Valve's Steam Guard: Protecting Your Account From Evildoers Since 2011

Valve has officially announced Steam Guard, which is a new form “user rights management” in the words of Gabe Newell. There were all sorts of rumors about it yesterday, but now that Valve has made the official announcement it’s safe there’s no real reason to panic. The service is more about keeping your Steam account secure and out of the hands of evildoers than it is about punishing you for having the audacity to play games on the PC. Valve isn’t Ubisoft.

What Steam Guard, which is completely opt-in right now, aims to do is make sure that only you have access to your account. Anyone who’s played World of Warcraft in the past few years will know how rampant account theft has been. It got so bad that Blizzard created a keyfob (and mobile app equivalents) that generates a unique password that you’d input at time of login. Users would log into the game by putting their account name (usually their e-mail address), their account password, and a second password that’s created on the spot. It ensures that even if someone managed to steal your account name and password they wouldn’t be able to log into your account because they’d also need that second, randomly generated keyfob password.

Steam Guard work similarly. You establish one computer as your home base. “This is my primary gaming computer,” that kind of thing. Whenever you try to log into your account from a different computer, Steam automatically sends a randomly generated password to your e-mail account. In order to log in from this different computer you’ll need your account name, regular password, and also the randomly generated one that’s sent to your e-mail account at time of login.

This makes it all the more difficult for someone to log into your Steam account without your authorization.

Needless to say, it would be prudent to have a different password for your Steam account and your e-mail account.

Now, there is a second component to Steam Guard, but it hasn’t been implemented yet. It will use Intel’s hardware-based authentication scheme known as Identity Protection Technology, which is only available with the newest Intel CPUs and compatible motherboards. It’s this bit that had people so worried yesterday: “What happens when I want to game on a different PC, or if my machine dies? Will my ‘authenticity’ die along with it?” Well, presumably if you want to game on a different PC all you’d do is collect the secondary password from the aforementioned automatically generated e-mail.

What happens if your machine dies, however, I’m not sure right now, as neither Valve nor Intel have made it clear how this portion of Steam Guard would work. We can debate that point when everything’s been clarified.

Oh, and speaking of Ubisoft, it seems our complaints were at least partially heard and understood, as the upcoming PC port of Assassin’s Creed: Brotherhood won’t require a 24/7 Internet connection; a working Internet connection will only be required at time of installation.

I still don’t understand why more companies can’t adopt the Good Old Games/CD Projekt attitude toward DRM, but what are you gonna do?