A few days ago I had another one of those suspicious login attempts to my Steam account. Probably the 3rd or 4th I've ever had total, but my first in a while. So I finally broke down and changed my steam password to a crazy long one with xkcd password strength rules:http://xkcd.com/936/
And just got yet another suspicious login attempt. Changing my password didn't help.
To my knowledge, nobody has actually managed to access my account. My dollar and change in my steam wallet is still secure and none of my Dota hats have gone missing, but these suspicious logins are starting to annoy me. Doesn't getting to that point in the login process, where Steam is emailing me the 5-character login codes, actually require the 3rd party to have actually attempted a login WITH my password?