In a bid to fortify the security measures for game developers utilizing the Steamworks platform, Valve, the visionary force behind the renowned Steam gaming platform, recently unveiled a pivotal update.
This groundbreaking enhancement introduces an additional layer of security, mandating game developers to authenticate their identity via SMS before initiating updates or incorporating new users into their Steam accounts.
Effective October 24, 2023: A Paradigm Shift in Developer Authentication
Starting from October 24, 2023, developers undertaking updates on Steam will be required to have a linked phone number associated with their accounts. This move is an assertive response to a spate of reported incidents involving hackers infiltrating Steamworks accounts of game developers.
These cyber assailants, during late August and into September 2023, compromised game builds with insidious malware, adversely impacting unsuspecting players.
Valve, acting swiftly to avert further breaches, has instituted a stringent two-factor authentication check. Game developers must successfully navigate this authentication process before effecting updates on the default branch of a released game.
The mechanics involve Steam sending a confirmation code via text message to the developer, necessitating its entry for default branch authorization. It's important to note that this verification step is not required for unreleased apps or when updating a beta branch.
Strategic Changes: Admin Accounts and User Invitations
Furthermore, Valve has restructured user invitation protocols. Only admin accounts within the Steamworks partner group possess the capability to extend invitations to new users. With the new security paradigm, the inviting admin must input an SMS code before dispatching the invite, adding an extra layer of authentication to the user confirmation process.
This meticulous approach aligns with Valve's commitment to elevating security standards within its expansive gaming ecosystem.
In Valve's own words, “As part of a security update, any Steamworks account setting builds live on the default/public branch of a released app will need to have a phone number associated with their account so that Steam can text you a confirmation code before continuing.”
Foreseeing the Future: Ongoing Security Enhancements
Valve's commitment to security extends beyond the immediate changes. The company has signaled its intention to expand this SMS verification requirement to other Steamworks actions in the future.
This strategic foresight underscores Valve's proactive stance in staying ahead of potential security threats and continuously refining the protective measures for developers on the Steam platform.
Technological Adaptations: SetAppBuildLive API and 'steamcmd' Restructuring
In tandem with these security enhancements, Valve has rolled out updates to the SetAppBuildLive API. This update necessitates a steamID confirmation via the Steam Mobile app, particularly for alterations to the default branch of a released app.
Notably, game developers can no longer utilize 'steamcmd' to set the default branch for a released app. While this functionality has been deprecated for default branch operations, 'steamcmd' retains its utility for uploading builds and preparing beta test branches.
Exclusive Two-Factor Authentication Medium: SMS Text Messages
Valve has made it unequivocally clear that SMS text messages will be the exclusive medium for receiving the two-factor authentication code. Consequently, Steam partners are urged to register a mobile phone number or an alternative method capable of receiving text messages. This prerequisite is essential for tasks such as adding users or configuring the default branch for a released app.
In conclusion, Valve's proactive adoption of SMS-based two-factor authentication marks a pivotal step toward fortifying the security infrastructure for game developers on Steamworks. This comprehensive approach, addressing potential vulnerabilities in user invitations, default branch updates, and beyond, exemplifies Valve's unwavering commitment to maintaining the integrity and security of its gaming ecosystem.
As the industry evolves, Valve's ongoing dedication to enhancing security measures positions Steamworks as a benchmark for secure game development and distribution.
This diagram provides a visual representation of the two-factor authentication process for game developers updating the default branch and inviting new users on Steamworks.
