Steam security and trading changes have been implemented as an attempt to combat the rapidly increasing account theft and hijackers. Over 77,000 accounts are hijacked monthly with devastating impacts on the virtual economy, users and the community. Steam has now taken measures to address this by using an escrow inspired process, moving items into a neutral third party holding account.
Steam has announced new measures in the security and trading system that are now in effect.
The trading system will place items to be traded into a holding account for a certain length of time based on the user, length of relationship between parties and security measures trader has in place.
This method will prevent would be thieves from being able to ensure they will gain the item at the end of the process, attempting to deter their movements. It will also allow for Steam and the user to identify if an account has been compromised and address it prior to the items being stolen.
Steam security and trading changes effective now
Rather than removing trading completely, Steam has created another attempt to satisfy the users and address the issue.
So what if instead of trying to prevent hackers from being able to steal a Steam account that hasn’t enabled two-factor authentication, we tried removing their ability to profit from the theft. If hackers couldn’t move the stolen goods off the hacked account, then they couldn’t sell them for real money, and that would remove the primary incentive to steal the account. Hackers fundamentally rely on trading to offload stolen goods. The Steam Community Market doesn’t work well for that purpose, because purchases can’t be moved around as quickly (purchased items can’t be traded for 7 days), and they can’t ensure the items move to an account they control.
The result is something similar to an escrow account, where a neutral third party account will hold the items for a certain amount of time before it is released.
Essentially, those with the Steam Guard Mobile Authenticator to confirm trades will be be able to continue as normal.
Those that have not or can not activate the extra security, will have a waiting period of up to 3 days for the trade to go through. This will allow both Steam and the users to address an issue before the items are stolen.
Steam security facts
Steam security and trading first steps
Steam security originally included closing various loop holes, improved communication with users regarding accounts at risk and added self-locking. They then introduced the Steam Guard Mobile Authenticator (two-factor authentication).
Two-factor authorization is the use of a separate device to confirm your identity. The security of this system is based on moving that step from your PC to a device a hacker can’t access, such as your smartphone. PCs can be easily compromised, therefore a PC-based authenticator would not provide better security than a password or email authentication.
For various reasons the majority of users do not use the security measure. Reasons include the lack of belief of being a target, thinking there are already sufficient security measures in place, lack of available mobile phone, current phone does not support the app and more.