There's the open-source Steam Desktop Authenticator. If you can deal with potential malware compromising your Steam account & stealing all your ♥♥♥♥ without any resistance, use that.

Originally posted by ReBoot:

There's the open-source Steam Desktop Authenticator. If you can deal with potential malware compromising your Steam account & stealing all your ♥♥♥♥ without any resistance, use that.

You have a link, or a term I can use in a search?

EDIT. I found something that looks legit through Google. Assuming it's OK, does it generate a QR code that I can use in my real, legit Yubikey authenticator? 'Cos that's really all I require.

No one is responsible for your actions, nor is Steam if you go out of your way to use things that could compromise your system, or account. Use at your own risk, android emulator.

Fyi you're still require to have a phone numbers and a phone that can receive SMS texting, to link the Steam mobile authenticator to your account.

Originally posted by ReBoot:

https://github.com/Jessecar96/SteamDesktopAuthenticator

Yeah, that's the one I found. It looks legit - as legit as one can expect of something NOT legit... :)

It did NOT give me a QR code that I could use in my legit Yubikey authenticator. However I was able to add Steam to Yubikey by digging through the various files generated by the SDA and finding the 'secret' key and then adding it manually. So now I will use Yubikey and remove this SDA.

I don't trade, I just wanted to make my Steam account more secure, now that I have a Yubikey to do so. Steam really should add a desktop version of their authenticator!

Thanks for your help.

Originally posted by Bannor:

I don't trade, I just wanted to make my Steam account more secure, now that I have a Yubikey to do so. Steam really should add a desktop version of their authenticator!

No. The reason why I'm fine with a third-party project is when a person is able to uphold basic security hygiene (i.e. me, most likely you, surely a few dozen people more), then even the decades-old email 2FA would be absolutely fine, as would be a first-party desktop app. But that first-party desktop app would be pointless as it's running on the same system Steam does so it's 1FA. But for those of us able to uphold basic security hygiene, that would be fine.

You need to understand though that there's heap tons of idiots. I don't even call people idiots for not knowing IT security stuff. I calling them idiots for thinking nothing bad can happen because they're JUST SO ♥♥♥♥♥♥♥♥♥ SMART! Which they are, of course, not. Just look around this forum. There's a thread of someone ranting about their account gotten hijacked which OF COURSE is Valve's fault because the poster is, obviously, infailable.

Now it if were for me, it would be fine. Idiots thinking they're amazing resulting in bad things happen to them, I fail to see the problem. But in some parts of the world (especially in the US, where Valve sits), companies can indeed be held responsible for their customers idiocy. If not by legal means, than by means of public image.

That's why we have a 2-week hold on trades in case of email 2FA (because account-staling malware running on the idiot's PC can hijack the Steam client as well as hijack the idiot's email). That's why you're required to get an actually separate device (phone) for trades to go without holds. Those trades are, by the way, AFAIK the reason for Valve not to following the classical OTP protocol: you simply can't do trades with that (or not reliably anyway). That's the same reason why banks issue own devices for chipTAN: to give the user the possibility to check what they're confirming before they confirm.

Not to say there's no idiots confirming and then wondering where their ♥♥♥♥ went (because not checking is indeed something idiots kinda love doing), but I guess, a line has to be drawn somewhere.

Originally posted by ReBoot:

Originally posted by Bannor:

I don't trade, I just wanted to make my Steam account more secure, now that I have a Yubikey to do so. Steam really should add a desktop version of their authenticator!

No. The reason why I'm fine with a third-party project is when a person is able to uphold basic security hygiene (i.e. me, most likely you, surely a few dozen people more), then even the decades-old email 2FA would be absolutely fine, as would be a first-party desktop app. But that first-party desktop app would be pointless as it's running on the same system Steam does so it's 1FA. But for those of us able to uphold basic security hygiene, that would be fine.

You need to understand though that there's heap tons of idiots. I don't even call people idiots for not knowing IT security stuff. I calling them idiots for thinking nothing bad can happen because they're JUST SO ♥♥♥♥♥♥♥♥♥ SMART! Which they are, of course, not. Just look around this forum. There's a thread of someone ranting about their account gotten hijacked which OF COURSE is Valve's fault because the poster is, obviously, infailable.

I agree 100% about the idiots. No - make that 200%. People are just ♥♥♥♥♥♥♥ stupid.

For me, the 1st-party app would be 2FA - because even if someone was sitting at my PC and I gave them my passwords, they *still* wouldn't be able to get into my account without the physical Yubikey.

Originally posted by Bannor:

Originally posted by ReBoot:

https://github.com/Jessecar96/SteamDesktopAuthenticator

Yeah, that's the one I found. It looks legit - as legit as one can expect of something NOT legit... :)

It did NOT give me a QR code that I could use in my legit Yubikey authenticator. However I was able to add Steam to Yubikey by digging through the various files generated by the SDA and finding the 'secret' key and then adding it manually. So now I will use Yubikey and remove this SDA.

I don't trade, I just wanted to make my Steam account more secure, now that I have a Yubikey to do so. Steam really should add a desktop version of their authenticator!

Thanks for your help.

Can you elaborate on exactly how to do this? I'm a Yubikey noob but I can read and understand the SteamDesktopAuthenticator code.

I did **exactly** what I said I did - dig through the various files generated by the SDA.

Hey! I would highly recommend upgrading to the version 14 pre-release which aims to fix a lot of the recent errors, yours included. (Note: Pre-releases may come with additional errors, when upgrading always keep a backup of the older version until a final version is released)

(When installing new versions of SDA always ensure the it is an official release provided by this repository. Recently attackers have been using link-shorteners to hide fake versions of SDA to steal accounts.)

Official Version 14 Pre-release:
https://github.com/Jessecar96/SteamDesktopAuthenticator/files/12044157/SDA.1.0.14.zip
Or you can navigate to the "versions" section and click on "Version 14 pre-release".

This thread was quite old before the recent post, so we're locking it to prevent confusion.