In a candid post on its official news blog, Steam revealed that 77,000 accounts are hijacked and pillages each month. Account theft isn't anything new, but since Steam implemented Trading several years ago, incidents of account theft have "increased twenty-fold" and has become "the number one complaint from our users."
Hackers would can access to an account and sell all of that user's items to other innocent users, and it's reached a point where that "stealing virtual Steam goods has become a real business for skilled hackers" who are now "a highly effective, organized network."
While Steam's usual solution is to duplicate and restore stolen items to the original account, they understand that doing so would increase the number of rare trading cards, thereby reducing their value for everyone who owns that card.
Steam urges all users to use the two-factor authenticator (Steam Guard Mobile Authenticator) where you use another device that you own to verify your account. Steam thought of removing trading entirely or require two-factor authentication for trading, but considered that this would be too stifling for users. As a response, Steam will be implementing the following new rules:
Anyone losing items in a trade will need to have a Steam Guard Mobile Authenticator enabled on their account for at least 7 days and have trade confirmations turned on. Otherwise, items will be held by Steam for up to 3 days before delivery.If you've been friends for at least 1 year, items will be held by Steam for up to 1 day before delivery.
Accounts with a Mobile Authenticator enabled for at least 7 days are no longer restricted from trading or using the Market when using a new device since trades on the new device will be protected by the Mobile Authenticator.
Steam admits that it's "a difficult balance" between security and user-friendliness, but believes these new rules is a "cost we pay to ensure the system is able to function." Do you think this is the right policy for Steam to take?
