Account theft has been around since the dawn of time steam started, however, with the signing of steam trading, the problem grew in the 20s, and became the number 1 complaint from the most users. Stealing your record and exchanging your items is a terrible skill and you hate that it is even more common for russian buyers.Once your gmail or facebook is hacked, items quickly disappear. Cleaned out. After they were sold again, still selling to an innocent user. Looking at the activity of their accounts, it was not difficult to understand what happened and is happening, but it was more difficult to remove this restriction, due to the fact that our organization does not want to take clothes from innocent users. We were about to cheat on that defense: we kept what was stolen and instead created duplicates on the original hacked record. We were fully aware of the compromise here. The duplication of stolen items devalues many other equivalent goods in the economy. Such a topic can become quite insignificant for other items, however, for rare items, the quest can significantly increase their range.The number of hacked accounts continues to grow This was unacceptable the status quo, and everyone needed to change it. In revisiting our strategy to stop the essentials, we discovered two notable things.First, there will be enough money on the web today to make stealing steam virtual goods a solid business for advanced hackers. Alternatively, almost every active steam account is now involved in the economy through items or trading cards of sufficient value to pay for a hacker's time. In fact, all steam accounts are now targeted.The "i got hacked" story tells too much yet that a medical document is common. And listed makes it possible to quickly leave its value; compromising the security of email and pc accounts, violating your steam registration and stealing. We used to be of the opinion that if you're good at rummaging through the relative comfort of email or social media, you won't get hurt - it's easy to assume that consumers whose accounts were stolen were new or technically naive users who are required to share their own passwords or surf dozens of sites. . This is absolutely not the real thing.What was once a handful of hackers has now become a highly efficient organized network of stealing and selling items. It would be easier for them to go after customers who know little about how to keep safe on the worldwide web, but the prevalence of elements makes it worth targeting each of them. We see about 77,000 accounts hacked and looted every week. Such a situation is not yet unheard of by either careless users; these are hybrid cs:go players, reddit members, item dealers, etc. Clients are always randomly selected as a segment of a large musical group, or even individually. Burglars can wait for months to pay, relentlessly trying to get through. Protecting your belongings from people who steal them for income is a losing battle.We are able to help users that are hacked by restoring their accounts and loads, but it still does not slow down the activity on profile hacking. Only getting worse.How you can stop thisWe have been working hard to strengthen account security features, close loopholes, improve methods and free time to send messages to users that their account endangered, self-blocking was added, and the steam guard mobile authenticator (two-factor authentication) was created.Two-factor authentication is the use of a separate printer to verify your identity. The security of such a system relies on moving this act from your device to a computer, to which a hacker is not able to get, for example, on any tablet. Pcs can be easily hacked, so a pc-based authenticator will not provide more security than password or email authentication.We had to organize our own two-factor authenticator, because we need to show users the contents of the transaction device and take confirmation there. Requiring visitors to take a code from a universal authenticator and enter it into a stolen pc to verify a transaction meant that hackers could trick them into exchanging accessories they didn't plan to make. This basically made it impossible to use a generic third-party authenticator like google authenticator to prove transactions.Here's a compromiseIn recent years, the vast majority of contributors have not protected their account registration with that increased degree of security. People don't expect that models are really a worthy target for an expert who is trying to make money money. Some thought they were smart enough about security to get by without two-factor authentication. And other users decided that she needed it, however, they could not use his software for reasons beyond their control, so without control over the iphone.And what when instead of trying to prevent hackers having the ability to steal a steam account where two-factor authentication is not enabled, we tried to deprive them of the opportunity to earn from interception. To steal mail or social networks. Hackers usually rely on the sale of goods to sell stolen goods. The steam community trading resource is not suitable for this, due to the fact that purchases are not transferred in any way so easily (purchased items cannot be exchanged for seven days), then they are not able to ensure that the items are transferred to an account they control. .One of the available options was to simply remove the trade. The steam market already accounts for the bulk of virtual goods exchanged by steam users. We even profit from such transactions, which helps to cover the cost of fraud, in a different way than transactions between real people. And the elimination of trade was by far the most common choice to implement. However, we felt that this was a bad option for the players. Another simple choice would be to require two-factor authentication to work, but such a move is bad for the same reasons as removing it altogether. It is important that you have the opportunity to gift a friend a tf2 weapon in case he comes to try out the game or give a friend the last trading card that he set in front of him to decorate the game badge.We felt that two-factor authentication was pretty secure in order to protect those who turned it on, so the problem was accounts that couldn't turn it on (say, without signing out to a gadget). Finally, our team applied the knowledge to the change that we are implementing today:- Everyone who loses steam authenticator items during the exchange has the right to have the steam guard mobile authenticator enabled in conscious gmail or facebook for at least one week. And launch financial transactions. Otherwise, items will be held by steam for up to three days prior to delivery.- If you yourself have been friends for at least one year, items will be held by steam for up to one day prior to delivery. - A personal account with a mobile authenticator enabled for at least 7 or more days is no longer limited in trading or market operation during the operation of a new device, since transactions on the next device will be protected by mobile authenticator.</>This means that anyone who uses the steam guard mobile authenticator to establish an exchange can continue to trade as usual. People who have not fully enabled it or are unable to still trade can still trade, but they will need to wait up to three days for the trade to be completed. This gives steam and visitors time to figure out if their accounts have been hacked and get them back before the hackers steal their items.Tough balanceOne day still, we realize, so this is a compromise that "knows how" to critically influence the sale of goods. Whenever we put a degree of security between visitor actions, what are the desired results, we complicate the use of our products. Sadly, is one of all situations in which we feel compelled to put in a step or close any of it. Humans don't spend hours these days thinking about asking users to enter a login to visit in their own account, but it's a similar principle in many areas - the cost of security we pay to keep the system running. We have made every effort necessary to keep the cost as low as possible, for as few consumers as possible, while preserving its efficiency.We hope that this post gave you some idea of the problem, why we put together this approach. As usual, we will continue to read the community discussions on steam sites and on the net in general and look forward to receiving your thoughts. Regarding download steam desktop authenticator please go to our own webpage.