It’s good to have a constant in the current world, steam seems okay, I love what they’re doing for Linux gamers, I think they should reduce their share by at least 5%,but they do a good service and seem competent.
Why not both? My main argument was that while some seem to be saying that the outcry wasn’t justified, it probably made many people have a closer look at their security.
I believe the main concern for periodic password changes is that most people won’t take the time to generate unique passwords each time. They will typically iterate a password over time, meaning a couple leaked passwords will narrow down guesswork to a trivial number of guesses and remove the benefit of the timed changes.
NIST no longer recommends password expirations except for cases where it is believed that a breach occurred.
The other issue with periodic password changes, particularly in the workplace but also relevant in normal life, is that it causes people to write down their password. The issues with that should be glaring enough
What if they write it down in a single, centralizedz password manager? Which itself could be compromised?
That’s the only way I can keep the literally 100 accounts ive accumulated over the years straight, without reusing passwords.
And while I believe that is reasonably secure in my case, if that got compromised I’d be pretty screwed (well, 2fa would probably still limit the worst of it). But most people probably wouldn’t even be that secure about it.
Because it’s about reducing attack vectors, and your password manager isn’t likely going to be a vector. Attackers are going to try and net as many users as possible, which means (aside from heads of state or C-suite executives being spear phished) they aren’t targeting individuals… They’re targeting the companies that those individuals have accounts with. Essentially, you as an individual aren’t important enough to bother trying to hack individually. As long as your password manager has a sufficiently long password, (and you’re not one of the 1% of individuals who are rich or powerful enough to actually target), hackers won’t even bother trying.
With shared passwords, every single service you use is a potential attack vector; A breach on any of them becomes a breach on all of them, because they’re all using the same credentials. And breaches happen all the time, both because any single individual employee can be a potential weakness in the company’s security, (looking at the accountant who plugged a “lost and found” flash drive into their computer, and got the entire department hit with ransomware), and because the company is more likely to be targeted by attackers. With unique passwords and a manager, a breach on any service is only a breach on that service.
So by using a password manager, you essentially accept that breaches in individual companies are inevitable and out of your control, and work to minimize the damage that each one can do.
I asked my company if I could use a password manager and they said no. So now they get a set of rotating passwords that are the same for all my work accounts. It doesn’t really bother me - it’s their data, not mine.
You may have seen reports of leaks of older text messages that had previously been sent to Steam customers. We have examined the leak sample and have determined this was NOT a breach of Steam systems.
We’re still digging into the source of the leak, which is compounded by the fact that any SMS messages are unencrypted in transit, and routed through multiple providers on the way to your phone.
The leak consisted of older text messages that included one-time codes that were only valid for 15-minute time frames and the phone numbers they were sent to. The leaked data did not associate the phone numbers with a Steam account, password information, payment information or other personal data. Old text messages cannot be used to breach the security of your Steam account, and whenever a code is used to change your Steam email or password using SMS, you will receive a confirmation via email and/or Steam secure messages.
You do not need to change your passwords or phone numbers as a result of this event. It is a good reminder to treat any account security messages that you have not explicitly requested as suspicious. We recommend regularly checking your Steam account security at any time at
We also recommend setting up the Steam Mobile Authenticator if you haven’t already, as it gives us the best way to send secure messages about your account and your account’s safety.
Ah, OK 😅. Well, to be fair, we are in the internet, is hard to tell a joke or sarcasm from honest opinions. That’s why i always use “/s.” to not be misinterpreted.
Since when do you have to link your phone number to your Steam account? I’ve had an account for as long as Steam has existed, and I’ve never been asked to provide my phone number.
It was put out that everyone should change their passwords. That kind of info for like 90 million steam accounts would fetch a much higher price or ransom than some personal info on a bunch of people like names, phone numbers and an address.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Rules
1. Submissions have to be related to games
Video games, tabletop, or otherwise. Posts not related to games will be deleted.
This community is focused on games, of all kinds. Any news item or discussion should be related to gaming in some way.
2. No bigotry or harassment, be civil
No bigotry, hardline stance. Try not to get too heated when entering into a discussion or debate.
We are here to talk and discuss about one of our passions, not fight or be exposed to hate. Posts or responses that are hateful will be deleted to keep the atmosphere good. If repeatedly violated, not only will the comment be deleted but a ban will be handed out as well. We judge each case individually.
3. No excessive self-promotion
Try to keep it to 10% self-promotion / 90% other stuff in your post history.
This is to prevent people from posting for the sole purpose of promoting their own website or social media account.
4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
This community is mostly for discussion and news. Remember to search for the thing you’re submitting before posting to see if it’s already been posted.
We want to keep the quality of posts high. Therefore, memes, funny videos, low-effort posts and reposts are not allowed. We prohibit giveaways because we cannot be sure that the person holding the giveaway will actually do what they promise.
5. Mark Spoilers and NSFW
Make sure to mark your stuff or it may be removed.
No one wants to be spoiled. Therefore, always mark spoilers. Similarly mark NSFW, in case anyone is browsing in a public space or at work.
