Just want to know how to ‘fix’ Steam’s password field? Scroll down to “How to Fix It”
Steam & Security Theatre
You’re a smart guy. You’re not stupid about computer security. And that’s why you always make sure that you use a different password for every service you use, right? You might even use a different password for every account, even when you have different passwords on the same service. You know that there are really, really good reasons why it’s simply not good enough to, for example, have “high-security”, “general use” and “low security” passwords, and re-use each of them in several places. And if you don’t know that: well, take my word for it and I’ll explain it in detail later.
It’s no great hardship to have lots of long, complex, effectively-random passwords, these days. Tools like SuperGenPass, LastPass, and KeePass, among others, mean that nowadays it’s so easy to use a
different password for every service that there’s no excuse not to. So you probably use one of those (or something similar), and everything’s great.
Except for that one application
– Steam. I have Steam save my password on my desktop PC (by the time somebody steals my desktop PC and
breaks into the encrypted partition on which my data files lie, I have bigger problems than somebody stealing my Just Cause 2 achievements), but it forgets
the password every time that Ruth uses her Steam account on my computer. No problem, I think: I can easily
copy-paste it from my password manager… nope: Steam won’t let you paste in to the password field.
What? If you ask Valve (Steam’s creators) about this, they’ll say that it’s a security feature, but that’s bullshit: it’s security theatre, at best. And at worst, it means that people like me are inclined to use less-secure passwords because it’s harder to memorize and to type out that a more-secure password would be.
How to Fix It
Well, obviously the best way to fix it would be to successfully persuade Valve that they’re being stupid: others are already trying that. But what would be nice in the meantime would be a workaround. So here is is:
- Edit
Program FilesSteamPublicSteamLoginDialog.res
(Program FilesSteamPublicSteamLoginDialog.res
on 64-bit Windows, somewhere else entirely on a Mac) using your favourite text editor (or Notepad if you don’t have a favourite). Take a backup of the file if you’re worried you’ll break it. - In the
"PasswordEdit"
section (starting at about line 42), you’ll see name/value pairs. Make sure that the following values are set thusly:
-
"tabPosition" "1"
-
"textHidden" "0"
-
style="TextEntry"
The next time you load Steam, you’ll be able to paste passwords into the password field. The passwords won’t be masked (i.e. you’ll see the actual passwords, rather than asterisks), but the dialog never loads with a password pre-populated anyway, so as long as you make sure that nobody’s looking over your shoulder while you type, you’re set!
Update: let’s face it, Valve’s security policies suck in other ways, too. Please read the tale of a friend-of-a-friend who’s desperate to change her Steam username.