New Steam App

[J4MES OX4D 9,808]

Valve have released their updated app and it's a complete disgrace. They've replaced the non-login required authenticator and changed it to a blanket app with far more functionality. However this has proven to be a catastrophic security risk because you can't ever log out of the app which means anyone that swipes your phone can have unrestricted access to your Steam account which completely negates and deflates the purpose of 2FA. It's the equivlanent of buying a safe or lock box for your house that doesn't have a lock or a door and then the burden being placed on the user not to have their front door key swiped, house burgled or key misplaced. 

 

This really is shocking incompetence and users are now forced to be logged in to the app at all times for no logical reason. It's turned into 1-factor auth without any code requirement. The beauty of the normal app was you didn't have to be logged in to obtain a code which made it extremely secure. The safest way on the platform now is actually email guard and that was supposed to be outdated in 2015! I can only assume Valve have hired some an incompetent third party company because this is a totally out of character move. If it's done by intent then it has to be seen as them inflating store-wide engagement figures. No other explanation really. 

 

Feedback is coming in thankfully so all we can hope for is it gets patched or rolled back. 

[Luseth 1,766]

I have not yet checked it out to be honest, is this an update or a whole new app?

 

It seem's a bit of an obvious security issue but I suppose these day's your phone is a key into every aspect of your life. If someone killed me, held my phone up to my face I imagine they could access almost everything about me. It's a bit absurd really isn't it. In fact thinking about it I might take the facial recognition off my phone ^_^

[J4MES OX4D 9,808]

6 minutes ago, Luseth said:

I have not yet checked it out to be honest, is this an update or a whole new app?

 

It seem's a bit of an obvious security issue but I suppose these day's your phone is a key into every aspect of your life. If someone killed me, held my phone up to my face I imagine they could access almost everything about me. It's a bit absurd really isn't it. In fact thinking about it I might take the facial recognition off my phone ^_^

It's basically an app update but it replaces the typical auth and instead just provides a one-touch login inside the app which then auto logs you in on desktop after you've entered your account name and password. This is why I will never have an email box on my iPhone because you can't sign out of that either and if your phone is swiped and the thieves have access to your home screen, they have all your email too which literally controls everything. The app pretty much mimics the entire client functionality so they've really shot themselves in the foot especially with removing the 2FA concept on it.