details, they could still log in, but they couldn't change your password or email unless they were on your computer.

It's an added layer of account protection, not a "locked to one computer" gimmick.

If that's the case, that's fantastic. I'm in.

 

[Woodsey]

It's a nice idea (assuming it's voluntary), but I probably won't use it. I like being able to access my Steam account and games on both my desktop and my laptop.

You're obviously going to be able to undo it. The reports a little vague on the details of how it works anyway.

This is strictly voluntary, right? Because if this is required, I'm gonna be furious.

Seems most likely.

"Steam Guard will let users limit control of their Steam account to a single PC, "

They are saying what the program will do, not necessarily if its a voluntary thing, however it seems like it only affects Intel Processor based computers and right there is were it seems likely it will be volentary

"Will let" implies choice.

 

[Dana22]

As long as it's voluntarily, I won't mind. If it's not, it's going to be just like Treacherous Computing [http://www.gnu.org/philosophy/can-you-trust.html]

No this is mandatory, unless you buy hardware with "Intel's forthcoming Identity Protection Technology", you wont be able to log into the Steam.

Really? I see no mention of this in the article. What's your source?

But if this is true, they've essentially locked out anyone with an AMD CPU...

I joked ! Of course they wouldn't do something like that !

 

[NLS]

So if my computer explodes, or I go traveling, can I unwire my Steam account?

Yeah, what if we change computers or something? Or, like he said, travel?

Thats one of Steam's selling points, which is "take Steam with you wherever you go, and download your games anywhere!".

According to the Steam beta announcement, you will have to enter a one-time code sent to you by email the first time you login from a new location.
So changing computer is no problem, but you will need access to your email(which you obviously should have).

 

[Larspcus2]

Either way, it will be cracked within a few days.

I don't think you understand what this is. The way identity thieves work is either via trojan, email scam(phishing) or brute force. This is impossible to crack by trojans or phishing, and offers enough protection against brute force to not worry about it.

An effective system against 99% of the thieves out there.

You forgot Man-In-The-Middle attacks, which this system will not protect you against.

1) Steam logins are SSL secured, which mean that you either have to a) be a moron and ignore the certificate warning or b) have a compromised machine.

2) The key is a "One-Time Password," which to me implies that each key will only be valid once, so the attacker will have to crack Intel's key cycling algorithm as well.

It might be possible to develop a trojan that steals the hardware password before it is used (I don't know much about hardware-level security), but it would certainly be more difficult to create than a simple keylogger.

EDIT:

According to the Steam beta announcement, you will have to enter a one-time code sent to you by email the first time you login from a new location.
So changing computer is no problem, but you will need access to your email(which you obviously should have).

This means that Valve's machine-specific security will join the long list of things that are only as secure as your email account.

 

[constantcompile]

Hey, maybe this will get Capcom to finally release MvC3 on Steam...

 

[MrTub]

Either way, it will be cracked within a few days.

I don't think you understand what this is. The way identity thieves work is either via trojan, email scam(phishing) or brute force. This is impossible to crack by trojans or phishing, and offers enough protection against brute force to not worry about it.

An effective system against 99% of the thieves out there.

You forgot Man-In-The-Middle attacks, which this system will not protect you against.

1) Steam logins are SSL secured, which mean that you either have to a) be a moron and ignore the certificate warning or b) have a compromised machine.

2) The key is a "One-Time Password," which to me implies that each key will only be valid once, so the attacker will have to crack Intel's key cycling algorithm as well.

It might be possible to develop a trojan that steals the hardware password before it is used (I don't know much about hardware-level security), but it would certainly be more difficult to create than a simple keylogger.

EDIT:

According to the Steam beta announcement, you will have to enter a one-time code sent to you by email the first time you login from a new location.
So changing computer is no problem, but you will need access to your email(which you obviously should have).

This means that Valve's machine-specific security will join the long list of things that are only as secure as your email account.

Yeah.. Kinda defeats the point imo..

 

[theultimateend]

I would prefer just using an authenticator. Blizzard really did have the right idea.

