Valve adding SMS verification to Steamworks accounts

SMS is an odd choice, but okay

MajorLinux - Editor-in-chief

Yesterday, Valve posted on their Steamworks Development site about some updates coming soon to Steamworks users.

They state that users that “setting builds live on the default/public branch of a released app” will be required to have a phone number associated with that account. This is so Steam will be able to text you an MFA code in order to login. The change will be taking place on October 24, 2023.

While no specific event has been cited to trigger this change, many are speculating that this may be due to the recent uptick of projects being hijacked by bad actors who have then upload malicious code. Valve is working to purge the projects that have been affected by these hacks along with the aforementioned security additions.

While the move overall is a good one for Valve to protect its users, it does raise some questions as to why they are using SMS verification instead of something more secure like using an MFA tool like Google Authenticator, Authy, or even iOS’ built-in code generator. Also, Steam has SteamGuard which can be used to both login users and be used as a MFA. SMS has been known to be very insecure as someone would only need to socially engineer a carrier to get access to the phone number, send it to a new SIM, and take codes.

Share This Article
By MajorLinux Editor-in-chief
Marcus Summers is a Linux system administrator by trade. He has been working with Linux for nearly 15 years and has become a fan of open source ideals. He self identifies as a socialist and believes that the world's information should be free for all.
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *