Protecting your Steam account against scammers and trolls

A brief but comprehensive guide to security and privacy on the world’s most popular gaming platform.

We explain what security and privacy settings will help protect your Steam account from scammers, hackers, spammers and trolls

If you are reading this post, it’s safe to assume that you have a Steam account. Unfortunately, in addition to Steam’s millions of bona fide gamers, the platform includes scammers looking to profit at others’ expense. We tell you the security and privacy settings you can use to guard against them.

How to protect your Steam account

To keep your account from being hijacked, you need to protect it. This is where the security settings come in. To open them, in the app on your computer:

  • Click your name in the upper right corner.
  • Select Account Details.

Another way to reach the very same settings in the desktop Steam app:

  • Click Steam in the upper left corner.
  • Select Settings.

Your Steam password must be strong

Is your Steam password short and guessable like 123456 or the name of a pet? Or do you use the same one as for your Facebook and/or Gmail accounts? Then we recommend changing it right away.

We have a separate post about how to come up with (and not forget) a virtually unbreakable password. And here’s why you should never reuse passwords.

To change your Steam password:

  • Open the Steam settings.
  • Select Change Password….

How to configure Steam Guard — two-factor authentication on Steam

Even the most reliable password will not help if it gets stolen — no one is insured against that, unfortunately. So be sure to enable two-factor authentication (2FA), which Valve calls Steam Guard. With 2FA, when you or anyone else tries to log into your account from an unknown device, Steam asks not only for your password, but for an additional code that is sent to your e-mail or generated in the mobile app.

These codes are updated automatically every 30 seconds, so it is almost impossible to guess them. What’s more, they work only once, so if you log in with it, no one else can.

By default, Steam sends those codes by e-mail. Here’s what to do if for some reason you disabled it or want to receive codes in the Steam mobile app (which we’ll cover in the next section):

  • Open the settings.
  • Click Manage Steam Guard Account Security… or Manage Steam Guard.
  • Choose how you want to receive access codes: by e-mail or in the mobile app.

How to set up Steam Guard Mobile Authenticator

Receiving one-time codes by e-mail is rather slow and not very reliable because e-mail accounts often get hijacked. There is a better way: Steam lets you generate one-time codes in the mobile app. First, it’s safer. Second, the code is always generated instantly. Here’s how to set up Steam Guard on your phone:

  • Install the Steam app on your smartphone (iOS or Android), and log in to your account.
  • Tap the three bars in the upper left corner.
  • Select Steam Guard.
  • Tap Add Authenticator.
  • Enter your phone number, if it’s requested.
  • Open the e-mail from Steam and confirm that you want to link the number to your account.
  • In the app on your phone, tap Next and enter the code from the text message.
  • Make a note of the recovery code the app displays and keep it in a safe place — you will need it if you ever lose your phone.
  • Tap Done and you’re all set. From now on, the app will display your 2FA codes in the Steam Guard section.

How to ensure that only you are logged in to your account

If you forget to log out on someone else’s computer, or suspect that you’ve been hacked, you can force a logout on all devices save for the one that you are using. To do so, in the app on your computer:

  • Open the settings.
  • Select Manage Steam Guard Account Security… or Manage Steam Guard.
  • Click Deauthorize all other devices.

Now the only person logged in to your account is you. Now is also the ideal time to change your password and enable Steam Guard to keep outsiders out of your account.

Cyberpoachers in search of accounts full of games and items are constantly creating fake sites to steal Steam logins and passwords. To lure users in, they post links in the comments section or elsewhere, promising things like game keys, free items, or huge discounts. If you swallow the bait, your credentials go straight to the scammers.

To protect you against this fatal mistake, Steam warns about links that lead to third-party sites. This option is available and active by default in the mobile app, but if for some reason you disabled it:

  • Open the mobile app.
  • Tap the three bars in the upper left corner of the screen.
  • Select Settings.
  • Open Application Preferences.
  • Select Alert for non-Steam Links.

Configuring Steam privacy

Having an excessively public profile can cause problems. For example, if scammers see that you have expensive games or items in your collection, they are more likely to take an unwanted interest in your Steam account. And if you allow just anyone to leave comments on your page, don’t be surprised if you get flooded with spam and insults. Therefore, we recommend spending some time configuring restrictions on third-party access to the information in your profile.

Here’s where the settings are in the desktop version of Steam:

  • Click your name in the upper right corner of the screen.
  • Select View my profile.
  • Click Edit Profile.
  • Select My Privacy Settings.

In the Steam mobile app, you can find them here:

  • Tap the three bars in the upper left corner of the screen.
  • Select Settings.
  • Open Application Preferences.
  • Click Steam Preferences.
  • Open the Privacy Settings tab.

How to hide your Steam profile from outsiders

If you don’t want strangers to see your profile at all, make it fully private. To do so:

  • Open the privacy settings.
  • Tap the link next to My profile.
  • Select Friends Only or Private.

Now only your name and avatar are visible to outsiders. These elements cannot be hidden, but on Steam there is nothing to stop you from using a fictitious name and a favorite anime character as your profile picture.

How to hide information about your games, items, and friends

If you want to hide only some information (such as lists of games, or collections of skins) from outside eyes, use Steam’s privacy settings to tailor its visibility.

  • Open the privacy settings.
  • Click the link next to Game details, Friends List, or Inventory.
  • Select Friends Only or Private.

How to hide screenshots and illustrations on Steam

Screenshots and illustrations also do not have to be shown to everyone. You can limit their visibility at any time. The settings for each picture are individual; that is, you can choose for each image whether you want it to be visible to everyone, or shown only to friends, or maybe just for you.

To hide a new screenshot or illustration, select Private or Friends only under Visibility in the upload window.

To hide an already uploaded screenshot or illustration:

  • Open your screenshots or illustrations.
  • Click Manage Screenshots or Manage.
  • Select the images that you want to hide.
  • Click Make Friends Only or Make Private.

Sometimes it is more convenient not to hide a picture, but to make it viewable by link only. That way, it will not appear in search results or the Steam community feed, allowing you to choose who to share it with. If the picture is new, select Private under Visibility in the upload window. If you want to restrict access to an already uploaded screenshot or illustration:

  • Open your screenshots or illustrations.
  • Click Manage Screenshots or Manage.
  • Select the images that you want to hide.
  • Click Make Unlisted.

On the relevant pages of your profile, you can limit the visibility of videos, mods, and items created in the Steam Workshop as well.

How to avoid spammers and trolls on Steam

Already hidden your most personal stuff? Now let’s deal with spam and trolling. To prevent strangers from posting comments or dropping questionable links in your profile, you can restrict access to comments. To do so:

  • Open the privacy settings.
  • Click the link under Can post comments on my profile.
  • Select Friends Only or Private.

How to avoid leaking data, money, and items on Steam

Your profile is now configured, thank Gaben. Now your gaming life is much better protected than before. However, cybercriminals can still try to scam you — for example, by selling an already used game key or asking to borrow an expensive item. Be careful and don’t trust just anyone.

  • Don’t follow links in messages from “support service” or other users. Scams can be based on carrots (such as fake lotteries with juicy prizes) or sticks (threats to block user accounts and the like). Check all information in official sources.
  • Don’t rely on good faith and scout’s honor. And be wary of any freebie. Remember that if something is too cheap, it’s probably a trap.
  • Don’t install game-enhancing extensions or third-party programs. Using cheat software could result in a VAC ban, and in most cases it will simply infect your computer instead of giving you a leg up on the competition.
  • Use a reliable security solution that identifies malware and phishing links. If you have our antivirus installed, find out how to hook it up with Steam (spoiler: It’s easy).