1) Different passwords for e-mail and Steam
2) Steam Guard enabled. I believe if you type in this code incorrectly many times your account is disabled briefly, but I'm not sure. Never tried!
3) Use Google/Yahoo mails two-tier authentication (SMS is available for both, and Google authenticator for Google mail).

Keep Steam Guard on at all times. Keep both passwords different and complex. Use two-tier verification on your email account. No-one is getting through that in a hurry!

Steam has enough security.
Notice that most of the hijacks reported are cases of.
1-Users disabling Steamguard
2-Users handling their credentials to a phisher (LOGIN HERE TO GET STEAM FREE GAMEZ!!!)
3-Users with infected machines (Goto 2)

The actual security layers are more than enough to stop most hijackers. You can also use Gmail two-tier autentication for extra security.

More locks don't make a door more secure.

as long as you arent stupid then your account cant get hacked
what frazer said is more than enough to keep your account secure and as long as you dont put your details into places other than steam then it shouldnt be a problem

agreed^ more locks do not make a door more secure if there is a way around or if someone gives you the key (putting account details in a phishing site)

Originally posted by FrazerJC:

2) Steam Guard enabled. I believe if you type in this code incorrectly many times your account is disabled briefly...

That is worrisome. If someone tries logging in enough time on an unauthenticated device it shouldn't affect other already registered devices by disabiling your legit ability to log on using them. Otherwise a hacker could just try your account enough (assuming they knew the account and password) and ruin your day even though they never got to really log in and do damage.
And I wonder if it kicks you off our legit current session before or after they enter the right code.

You seem to be quite ignorant, and simply out to post. Either that or you just don't know what you're talking about. Valve has only had one recorded security breach (released to public), and they were quick to fix everything. Security is one of Valve's largest practices, and they take plenty of precautions to securing their releases. Yes, there was once an avatar exploit because one developer was using _REQUEST instead of _POST. That security issue is resolved now however, and nothing too horrible could have been done besides changing your avatar.

Valve knows what they're doing, and for you as a customer(who has possibly no knowledge on the subject, I'm inferring this due to your post which carries no technical detail at all in areas in which Valve needs to improve their security).

If you fall into a phishing attack, then that's your fault for not having the basic knowledge to see that the domain name is not gtm.steamproxy.vip or steampowered.com .

Steamgaurd does not offer much security besides the fact that it requires email confirmation, but it is likely that if the account was successfully logged in(besides steamgaurd) then that the blackhat can easily get into their e-mail account.

Another method of stealing steam accounts is via malware, commonly used is the RAT. RAT stands for Remote Access Tool, think of it as a remote desktop control program. This malware is often bought by 12 year olds who only know how to use a piece of software and steal their grandma's credit card. Skiddies.

Another possible way to make it harder to see that you're being phished is if your computer has been infected, the hacker may do a 'DNS attack', as in pointing gtm.steamproxy.vip to a phishing website's IP address. You will appear to be on gtm.steamproxy.vip, but you are actually accessing an entirely different server. One the hacker controls.

For some reason people expect bank-level security for an online game store. That's rather stupid if you ask me. Valve does more than enough to keep their users safe.

Originally posted by DarkChristmastalMethod:

That is worrisome. If someone tries logging in enough time on an unauthenticated device it shouldn't affect other already registered devices by disabiling your legit ability to log on using them. Otherwise a hacker could just try your account enough (assuming they knew the account and password) and ruin your day even though they never got to really log in and do damage.

As said, I don't know if that's true or not. I remember hearing that failure to type in the Steam Guard code multiple times does something. Maybe it just makes the code sent to the e-mail address invalid and you have to type in your password again and get a new code. ... That sounds more likely, actually. :)

Originally posted by Tito Santa is coming to town:

Steam has enough security.
Notice that most of the hijacks reported are cases of.
1-Users disabling Steamguard
2-Users handling their credentials to a phisher (LOGIN HERE TO GET STEAM FREE GAMEZ!!!)
3-Users with infected machines (Goto 2)

The actual security layers are more than enough to stop most hijackers. You can also use Gmail two-tier autentication for extra security.

More locks don't make a door more secure.

this has discuss before i think http://gtm.steamproxy.vip/discussions/forum/10/846939615090658655/

Originally posted by MeanWalrus:

For some reason people expect bank-level security for an online game store. That's rather stupid if you ask me. Valve does more than enough to keep their users safe.

Funny enough, i've seen online banks with less security than what Steam has right now...

lol tito :)

but yea, i would like to see valve put in full x509 skey authorization so we can order or make usb keys.