All Discussions > Steam Forums > Help and Tips > Topic Details
This topic has been locked
Kwisatz_Haderach Oct 16, 2023 @ 2:04am
TOTP as 2FA
Hi @all,

My account is already a few years old, but I'm actually only really using it now.

Steam keeps nagging me to protect my account with steam-guard via an app instead of an email code as a second factor. In principle, that's a good idea. Email only makes limited sense as a second factor, because it would probably be compromised in the case.

However, I would like to avoid another sing etc. priority app on my mobile phone. After all, what are established standards for. In this case, the standard of choice would be TOTP (Time-based One-time Password Algorithm according to RFC 6238). (I already have this for a dozen services (private as well as business) and security, data backup, encryption, etc. has long since been solved cleanly).

Now for the question:
Can I get the key somewhere on Steam? Is there a function for this? Or can the support team do it?

The search only spat out some pretty old hits. Relying on it doesn't make a lot of sense.

Best regards
Benjamin
< >
Showing 1-7 of 7 comments
ReBoot Oct 16, 2023 @ 2:14am 
That standard of choice doesn't cover trades/market transactions. If it did, we wouldn't have any Steam-specific authenticator. There's a couple of open-source Steam authenticator apps out there (I've see two on GitHub). Those don't serve literally your use case, they are open though so you can install one & get all the keys you need.
Last edited by ReBoot; Oct 16, 2023 @ 2:33am
#1
Satoru Oct 16, 2023 @ 2:25am 
Steam already adheres to the TOTP standard

You can’t use a generic authenticator if you want things like push authentication as well as trade content confirmations, not can you do QR code logins. It’s why battle.net is its own authenticator app.
Last edited by Satoru; Oct 16, 2023 @ 2:27am
#2
Kwisatz_Haderach Oct 16, 2023 @ 2:35am 
I couldn't care less about things like push notifications or trade content confirmation from a gaming platform. I just want a secure and easy login.

I'm almost sure I'm not the only one!
#3
Mailer Oct 16, 2023 @ 2:42am 
Originally posted by Kwisatz_Haderach:
I couldn't care less about things like push notifications or trade content confirmation from a gaming platform. I just want a secure and easy login.

I'm almost sure I'm not the only one!
You are not the first to dismiss the Steam Market in favor of a more free 2FA option, but just because you think little of the market right now doesn't mean that it can't be used later to siphon your wallet if your account gets compromised, which is why those trade confirmations are so critical.

That is, assuming you make at least one store purchase every year or so.
Last edited by Mailer; Oct 16, 2023 @ 2:43am
#4
Kwisatz_Haderach Oct 16, 2023 @ 5:26am 
If I had really large sums in my trading account, I would certainly not want the TOTP token to be generated in the same app that I log into.

The idea of 2FA is to separate the two factors so that they cannot both be compromised at once.

The Steam app does exactly the opposite. If someone manages to break into my phone, all they have to do is log me out of the Steam app and then cut my password when I log back in. And he is already in possession of both tokoen.

If I want to do it right, I have my TOTP app on my phone, but I never do logins there, only from the PC.
#5
GetPsyched Nov 10, 2024 @ 9:59pm 
I was just looking for the same thing, I don't want to download yet another app on my phone. Just like OP, I don't give a ♥♥♥♥ about trades. Steam could at least given an alternative with plastering all sorts of warnings, but at least have an option man.
#6
Steven Nov 11, 2024 @ 4:15am 
This thread was quite old before the recent post, so we're locking it to prevent confusion.
#7
< >
Showing 1-7 of 7 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Oct 16, 2023 @ 2:04am
Posts: 7
Start a New Discussion

Discussions Rules and Guidelines