It's not hard to see why the problem is increasing. Items in games like Team Fortress 2 and Counter-Strike: GO can be worth a lot of real money on the secondary market, not to mention the inexplicably popular virtual trading cards floating around the Steam social network. As Valve puts it "practically every active Steam account is now involved in the economy, via items or trading cards, with enough value to be worth a hacker's time. Essentially all Steam accounts are now targets." Goods transferred from stolen accounts can be relatively easy to unload on unsuspecting legitimate customers, too, making it hard to unwind the theft once it's detected.
Now, Valve is taking additional steps to decrease the value of these hacks when they happen. By default, traded items will now be "held" by Valve for "up to three days"—hopefully enough time to give users a chance to discover that their account has been compromised (and to prevent quick item transfer/liquidation by the hackers). Users that have two-factor authentication enabled will be exempt from this restriction, since their accounts are theoretically safe from most hacking attempts. Trades between users that have been friends for a year or more will only be held for "up to one day" even without two-factor, since that implies a real relationship between the traders.
Valve said it considered simply requiring all traders to have two-factor authentication enabled but said that this would unfairly exclude users who can't use the feature due to the lack of a compatible mobile phone. Absent that, this seems like a good compromise to encourage stronger security practices among Steam users while also discouraging hackers from easily profiting from the service's lowest-hanging, least-secure fruit.
reader comments
88