Game-Changing Steam Security Enhancements by Valve
Valve strengthens Steam security after a breach exposed users to malware through deceptive updates
Highlights
Valve is implementing a new authentication system for game developers to protect Steam and its users from future security breaches.
The updated system mandates that developers undergo a two-factor authentication verification prior to making updates to the released games or granting new users access to their Steamworks group. Independent developers who lack access to a mobile device may encounter difficulties in receiving text messages for game updates on Steam.
Valve aims to enhance security measures on Steam for game developers in response to a major security breach. Although this may create challenges for developers, Valve considers it crucial to safeguard Steam and its users from future attacks.
As the leading platform for PC games distribution, Steam caters to a wide range of developers, from high-budget studios to solo indie creators. However, this also exposes Steam to a higher risk of being targeted by cybercriminals. Recently, hackers successfully infiltrated the accounts of several Steam developers, enabling them to distribute malware disguised as game updates. While the number of potentially affected players was limited to fewer than 100, Valve promptly notified them of the risk via email. Nevertheless, this breach signifies a significant compromise in Steam's security.
In order to enhance security measures against potential attacks, Valve is implementing a new requirement where developers must undergo a two-factor authentication verification before updating a released game. As part of this initiative, Steam partners will need to provide a phone number associated with their account, through which Steam will send an authentication code via text. Furthermore, developers will also need to employ two-factor authentication in order to update a game or grant new users access to their Steamworks group.
According to the FAQ on Steam, it is recognized that certain independent game developers may lack access to a mobile device. In response, Valve stated that these developers will need an alternative way to receive text messages if they wish to update their games on Steam or grant new users access. It is important to note that this new policy does not impact unreleased games or beta updates, but rather only affects the main branch updates that are automatically installed on a user's computer by Steam.
In addition, only administrators of a Steamworks group will have the capability to invite new users. Furthermore, Steamworks developers are no longer able to update their games using the SteamCMD tool. While SteamCMD can still be utilized for beta testing, developers are now required to log in and use the Steamworks website to update a game's default branch. Moreover, developers who utilize SetAppBuildLive will need to have a valid Steam ID and download the Steam App in order to continue updating their games through this method.
The new rules will be effective from Tuesday, October 24. Valve urges Steamworks developers to set up their two-factor authentication promptly to avoid any disruptions in access. Additionally, Valve intends to enforce two-factor authentication for other Steamworks functions but did not provide further details in the post.
While these new regulations primarily impact Steamworks developers, the average Steam user may not perceive any noticeable alterations. Nonetheless, these policies are anticipated to effectively prevent future security breaches.
Source: Valve