6. No linking to piracy
Don’t share it here, there are other places to find it. Discussion of piracy is fine.
We don’t want us moderators or the admins of lemmy.world to get in trouble for linking to piracy. Therefore, any link to piracy will be removed. Discussion of it is of course allowed.
It’s good to have a constant in the current world, steam seems okay, I love what they’re doing for Linux gamers, I think they should reduce their share by at least 5%,but they do a good service and seem competent.
Me Hoping GOG also jumps in on the linux bandwagon
So I changed my Password & Email 4 nothing ?
It is always a good idea to change your password from time to time.
It’s not that important I think, using a strong password different from all other websites is much more important.
Changed my pw anyway /shrug
Guys! This guy just shared his password!!! It’s “/shrug”
But it shows up as “******” for us
x
I put on my robe and wizard hat
Indeed, it is a good habit to have, changing it from time to time. Nowadays with password managers it is even easier.
Doesn’t hoit!
Never a bad thing to have a people change up their passwords and address security
A long, strong, unique password is better than frequent password changes.
Why not both? My main argument was that while some seem to be saying that the outcry wasn’t justified, it probably made many people have a closer look at their security.
I believe the main concern for periodic password changes is that most people won’t take the time to generate unique passwords each time. They will typically iterate a password over time, meaning a couple leaked passwords will narrow down guesswork to a trivial number of guesses and remove the benefit of the timed changes.
NIST no longer recommends password expirations except for cases where it is believed that a breach occurred.
The other issue with periodic password changes, particularly in the workplace but also relevant in normal life, is that it causes people to write down their password. The issues with that should be glaring enough
What if they write it down in a single, centralizedz password manager? Which itself could be compromised?
That’s the only way I can keep the literally 100 accounts ive accumulated over the years straight, without reusing passwords.
And while I believe that is reasonably secure in my case, if that got compromised I’d be pretty screwed (well, 2fa would probably still limit the worst of it). But most people probably wouldn’t even be that secure about it.
Because it’s about reducing attack vectors, and your password manager isn’t likely going to be a vector. Attackers are going to try and net as many users as possible, which means (aside from heads of state or C-suite executives being spear phished) they aren’t targeting individuals… They’re targeting the companies that those individuals have accounts with. Essentially, you as an individual aren’t important enough to bother trying to hack individually. As long as your password manager has a sufficiently long password, (and you’re not one of the 1% of individuals who are rich or powerful enough to actually target), hackers won’t even bother trying.
With shared passwords, every single service you use is a potential attack vector; A breach on any of them becomes a breach on all of them, because they’re all using the same credentials. And breaches happen all the time, both because any single individual employee can be a potential weakness in the company’s security, (looking at the accountant who plugged a “lost and found” flash drive into their computer, and got the entire department hit with ransomware), and because the company is more likely to be targeted by attackers. With unique passwords and a manager, a breach on any service is only a breach on that service.
So by using a password manager, you essentially accept that breaches in individual companies are inevitable and out of your control, and work to minimize the damage that each one can do.
I asked my company if I could use a password manager and they said no. So now they get a set of rotating passwords that are the same for all my work accounts. It doesn’t really bother me - it’s their data, not mine.
https://store.steampowered.com/news/collection/steam?emclan=103582791457287600&emgid=533224478739530145
Yeah but it’s being reported by Polygon so…
/joke
OK, fair. Here some other sources I found:
https://www.gadgets360.com/games/news/steam-user-accounts-data-leak-report-valve-responds-systems-breach-8418794
https://me.ign.com/en/steam-deck/230297/news/no-steam-user-data-was-not-compromised-in-a-hack-confirms-valve
https://sea.mashable.com/tech/37691/valve-responds-to-steam-security-breach-and-it-isnt-as-bad-as-it-sounded
Calm down folks I was making a joke at their expense.
Ah, OK 😅. Well, to be fair, we are in the internet, is hard to tell a joke or sarcasm from honest opinions. That’s why i always use “/s.” to not be misinterpreted.
Is it, though?
No.
Yeah fuck Valnet.
Since when do you have to link your phone number to your Steam account? I’ve had an account for as long as Steam has existed, and I’ve never been asked to provide my phone number.
I needed to do it to enable 2FA through the Steam app. Kinda wish I didn’t have to, since I know how unsafe SMS is.
SMS 2 factor Authentication
Yeah no I just use the Steam app for authentication.
Me too. But nearly 100 million others don’t, it seems.
deleted by creator
It’s to help reduce smurfing in f2p games like the ones mentioned below. (Dota and cs)
In Gaben We Trust
I had assumed it was BS as soon as I saw the price of just $5k.
From what I understand personal info is peanuts. You buy it in bulk, cheap.
It was put out that everyone should change their passwords. That kind of info for like 90 million steam accounts would fetch a much higher price or ransom than some personal info on a bunch of people like names, phone numbers and an address.
deleted by creator
I know, right? It’s too little for that amount of information. I mean, almost 100 million compromised accounts is not few.