Steam Guard is an additional level of security that can be applied to your Steam account. When Steam Guard is enabled on your account, anyone attempting to login to your Steam account from an unrecognized computer must provide additional authorization. A special access code will be sent to your contact email address, and this code must be entered into Steam before your login is complete. Steam Guard security is also now available through the Steam app on your smartphone, by using the Steam Guard Mobile Authenticator.
Verifying your email address with Steam improves the security of your Steam account. Once you've verified your email address with Steam, both your Steam Account password and access to your email account are required in order to make any changes to your Steam Account credentials, such as your password, secret question and answer, and contact email address. This helps further protect your Steam Account from being stolen by a potential phisher.
Users can add you to their Friends list by observing your in-game nickname, or if they know your account's contact e-mail address - for this reason we recommend that you keep in mind that the users who have added you may not be people you have spoken with before.
Be aware that users can change their nickname displayed in Friends at any time.
Attempting to trick other users into providing password information is commonly called "phishing" - unfortunately, some individuals are using deceptive Friends personas to request password information from other users. Steam Support does not use the Friends network to contact users, nor will we request CD Key information or credit card purchase information unless you have contacted us for assistance by using the Steam Support System.
If you receive a link from another user, especially one claiming free access to Steam content, use extreme caution! All official Steam logins are directed to the steampowered.com or steamcommunity.com domains, and official pages will include an Extended Validation SSL certificate, which most up-to-date modern browsers will identify with green text or a green highlight in the address bar with "Valve Corporation [US]" near the address. If you suspect a site asking for your login information is not an official Steam site, do not enter any information on the site and disregard it.
Account hijackers have several common methods of attack, most of which rely upon misinformation or deception. Your account cannot be stolen if you follow these recommendations and refrain from sharing your account.
Watch out for these activities:
Deny requests for login and password information from other users. Do not share your account login information with anyone. No reputable gaming clan will ask for your login information to join. Game server administrators do not need your Steam account information.
Ignore unsolicited messages from "Steam Support" unless the message originates from the support.steampowered.com domain. Do not send your password to anyone
It is common for executable ( .EXE ) files, Windows screensaver ( .SCR ) files, dynamic link libraries ( .DLL ) files, and batch ( .BAT ) files being offered as parts of "mods" to contain malicious software designed to steal Steam account login information. Hacks are another very common source of malicious programs.
A list of common scams can be found here.
In addition to selecting a strong password, it is a good idea to maintain the security of your system in the following ways:
A strong password is a necessary first step toward ensuring the security of your account. Your password should meet all of the minimum requirements listed below:
Make sure you are using a different password for your Steam account, your Steam Support account, and your contact e-mail address.
If you participate in any gaming forums, make sure that your username and password on these forum sites (including Steam's own user forums) is different from your Steam Account name and password.
Regularly scan your computer for viruses, key loggers, spyware, and other malicious code with a virus scan utility that has the most recent virus definitions.
Avoid accessing your Steam Account from internet cafes or shared computers - if you must use an internet cafe or shared computer, make sure it has been scanned for viruses, trojans, and keyloggers.
If the machine you use to access Steam has multiple users, be sure to fully Exit (log out of) Steam when you are done using the machine (if the "Remember Password" option is checked or if Steam is minimized to the Windows system tray but not fully Exited another user may be able to access your account).
If your account has been compromised, please see the Retrieving a Lost or Stolen Steam Account topic for instructions to retrieve your account.
If another user requests your account information or attempts to steal your account, please see the Reporting abusive behavior within the Steam Community topic for instructions to submit a report.