Jump to content

Mobile Authentication Question.

Not_Jamie

Hi guys, so recently a friend got his steam account hacked and while it looks like he will be able to get it back it served as a stark warning to keep on my toes, because to be honest I have picked up some woeful habits.

 

So today I went through, first making double sure my computer was clean (only reformatted  a week ago) and then changed all my passwords that mattered, i.e. stores personal information. I used keypass to generate new passwords and store them. I am currently using a master password but do have a YubiKey on the way for logging into some sites as well. Not fully content with that I want to set up mobile Authentication for mainly my gaming software (the key can be used for supported sites). I have lost my phone a few times so I am thinking of buy like a 50 buck tablet or phone to keep near my computer that is solely used for this.

 

Is this sufficient? It might seem overkill (and most likely is) but want I want to make sure is if this is a secure method of using a mobile authentication. I want to keep my gaming accounts save in particular as steam has thousands of dollars with of games and other accounts have large hours sunk into them.

 

Thanks for any help. While some gaming sites have physical authentication devices you can buy having 3+ of them would prove cumbersome.

I find the majority of laptop gamers more perplexing than console gamers. Just about every conversation when asking them about their computer equals I bought it for portability, yet they cannot remember the last time they even lifted it from their desk.

Link to comment
Share on other sites

Link to post
Share on other sites

I let Apple make all my passwords for me and keep them on my iCloud keychain.

 

Good idea?

 

Probably (not) maybe.

NCASE M1 i5-9600k  GTX 1080 FE Z370N-WIFI SF600 NH-U9S LPX 32GB 960EVO

I'm a self-identifying Corsair Nvidia Fanboy; Get over it.

Link to comment
Share on other sites

Link to post
Share on other sites

 

steam does send the same code to email if you have lost your mobile, so don't worry much about losing access to your account.

 

Spoiler
Spoiler

AMD 5000 Series Ryzen 7 5800X| MSI MAG X570 Tomahawk WiFi | G.SKILL Trident Z RGB 32GB (2 * 16GB) DDR4 3200MHz CL16-18-18-38 | Asus GeForce GTX 3080Ti STRIX | SAMSUNG 980 PRO 500GB PCIe NVMe Gen4 SSD M.2 + Samsung 970 EVO Plus 1TB PCIe NVMe M.2 (2280) Gen3 | Cooler Master V850 Gold V2 Modular | Corsair iCUE H115i RGB Pro XT | Cooler Master Box MB511 | ASUS TUF Gaming VG259Q Gaming Monitor 144Hz, 1ms, IPS, G-Sync | Logitech G 304 Lightspeed | Logitech G213 Gaming Keyboard |

PCPartPicker 

Link to comment
Share on other sites

Link to post
Share on other sites

I let Apple make all my passwords for me and keep them on my iCloud keychain.

 

Good idea?

 

Probably (not) maybe.

apple been hacked alot of times so nope

you see this? this is my signature. btw im Norwegian 

Spoiler


CPU - Intel I7-5820K, Motherboard - ASUS X99-A, RAM - Crucial DDR4 Ballistix Sport 16GB, GPU - MSI Geforce GTX 970, Case - Cooler Master HAF XB evo, Storage - Intel SSD 330 Series 120GB - OS, WD Desktop Blue 500GB - storage 1, Seagate Barracuda 2TB - storage 2, PSU - Corsair RM850x (overkill i know), Display(s)- AOC 24" g2460Pg, Cooling - Cooler Master Hyper 212 Evo, 2 Noctua 120mm PWM, 1 Corsair 120mm AF RED LED, Keyboard - SpeedLink VIRTUIS Advanced, Mouse - razer deathadder chroma, Sound - Logitech Z313, SteelSeries Siberia V2 HyperX Edition, OS - Windows 10 (prefer windows 7)

 

Link to comment
Share on other sites

Link to post
Share on other sites

Currently a two-factor authentication like the mobile authentication in Steam is near-foolproof. You really don't have to worry about that part. But if you happen to contract a trojan on your desktop, they can get your credentials and turn off the mobile authentication voiding your effort altogether. A clean PC goes a long way but your online habits play a huge role too.

Link to comment
Share on other sites

Link to post
Share on other sites

Currently a two-factor authentication like the mobile authentication in Steam is near-foolproof. You really don't have to worry about that part. But if you happen to contract a trojan on your desktop, they can get your credentials and turn off the mobile authentication voiding your effort altogether. A clean PC goes a long way but your online habits play a huge role too.

 

 

So I actually thought of this, as I tried to systematically figure out weak points, rather then just beef up my password but leave other places open wide. In terms of nasty programs like key loggers getting on my computer, yubikey should take care (i.e as good as possible) of anyone getting access to my keepass file with all the passwords. I have ordered the one time password version (works just like authenticators), which works with keepass.

 

From there I plan to get a mobile with a long term data plan, its easy to find a couple of gig for ten dollars that lasts 365 days. The phone will never connect to my network but use its own internet as what its doing is minimal, it will have authentication apps like the battlenet, steam apps etc. It will also be home to my recovery email and will only ever be used for that. Now the only way I can see anyone getting full control (never getting it back) is to get past encrypted passwords (keepass), find a way to gain access to my authentications or figure away around and then also take control of a email that will never appear on anything other then my mobile and be registered to a select few sites.

 

Its sounds like a lot of work but really, I wanted Authentication for my gaming accounts. The easiest way to do that is with a mobile as having 8 key chains would suck. I can also use the phone to retrieve lost accounts.

 

Edit: O I forgot to add, I also now use a VPN for anything not secure... i.e Ill log into battlnet and steam without one but when looking to surf the web I use it.

I find the majority of laptop gamers more perplexing than console gamers. Just about every conversation when asking them about their computer equals I bought it for portability, yet they cannot remember the last time they even lifted it from their desk.

Link to comment
Share on other sites

Link to post
Share on other sites

So I actually thought of this, as I tried to systematically figure out weak points, rather then just beef up my password but leave other places open wide. In terms of nasty programs like key loggers getting on my computer, yubikey should take care (i.e as good as possible) of anyone getting access to my keepass file with all the passwords. I have ordered the one time password version (works just like authenticators), which works with keepass.

 

From there I plan to get a mobile with a long term data plan, its easy to find a couple of gig for ten dollars that lasts 365 days. The phone will never connect to my network but use its own internet as what its doing is minimal, it will have authentication apps like the battlenet, steam apps etc. It will also be home to my recovery email and will only ever be used for that. Now the only way I can see anyone getting full control (never getting it back) is to get past encrypted passwords (keepass), find a way to gain access to my authentications or figure away around and then also take control of a email that will never appear on anything other then my mobile and be registered to a select few sites.

 

Its sounds like a lot of work but really, I wanted Authentication for my gaming accounts. The easiest way to do that is with a mobile as having 8 key chains would suck. I can also use the phone to retrieve lost accounts.

 

Edit: O I forgot to add, I also now use a VPN for anything not secure... i.e Ill log into battlnet and steam without one but when looking to surf the web I use it.

Sounds robust enough to me. Nothing's ever perfect but I guess the aim is just to make it too much of a pain to the attacker anyway. Which this sounds like it is. I gotta say, you put way more effort to this than some companies do. :) Kudos!

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×