Steam Guard will not kill you
There is a lot of confusion over the recent announcement of Steam Guard, which will allow Steam account access to be limited to specific computers. Here are the facts:
- Steam Guard will completely restrict account access
- “Enabling maximum account security prevents the account from being accessed from any computers other than those you explicitly authorize,” says one of Steam’s new localisation strings.
- Intel hardware is optional
- Steam Guard will be able to identify a computer using software only; this will be inherently less secure than hardware identification but better than nothing. The system that already prevents stored login details being copied to different computers will presumably be used.
- Multiple computers can be activated with email codes
- But only when Steam Guard is running in software mode. Sensibly, the weak point of authorising other computers (given the dependence on email account integrity that it entails) is disabled when hardware identification is active. There is no word yet on what will happen should your CPU explode when your account is in hardware mode, but the process will surely bear similarities to recovering a lost password.
- Steam Guard will be added to Steamworks
- This is odd. The full quote is “available to third parties to incorporate into their own applications through Steamworks,” but why would anyone want to re-implement what Steam already gives them? I can only speculate that either this is marketing hype (like the utterly redundant CEG), or that Steam is going to start natively supporting limited activations. While Valve have tolerated this in the past, actually offering it as a part of Steamworks — if that is the plan — would be a big step.
And why does the release say “applications”, not “games”? Perhaps just a slip-up…
- Steam Guard will be under your control
- Notwithstanding the above, enabling Steam Guard on your Steam account is optional.
This might seem like an pretty good move by Valve, but there is a bogeyman. Intel’s new tech falls under Trusted Computing: the practice of using purpose-built hardware to ensure that a computer can be trusted to be upholding certain conditions. Most often those are that unauthorised code isn’t running, but in this case it’s that a single, particular CPU is in use. The key is that unlike DRM, which is always grounded in software, a good implementation of Trusted Computing cannot be broken without physical access to the computer (and an electron microscope).
The rights and wrongs of this are a matter of personal opinion. But having seen Steam suffer suspicion and even hatred while it was establishing itself I can’t help but be if not quite pro-TC, then anti-anti. It’s certainly clear that Steam Guard will make the world a better place.