• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Do not use Steam 2-step authentication

M

mambadragon

Banned
Edit: mods, please change the title to "PSA: Do not use Steam's Mobile 2-step authentication"

A word of warning, I'm currently locked out of my Steam account because I enabled the mobile two-step authentication. I had to get a replacement Nexus 5 because my previous one stopped powering on, so when I try to log in to the Steam App on my new one it asks for a code from the Mobile App (which I'm trying to log into!).

Weirdly, I can get "recovery codes" to both my email and texted to my phone number, but even after entering these it asks for another code (which apparently starts with the letter 'R') that I apparently was told to write down when I installed the authenticator, but I can no longer find.

I'd highly recommend not enabling the mobile authentication. While Google's two-step is at worst annoying, Valve's leaves the possibility of locking you out of your account and then being reliant on Steam support (which many say can take several weeks until your ticket is even looked at).

I was looking forward to playing games on this rare 3-day weekend, and I've been a huge cheerleader for digital distribution... but this is even making me consider stepping into Gamestop again. At the very least, I'm going to use GOG or Humble DRM-free from now on.
 
NeOak

NeOak

Member
OP used the wrong two factor authentication method, plus has no cold storage method for backups and important shit. (paper with important codes told to write)

Had your cellphone been stolen, your sorry ass would still be locked out.
 
J

jackdoe

Member
Honestly, that reset code is common for nearly all mobile two step authentication services. The only difference is how shitty Steam customer service is. With most other services, a call in to customer service will fix the issue instantly if you forgot to jot down the code the first time (so long as you remember your security questions).
 
T

The Red Wizard

Member
videotape said:
It asks for another code (which apparently starts with the letter 'R') that I apparently was told to write down when I installed the authenticator, but I can no longer find.
Click to expand...

Problem exists between chair and keyboard. I remember that message very well so I (shock/horror) made sure to memorise the code but also write it down in case I forgot it.
 
M

mambadragon

Banned
NeOak said:
OP used the wrong two factor authentication method, plus has no cold storage method for backups and important shit. (paper with important codes told to write)

Had your cellphone been stolen, your sorry ass would still be locked out.
Click to expand...

But it wasn't stolen... I just replaced a broken one. It was impossible for me to deauthorize my old device. Hence why this system doesn't work.
 
Q

Queen of Hunting

Unconfirmed Member
i set up steam 2 step other day. they give you a code when you first set it up which specifically says you will need if u change device or something. thats the code you will need.

forgot your password, lost your device, change number ? that original code is the one you need, which is the code they asking for.
 
S

spindoctor

Member
Wait so you didn't note down the recovery/restore code for your authenticator, lost access to it and now it's Valve's fault that you can't authenticate into your account?
 
M

mambadragon

Banned
spindoctor said:
Wait so you didn't note down the recovery/restore code for your authenticator, lost access to it and now it's Valve's fault that you can't authenticate into your account?
Click to expand...

I'm not saying I have no fault in this, but what other service (be it your bank or whatever) requires such a code in which you have no phone option to call (and at worst wait on hold for a few hours) to resolve the situation.
 
B

balohna

Member
spindoctor said:
Wait so you didn't note down the recovery/restore code for your authenticator, lost access to it and now it's Valve's fault that you can't authenticate into your account?
Click to expand...
Sounds like it is their fault for not having a way around it if needed. OP could probably email them though.
 
M

mambadragon

Banned
Copenap said:
Better advice would be 'write down the code that starts with R'.
Click to expand...

The idea that I should be storing a hand-written key in the same fireproof safe (that my family's passports, house and car titles, etc) is in so that I can get access to my video game library is ridiculous.
 
K

knightfolk

Member
spindoctor said:
Wait so you didn't note down the recovery/restore code for your authenticator, lost access to it and now it's Valve's fault that you can't authenticate into your account?
Click to expand...

+1

How hard is it to take a screen shot of the code, and fling a copy of it to Dropbox for safe keeping?
 
N

nded

Member
PSA should be "Remember to write down your Steam mobile authentication code".

Contact Steam support, and be prepared to wait and follow up multiple times.
 
M

mambadragon

Banned
Copenap said:
Better advice would be 'write down the code that starts with R'.
Click to expand...

The idea that I should be storing a hand-written key in the same fireproof safe (that my family's passports, house and car titles, etc) is in so that I can get access to my video game library is ridiculous.

And yet, here I am ready and willing to give whatever info is needed to resolve this, but I have no option but to wait til my ticket is addressed. Comcast has better service.
 
NeOak

NeOak

Member
videotape said:
The idea that I should be storing a hand-written key in the same fireproof safe (that my family's passports, house and car titles, etc) is in so that I can get access to my video game library is ridiculous.

And yet, here I am ready and willing to give whatever info is needed to resolve this, but I have no option but to wait til my ticket is addressed. Comcast has better service.
Click to expand...
Why? They told you to and you didn't care until now.

ALSO, lol at the Comcast Ninja edit. You don't know what you're saying.
 
C

Codeacious

Banned
Pretty much all 2-factor authenticators on mobile are like this, even ones that are used for corporate applications (looking at you, Duo). I was stuck on an old version of Cyanogen on a Galaxy S3 for years because my 2-auth secret key would've been unusable if I had upgraded Cyanogen (something about a change in the file format, and I didn't know enough about authentication formats at the time to fix it myself), and I heard many a horror story of an employee getting locked out of remote access for weeks to months after they lost their 2-auth secret key.

The PSA here is to know that using 2-factor mobile apps comes with the risk that the only place the secret key exists is on your phone (unless you're a bit techy and know how to rip that out/back it up), and losing the phone means losing that key.
 
P

petethepanda

Member
I had forgotten to save the recovery codes for my Battle.net and SWTOR authenticators a couple phone upgrades back and couldn't re-activate the app on the new device, but all it took on both accounts was a brief customer service interaction to get it set up again.
 
C

chrominance

Member
videotape said:
The idea that I should be storing a hand-written key in the same fireproof safe (that my family's passports, house and car titles, etc) is in so that I can get access to my video game library is ridiculous.
Click to expand...

Okay, but do you do this with the one-time codes you get from other services like, say, Google/GMail or Microsoft or Dropbox or...? If the only thing keeping you from preventing this problem is "the piece of paper allowing me access to my Steam library is less important than my passport and that piece of paper should know its place," well.

That said, Valve should at least have the same system in place that Blizzard has, where you can send them proof of ID via driver's license or government ID to regain access to your account. Note, though, that the easier it is for you to call in to regain access, the easier it is for someone who isn't you to do the same.
 
D

Draft

Member
OP, people ITT will dog you a bit because this is kind of your fault, but I feel you. Valve customer service is terrible and you are probably looking at not only a long weekend of no Steam, but a couple more weeks of no Steam. Sucks and as the industry leader Valve should do a better job.
 
M

mambadragon

Banned
NeOak said:
Why? They told you to and you didn't care until now.

ALSO, lol at the Comcast Ninja edit. You don't know what you're saying.
Click to expand...

1-800-COMCAST exists. I can call it and wait 2 hours to speak to a representative, but at least there's that option

Whether you think my advice to not use the mobile 2-step authentication is right or not, my situation points out a case in which a Steam user can be fucked over due to Valve's terrible support. I made a mistake in not archiving this 1-time recovery code when I enabled a the mobile 2-step authentication feature. But I still don't think the consumer should be at fault when the multi-billion dollar company can not provide prompt support. I have over 300 Steam games.
 
W

W1SSY

Member
I mean when you set up the mobile authenticator it does kind of tell you to save the recovery key. I just put mine into 1password so if I do change phones or flash a new ROM I always have the recovery codes.
 
C

Corronchilejano

Member
I try to use the least intrusive mobile authentication. With Blizzard I was locked out of my WoW account for a couple of days when I got mugged of a cellphone, so I try not to use apps for that since then. A simple mobile message should be enough.
 
B

balohna

Member
OP did nothing wrong, any customer authentication shouldn't rely on customers being proactive. You can't count on that. OP wouldn't have this problem if he wrote it down, but that's in the past.
 
F

FoxhoundNL

Member
What's the purpose of two-step verification if you can't be locked out? That's the whole damn point. Of course not for yourself to be locked out, but for other people to be locked out from entering your account.

If you don't write down the important bits, you yourself are to blame. Not Valve.

(sorry)
 
RoadHazard

RoadHazard

Gold Member
So you didn't save the recovery code, and therefore you think the feature is broken? Isn't the entire point of 2FA to prevent anyone who doesn't have the 2nd factor from accessing your account even if they have your password? Seems to be doing exactly that. Not seeing the issue here, only a mistake on your part.
 
finalflame

finalflame

Member
This boggles my mind, working in customer support. You don't write down a crucial code, get a new phone without paying any attention to what's required to recover your account with the 2-fac that you voluntarily setup, and now this is somehow Valve's fault?

Better advice would be to tell people to pay attention when they set shit up and be mindful before they go exchanging devices that they have tied to important services. Steam's support being crap is a whole different issue, this entire ordeal could be avoided by simply being mindful.
 
P

Palette Swap

Member
Corronchilejano said:
I try to use the least intrusive mobile authentication. With Blizzard I was locked out of my WoW account for a couple of days when I got mugged of a cellphone, so I try not to use apps for that since then. A simple mobile message should be enough.
Click to expand...
Sorry for the thread hijack but I've seen several people mention their Bnet Authenticator resetting after changing phones. I never had to do that with any of my phones.
Is it an OS thing? (I'm on iOS)
Or specifically a backup process thing? (Every time I've switched phones I had the old one handy and could back it up)

Honestly, I wouldn't know where to begin if I had to reset my Bnet Authenticator tomorrow.
 
M

Mobius and pet octopus

Member
So basically nothing is wrong with 2-step authentication, the OP didn't bother to do research to see if it was a widespread issue, and/or it is just user error?

Seems rather hasty to post a "PSA" before ensuring what you are warning against is actually worth warning against the way you are warning against it.
 
artsi

artsi

Member
The system is not at fault here, and there's a ton of easier ways to storage that recovery code in addition to putting it in a safe.
 
M

mambadragon

Banned
victor.m said:
This boggles my mind, working in customer support. You don't write down a crucial code, get a new phone without paying any attention to what's required to recover your account with the 2-fac that you voluntarily setup, and now this is somehow Valve's fault?

Better advice would be to tell people to pay attention when they set shit up and be mindful before they go exchanging devices that they have tied to important services. Steam's support being crap is a whole different issue, this entire ordeal could be avoided by simply being mindful.
Click to expand...

You're correct it's voluntary, but it's was also recommended to me by Valve.

So here it is.. I'd be lying if I didn't say I made this post on an influential gaming forum in hopes of getting some help from someone from Valve... but I've got nothing and been warned to anticipate not having access to my games for a few weeks.

Edit: I've been a Steam user since 2007 and loved the service, and admitted there's fault on me for not writing down the code, but here I am with no options. It's easy to critique when this hasn't happened to you, but it still doesn't mean that my situation (particularly, likely having to wait weeks for help) isn't fucked.
 
finalflame

finalflame

Member
videotape said:
You're correct it's voluntary, but it's was also recommended to me by Valve.

So here it is.. I'd be lying if I didn't say I made this post on an influential gaming forum in hopes of getting some help from someone from Valve... but I've got nothing and been warned to anticipate not having access to my games for a few weeks.
Click to expand...

Did you write to them? It's really hard to get through to anyone there, unfortunately. The company I work for has multiple ex-Valve employees and they can't even speed anything up through the channels they have/people they know. If you haven't already, I'd recommend writing in and make sure you include key words in your e-mail like "2factor", "2fac", "locked out", "changed phones", etc. Many times support teams divide tickets into different priority "views", and it seems like people being locked out of their account would be pretty high priority issue to address (keeping in mind I am assuming Valve's support structure is competent, big assumption).

Just my $0.02. Hope you get your account back soon, I realize being locked out sucks.
 
F

Felix Lighter

Member
balohna said:
OP did nothing wrong, any customer authentication shouldn't rely on customers being proactive. You can't count on that. OP wouldn't have this problem if he wrote it down, but that's in the past.
Click to expand...

The OP absolutely did something wrong, however, Valve's support should reasonable address this issue using other authentication methods and if they don't that's a separate issue. But to say the OP did nothing wrong here is ridiculous. The recovery passwords are given to you for this specific situation and the OP didn't store them or remember them and locked his account into 2-step authentication. That is the end users responsibility.

I hope he's able to recover his account in a reasonable amount of time and I hope he has the information required. It is unfortunate that Valve's support is not more responsive, which I guess makes managing recover passwords that much more important.
 
P

Pathfinder

Member
I understand OP's pain, but 2-factor authentication ultimately comes down to fully understanding how it works before implementing it on your accounts. This includes making sure you have backup devices (such as email), or storing your recovery codes/keys in a safe location.

I hope you can get access to your account back quickly OP, so you can keep gaming.
 
C

Costia

Member
That's a bad advice, even if you change it to mobile.
You made a mistake and lost access to your account. Contact support and get this issue resolved.
This happened to me with my google and Battle net account. I contacted support and got access to my accounts within a day or so.
If anything, this only proves how well the system would work in case your phone or password get stolen.
If you want to complain, you should be complaining about steam's bad customer support and not about the system that works as intended.
 
Stevey

Stevey

Member
No problems here, sort yourself out, OP V:

but even after entering these it asks for another code (which apparently starts with the letter 'R') that I apparently was told to write down when I installed the authenticator, but I can no longer find.
Click to expand...

You know you done fucked up now, right?
 
K

Ken

Member
videotape said:
The idea that I should be storing a hand-written key in the same fireproof safe (that my family's passports, house and car titles, etc) is in so that I can get access to my video game library is ridiculous.
Click to expand...

You think it valuable enough to protect your gaming library with authentication in the first place so it's not that ridiculous.

And there's tons of alternate ways to keep the key on you, like emailing it to yourself or sticking it in a digital note on a tablet and smart phone.
 
N

Nipo

Member
videotape said:
Weirdly, I can get "recovery codes" to both my email and texted to my phone number, but even after entering these it asks for another code (which apparently starts with the letter 'R') that I apparently was told to write down when I installed the authenticator, but I can no longer find.
Click to expand...

No offense this sounds like user error. They specifically told you to write down the code to prevent this from happening. Shouldn't the title of the thread be "make sure you keep your Recovery code safe if you use mobile 2 stage verification"
 
You must log in or register to reply here.

Similar threads

Helldivers 2 will soon require all Steam players to sign in with a PlayStation Network account
7 8 9 10 11
538
18K
ArtHands replied
Introducing Steam Families
Platform 2 3
144
7K
Robot Carnival replied
How to check total money spent on Steam
2
88
5K
Robot Carnival replied
Finally got around to setting up GFN on my tv..,,,,
14
957
Jesb replied
Nvidia has a new graphics Control panel
Analysis 2 3
125
10K
Dirk Benedict replied
Top Bottom