this post was submitted on 02 Aug 2024
48 points (67.4% liked)

> Greentext

7548 readers
3 users here now

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 3 months ago (2 children)

What is this about a mobile app? I've half considered running steam, but I'm on Graphene, don't want anything google, and don't want anyone's apps, and especially anything with network access. Requiring anything on mobile is ridiculous nonsense to me.

Android is designed so that users can be completely ignorant of security and OS best practices. They do this by making every app developer the equivalent of a full user on the device. Even with a ROM like Graphene, Android is on untrusted hardware. Asking me to place any app on my device is like asking to make them my roommate and live in my house. Maybe people are cool with that, or enjoy the feeling of their head in sand. I imagine most are simply ignorant of what I am talking about and how the system works in the real world.

[–] [email protected] 4 points 3 months ago

About forcing their app, while it's not necessary (you can use mail guard or extract the OTP key to run just the OTP generation); the improvements it makes to account security is top notch. I have a 2007 dated Steam account that had its username password combination leaked way back when i used the same username password combo everywhere. After setting up Steam Guard; I never had to change anything off of it. It used to just generate OTPs with its app; now it also shows where were login attempts made to your account, occasionally I get "yo this random fuck from China tried to login your account; is this you" notifications on my phone which i can pretty much ignore.

My old accounts on other platforms have really different stories, but on none of them i was able to call the account safe without changing its credientials at all.

[–] [email protected] 4 points 3 months ago (1 children)

Im… not sure? Maybe to trade the cards you get? I have steam and no mobile app, soooooo

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago) (1 children)

yup they need the mobile app specifically because there was trade frauds happened before, with cs items that costs hundreds. They can't just go with using a normal TOTP because the mobile app is also a 2 factor approval for every single trades you are attempting to make.

I think you can go without mobile app and use only e-mails, but it will cause the items to be held for days which people who trade frequently will not want to trade with you as their inventory moves fast.

[–] [email protected] 1 points 3 months ago

Thanks for the info! Thats not a feature of steam ive interacted with, but it makes sense. Though would be mice if they implemented other 2fa options