Valve’s new security measure, set to be effective by the end of October 2023, requires developers to undergo two-factor authentication (2FA) before they are permitted to deliver game updates to players. Notably, the sole method for passing 2FA will be through SMS, which does introduce the potential vulnerability of SIM swapping. Steam partners will soon be mandated to register a phone number with the platform; those who opt not to comply will have no other way to update their games.
Valve has stated that this “extra friction” is a necessary compromise to safeguard Steam users and to keep developers informed of any potential breaches of their accounts, as per their communication with PC Gamer.
This heightened security protocol may seem extensive, but it is a response to the rising number of sophisticated attacks targeting developer accounts on Steam. The platform has witnessed an increase in such cyber threats.
