Steam Secures Player Accounts With Random Intel Technology

Digital delivery service Steam wants to keep its users' accounts secure, but software security is a fragile thing. That's why Valve has teamed with Intel for Steam Guard, hardware-based security that could make account phishing a thing of the past.

Someone has attempted to reset your Steam password. Please verify your information by following this shady link and filling out a form that sends your most sensitive information directly to the people you'd least like having it. Phishing scams are obnoxious and mostly obvious, but every now and then computer user let's down their guard and their password falls into the hands of someone that shouldn't have it.

With Steam Guard, getting a user's account info is only step one. Step two would be sneaking into their house and using their computer.

Steam Guard is a security technology that locks account modification to a single computer. Users will still be able to access Steam and play games they've already purchased from anywhere, but any major changes to the account must be done through the authorised machine.

The service takes advantage of Intel's new Identity Protection Technology, integrated into the second generation of its Core and Core vPro processors. The technology generates a random number every thirty seconds, and Steam Guard will verify that number. If you aren't at that computer, you aren't gaining access.

"Account phishing and hijacking are our #1 support issues," said Gabe Newell, President of Valve. "With Intel's IPT and Steam Guard, we've taken a big step towards giving customers the account security they need as they purchase more and more digital goods."

What does this mean for folks without Intel Core and Core vPro processors? They'll just have to remain terrified that one day someone is going to steal their games. It's inevitable!


Comments

    hahaha this will be funny. Cant wait for all the threads about CPU's burning out and now being unable to modify their steam accounts and having to deal with valve customer support.

      Exactly right. I'm far more comfortable just NOT responding to dodgy requests for passwords.

        You guys really think that wouldn't have thought of that? It would have been the first hurdle they would've encountered when planning this. Give it time for more information to come out about this.

      When my account was hacked (and no, I did not click on dodgy links), I found Valve/Steam customer service to be really helpful.

        was your password "steam"? ;-)

    I absolutely can't wait for this. Imagine how exciting it will be when your CPU blows up and your steam account is suddenly locked to a computer you no longer possess!

    This is a great idea IF you can purchase games from any computer, that will be the deal maker/breaker for me and probably a few others.

    Errr .... Why not just go for the good old authenticator method like Biizzard use. It's pretty damn solid.

    While moving to hardware authentication is a step towards better protection, this isnt totally infallible.
    The hardware produces a "pseudo-random" number, which appears random to an observer, but one which can be determined by a software algorithm of some kind, hence how the valve servers are able to verfiy this.
    The hardware dongles issued by blizzard for wow logins are the same sort which are used by banks for their logins. The numbers generated however are determined by a single variable, the serial or ID number of the hardware device, which is associated with your account. There are already blackhat solutions available to produce these numbers if you get the ID of someones dongle [its printed on the back with some of them].
    So again, it comes down to the weakest link is always the user.
    In the case of a hardware solution by intel, there will be some identifying ID with each chip they ship, which will be associated with an account on valves servers. They will of course use some public key cryptography and signing to protect this information, but ultimately the key can be deduced.
    The effort to go through however probably isnt worth it just to access someones steam account, however, lol.
    Systems like this need to be invented for one reason only, to protect users from themselves.
    If people have an understanding of the internet and think first before acting, they wont have any reason to worry that their account is vulnerable.

    Sucks to not have fully read/understood the press release before writing this article. Like, the part where it says:

    "With Steam Guard enabled, anyone attempting to login as you from an unrecognized computer must first provide additional, one-time authorization. A special access code will be sent to your contact email address, and this code must be entered into Steam before your first login on an unfamiliar computer is complete."

    You know, the part where it doesn't actually say it's mandatory to have the new hardware to be secure.

    Kotaku really is going downhill, fast.

Join the discussion!