Valve, the company behind the widely popular Steam gaming platform, has recently announced significant changes in its security protocols. Effective from October 24th, Steam developers will be required to confirm their identity via SMS before they can publish new game builds. This change has drawn the attention of both developers and users, shedding light on potential vulnerabilities in the current system.

Background on the Security Update

Steam, known for its vast library of games and software, facilitates the release of numerous new game builds every day. Previously, developers could publish these new builds without stringent verification procedures. However, this seemingly open system has been a double-edged sword. While it encourages creativity and rapid development, it has also exposed the platform to security risks.

Details of the New SMS Verification Requirement

As part of the new security update, developers who wish to set builds live on the default/public branch of a released app will have to associate a phone number with their Steamworks account. Valve will then send a text message confirmation code to this number. The developer will be required to enter this code to proceed with the publishing. If a developer does not possess a phone, Valve’s statement is quite clear: “Sorry, but you’ll need a phone or some way to get text messages if you need to add users or set the default branch for a released app.”

Reason for the Update: Combating Malware

While Valve’s announcement did not specify the reasoning behind this sudden change, further investigation by the community uncovered a serious issue. Developer accounts had been compromised and were being used to spread malware through Steam. This revelation was confirmed through a screenshot shared by Simon Carless, which received a response from developer Benoît Freslon. Freslon mentioned that his accounts were hacked by a Token Grabber Malware and highlighted the limitations of Two-Factor Authentication (2FA) in preventing such attacks.

Response from the Developer Community

Many developers see this change as a logical step to enhance the security of Steam’s ecosystem. Nevertheless, some also expressed concerns about how this would add another layer of complexity to the already intricate process of game development and publishing. Valve’s confirmation to PC Gamer revealed that less than 100 Steam accounts were affected, but the magnitude of potential damage from such compromises cannot be understated.

Implications for the Future

Valve’s introduction of SMS verification for publishing game builds is likely the first in a series of security measures. The company has indicated that this requirement will extend to “other Steamworks actions in the future.” Given the potential risks involved, these changes could set a precedent for other gaming platforms to follow suit.

Final Thoughts

Valve’s recent update to require SMS verification is a proactive measure designed to fortify its defense mechanisms. While it introduces another step in the game publishing process, the added security layer can safeguard both developers and users from the severe consequences of account compromises and malware spread. Although initial reactions from developers are mixed, the general consensus leans towards a safer Steam ecosystem.

Also Read: