Steam Machine ID Authentication (Valve Software)

  • Author:
  • Send To:
    Valve Software
  • Sponsored By:
  • More Info at:
Users of Valve Software's content delivery platform Steam suffer occasionally from account hijacking. This is where someone other than the account owner gets a hold of the account's username and password, logs in, and changes the password.

Most of the time, this is at the fault of the user for not properly securing their PC, visiting some obvious phishing site, succumbing to a scam, or something else where they willingly give their account information.

But humans make mistakes. And humans learn from them.

However, the fact that originally encouraged writing this petition, it is completely possible that within the time of the hijacking, the hijacker used known hacks to play a game and flagged Valve's Anti-Cheat system (VAC). VAC works on a delayed ban basis, banning potentially months after the offense, in order to not indicate to the cheater which hack caused the flag.

The problem here for those hijacked is that (after getting the account back) they may resume their normal routine, unknowing that in a few months they'll be banned for something they didn't do. Then, without warning, they're hit with the ban hammer. Naturally, they'll complain on message boards that they didn't do anything wrong, but no one will believe it--even though they may be telling the truth.


For Valve to implement a system where one can lock their Steam account to a specific Machine ID, that is essentially a checksum of the user's hardware and software configuration. Any machines that do not have that ID can not log in to the account

An example of such an implementation with (fake) screenshots:

WHY ??

Steam is a growingly successful business model for Valve bringing in millions of dollars a year that will only grow larger. Its users have paid to get this additional, optional layer of security. For many, Steam is a $100 or more investment. Not only that, but Achievements and save files via Steam Cloud are stored to the account, which will all be permanently lost.

Credit card companies have noticed such a need with identity theft, and if a credit card is stolen these days, most companies will void all transactions made during that time period.

Valve, with the strict no-cheating policy, will NOT lift any VAC ban no matter the circumstances. This is understandable, as real cheaters could exploit any generosity from Valve and make it back into the game. However, this petition deals with PREVENTING ANY HIJACKING from occurring from the beginning, and exclusively in future cases.

As it is now, if Steam senses a user's account is hijacked the account will automatically be locked until Steam Support is contacted. Clearly, some mechanism for detection is already in place. This proposal aims to simply give users more control over it.