Platforms update their security architecture regularly to prevent abuse or breach of any kind. Valve’s Steam announced on October 10 that it will be making “important changes to how builds will be managed in Steamworks, along with adding new users to your Steamworks partner”. But, how exactly will this impact developers that make use of the platform?
From October 24, developers must associate a phone number to their account for a sort of two-factor authentication (2FA) before they can add a new user to the account or publish new versions of released games. Steam will text a confirmation code to the associated number which the user will need to enter into the system to continue.
In other words, Steam is making 2FA compulsory for certain Steamworks account actions. However, the company has mentioned that in the future they may extend this requirement to other Steamworks actions.
ALSO READ: 7 Best Handheld Game Console
Two-factor authentication is stronger than the use of just a username and password. It adds an extra layer of security to the account which makes it harder for intruders to get in. While most platforms don’t make it compulsory for users to turn on 2FA, they highly recommend it and will sometimes nudge users with subtle reminders or popups to do so.
In addition to SMS verification, Steam also has a Steam Guard Mobile Authenticator that is similar to Google Authenticator. This mobile app automatically generates a code that changes every 30 seconds which makes it harder to guess. When turned on, a user will have to key in the code from their Steam Guard Mobile Authenticator every time they log on to their Steam account.
Steam Mobile App also has other security features including a QR code sign-in which allows Steam users to skip entering their username and password. Even when these other 2FA features are turned on, “Valve strongly recommends that you add a phone number to your account, which makes recovering your account quite a bit easier, should you lose access”.
The potential trouble with Steam’s additional security
Sometime in 2022, Call of Duty: Modern Warfare II and Overwatch 2 both made use of the SMS Protect system. In this case, players were required to register a phone number to access the multiplayer. The registered phone number was used to verify the user’s Battle.net account.
While the idea was great, it negatively impacted players who made use of prepaid phone numbers or those who didn’t own a phone. Following the challenge with the implementation in Overwatch, Blizzard Entertainment eventually scrapped the rule for most Overwatch players.
Earlier this year, the Entertainment Software Rating Board (ESRB) filed a proposal to the FTC suggesting the use of facial recognition called Privacy-Protective Facial Age Estimation. The ultimate goal was to help verify that only adults can purchase games rated mature.
ALSO READ: 2 Ways To Play PS5 In Tesla Exposed
The proposal suggested that an individual will take a picture and submit it for verification. After the verification, the picture is deleted immediately. The goal is to help parents and guardians keep track of what their children play.
In the FAQ section that followed the announcement, the answer to the question about those who don’t have a phone was blunt, “Sorry, but you’ll need a phone or some way to get text messages if you need to add users or set the default branch for a released app”.
While extra security is always welcomed as it helps protect innocent users from bad actors, it also raises the question of how much more users need to put out their personal information and how much more is at stake if there is a broader platform breach.
Remember to share and bookmark this website to stay up to date on all the hottest news in the gaming industry.