Unless I misread something, this feature pretty much IS the exact same thing as the Blizzard Authenticator, just built-in to the processor rather than being a separate device.

Well the thing about it being on my iphone instead is that I can play wow on my laptop, work computer, and home computer without needing 3 new processors .

But thanks for the heads up.

 

[TechNoFear]

1) Steam logins are SSL secured, which mean that you either have to a) be a moron and ignore the certificate warning or b) have a compromised machine.

SSL is still vunerable to MITM using a compelled certificate creation attack.

2) The key is a "One-Time Password," which to me implies that each key will only be valid once, so the attacker will have to crack Intel's key cycling algorithm as well.

Meaning the key is time based, leaving the MITM 30 sec to complete authentication.

 

[WhiteTigerShiro]

I would prefer just using an authenticator. Blizzard really did have the right idea.

Unless I misread something, this feature pretty much IS the exact same thing as the Blizzard Authenticator, just built-in to the processor rather than being a separate device.

Well the thing about it being on my iphone instead is that I can play wow on my laptop, work computer, and home computer without needing 3 new processors .

But thanks for the heads up.

Unless you're frequently changing your Steam account info from your laptop, work computer, and home computer, I don't see how this is an issue.

 

[theultimateend]

I would prefer just using an authenticator. Blizzard really did have the right idea.

Unless I misread something, this feature pretty much IS the exact same thing as the Blizzard Authenticator, just built-in to the processor rather than being a separate device.

Well the thing about it being on my iphone instead is that I can play wow on my laptop, work computer, and home computer without needing 3 new processors .

But thanks for the heads up.

Unless you're frequently changing your Steam account info from your laptop, work computer, and home computer, I don't see how this is an issue.

I was under the impression that once you authenticate your steam to the system with that processor it'll only work on systems with that processor.

 

[WhiteTigerShiro]

I was under the impression that once you authenticate your steam to the system with that processor it'll only work on systems with that processor.

The article itself is admittedly vague, but the bold-faced header is quite clearly stated:

Valve has announced a new hardware-based security system for Steam called Steam Guard, which will allow users to link their account management options to a single PC.

Note the underlined part.

So in other words, I wouldn't be able to hack your password, then go into your account management to change it and lock you out.

 

[Arachon]

I joked ! Of course they wouldn't do something like that !

Oh! Should have used tags youknow

 

[theultimateend]

I was under the impression that once you authenticate your steam to the system with that processor it'll only work on systems with that processor.

The article itself is admittedly vague, but the bold-faced header is quite clearly stated:

Valve has announced a new hardware-based security system for Steam called Steam Guard, which will allow users to link their account management options to a single PC.

Note the underlined part.

So in other words, I wouldn't be able to hack your password, then go into your account management to change it and lock you out.

Well in my defense I'm bold blind.

It's afflicted me since a child, because of it stressed suggestions on exams, specific instructions at traffic stops, and the begging pleas of my stalking victims online are all misunderstood or completely overlooked.

 

[Triaed]

I love how Steam is touting this initiative as `protection for the consumer` while it is another way to protect their distributed material from being accessed from multiple places. What will be next, single IP authorisations? Face detection? Fart-smell validation?

 

[MrTub]

I love how Steam is touting this initiative as `protection for the consumer` while it is another way to protect their distributed material from being accessed from multiple places. What will be next, single IP authorisations? Face detection? Fart-smell validation?

I love how people like to make up stuff. "which will allow users to link their account management options to a single PC." Learn to read please.

 

[Yarrghman]

cool. now where is half life episode 3?

 

[Ghengis John]

Wasn't part of the whole appeal of steam that you could access your games from anywhere? What happened to that and will I have to jump through hoops to transfer licenses if I want to install my games on another system?

 

[MrTub]

Wasn't part of the whole appeal of steam that you could access your games from anywhere? What happened to that and will I have to jump through hoops to transfer licenses if I want to install my games on another system?

"which will allow users to link their account management options to a single PC."

 

[kingmob]

Really nice feature, although I do hope they allow you to link it to more than just one PC. Basically it is not much different from an SSH key if I understand correctly?