Steam Guard isn’t anywhere close to good enough as a KYC/fraud prevention measure to flag an account as Trusted.
Any bot maker can easily enable 2FA in thousands of accounts at scale, as we have third-party (and open-source) applications that can be used in place of a phone as an authenticator. By giving Trusted to 2FA-enabled accounts, you’re doing two things:
Reducing the cost per bot account (and, thus, cost per ban);
Making it easier for them to make accounts.
Please revisit this alternative to KYC – I understand that fraud prevention is very important for the game’s health, but enabling Steam’s 2FA opens the floodgates for bot accounts that used to be very costly due to the $5 Trusted paywall.
Thanks for the quick response! But the post earlier today has pretty confusing messaging. The whole “Trusted through Lost Ark” part is very weird and had me understand that having 2FA on will make you Trusted in LA even when you don’t have access to Steam’s social features.
Either way it doesn’t do much if anything – it’s just an extra layer of inconvenience for legit players while not hurting bot operations at all (after 20 minutes of work from a developer).
Steam guard “2fa” is literally an email authentication which they already automate for creating the bots…
We know devs are trying but we would really like the servers locked for now while you guys find a better solution, there is no explanation for why we are forced to put up with bots for months while devs do their back and forth with the bots. #LockTheServers
2fa doesn’t really stop botting; it indirectly makes it harder for certain forms of rmt (eg. hackers/scammers stealing accounts). maybe it wasn’t communicated very clearly and was conflated with an effort to stop botting by many people.
re botting, AGS’s mistake was choosing steam as the distribution platform for an f2p game in the first place. steam have no obligation to police new account creation so botters can just automate and constantly create new accounts to replace the banned ones, and steamguard 2fa will be automated too.
if only AGS had chosen to manage accounts themselves (probably deemed too costly/legally-troublesome but look at the state we’re in now, having to constantly devote resources to banning and stopping bots)… they might have a bit more data and control over account creation if they hadn’t gone for the cheapo/legally-easiest route.
since we’re stuck with steam now, i feel that if they charged us a one-time $2 to play the game, people would still play and they’d make some money back from the botters for each new account they remake at least. CMs might also need to reiterate that 2fa isn’t an anti-botting measure but indirectly discourages the hacky/scammy forms of rmt.