[SOLVED] How is using Steam's "steamguard" the most secure?

_dawn_chorus_

Distinguished
Aug 30, 2017
564
56
19,090
I recently read an article about "bloodystealer" and got to thinking I should better secure my Steam account. It seems the universal answer (short of not downloading cracked games or using questionable links) is to use Steam Guard, with the 2FA using an app on your phone.

I have an iPhone11 which is up to date, Bluetooth is always off, but I take the device everywhere with me, and consequentially I occasionally connect to some networks that likely have some less than ideal levels of security. Furthermore I also recently read an article about how using 2FA for your bank is not particularly safe because somehow an attacker can spoof your phone and get all your texts mirrored to them.

My concern is that on this device that goes everywhere I will have entered my steam password into the very app that supplies the codes needed to log into my account. So if my phone ever got compromised than how is that any safer than just having email verification on my home system which never connects to anything other than my router via cat5 cable? I mean if it's not safe to use 2FA for my bank accounts, which I never enter the passwords for into my phone, then how is Steam Guard any better?

I understand iPhones are less likely to be infected by malware, but there also doesn't seem to be a way to easily tell if my phone already has any malware or a keylogger on it.
I have Kaspersky on my big system, and long complicated passwords on my steam account and the email connected to it.
So what am I missing? What's the case then for why it is so much stronger?
 
Solution
If your iPhone is already compromised then 2FA will only (maybe) prevent additional security breaches.

I have an older iPhone and do not play Steam games or any other games (other than Chess) for that matter on the iPhone .

Like everyone else I am continually badgered to download various "must have" apps from many sources. I ignore all that and stay with just the basics. Very few apps have proven truly useful and even some of those apps evolved into being more problematic and ad infested.

It is very rare that I use my iPhone to connect to networks other than my own home network. Or if I do log in elsewhere then I have the luxury of knowing that network. Still I do not trust and stay cautious about what is going on when logged...
If your iPhone is already compromised then 2FA will only (maybe) prevent additional security breaches.

I have an older iPhone and do not play Steam games or any other games (other than Chess) for that matter on the iPhone .

Like everyone else I am continually badgered to download various "must have" apps from many sources. I ignore all that and stay with just the basics. Very few apps have proven truly useful and even some of those apps evolved into being more problematic and ad infested.

It is very rare that I use my iPhone to connect to networks other than my own home network. Or if I do log in elsewhere then I have the luxury of knowing that network. Still I do not trust and stay cautious about what is going on when logged in to foreign networks.

So my response is that Steam Guard may be stronger as it adds another layer of protection. However there are always trade-offs and an added level of protection could be unnecessary and overkill. More to go wrong.,...

As for scanning apps there are products available. For example (not a recommendation or endorsement):

https://apps.apple.com/au/app/totalav/id1130411958

You can find others.....

Just my thoughts on the matter.,
 
  • Like
Reactions: Phaaze88
Solution
If your iPhone is already compromised then 2FA will only (maybe) prevent additional security breaches.

I have an older iPhone and do not play Steam games or any other games (other than Chess) for that matter on the iPhone .

Like everyone else I am continually badgered to download various "must have" apps from many sources. I ignore all that and stay with just the basics. Very few apps have proven truly useful and even some of those apps evolved into being more problematic and ad infested.

It is very rare that I use my iPhone to connect to networks other than my own home network. Or if I do log in elsewhere then I have the luxury of knowing that network. Still I do not trust and stay cautious about what is going on when logged in to foreign networks.

So my response is that Steam Guard may be stronger as it adds another layer of protection. However there are always trade-offs and an added level of protection could be unnecessary and overkill. More to go wrong.,...

As for scanning apps there are products available. For example (not a recommendation or endorsement):

https://apps.apple.com/au/app/totalav/id1130411958

You can find others.....

Just my thoughts on the matter.,

It sounds like it would be very secure in your use case scenario which kinda makes me want to get a burner phone for just my steam app haha. I never game on the phone but just want my account secure. Although I only play single player games, and it sounds like most of the targets of these attacks, (and the root of the infections) are people playing big multiplayer games like COD where people can trade skins and other valuable in game content.
I use my phone for work and need a couple different apps to do so. I think I'll just create an email for only that purpose and never leave it logged in anywhere or even open it except for Steam account retrieval.
I'd still like to know the logic of why the SteamGuard is the recommend way to safe guard your account.
 
"I'd still like to know the logic of why the SteamGuard is the recommend way to safe guard your account. "

Good question.

Most likely depends on the objectivity and intent of those making that recommendation along with the necessary documentation, facts etc. to back up the recommendation.

Cynicism conceded. :)