The authenticator's primary purpose is trade/market confirmations, not 2FA. Thus Vale's choice makes more sense.

Originally posted by Snapjak:

The authenticator's primary purpose is trade/market confirmations, not 2FA. Thus Vale's choice makes more sense.

Don't people use it mostly for 2FA? Still, doesn't hurt to have Yubikeys as a two factor authentication method

I doubt that Valve wants to rely on a third party for account security.

The mobile auth works fine as is and doesn't even need to be on an actual phone. Tablets work if you have anything else that can accept SMS, or there is the wildly less secure option of an emulator.

Originally posted by EverNow:

Hello!

I recently bought a Yubikey 5 NFC for a few services

Which of course requires valve to follow suite? You know what valve does accept? Paypal. See if they take yubikey and then transfer that to a steam purchase. If Paypal does not accept it, then it may be for good reason.

Employing fido 2fa would allow compatibility with many devices and increase security without locking people into using the Yubikey.

Originally posted by Ami:

Employing fido 2fa would allow compatibility with many devices and increase security without locking people into using the Yubikey.

Plus why not accept Yubikey? It is very secure, and probably more secure than the existing auth app

Originally posted by EverNow:

Originally posted by Ami:

Employing fido 2fa would allow compatibility with many devices and increase security without locking people into using the Yubikey.

Plus why not accept Yubikey? It is very secure, and probably more secure than the existing auth app

Reason why was already stated.

Originally posted by Snapjak:

The authenticator's primary purpose is trade/market confirmations, not 2FA. Thus Vale's choice makes more sense.

You can't add such confirmations to a Yubikey.

Originally posted by The Living Tribunal:

You know what valve does accept? Paypal.

Read what is something before you downvote it. yubikey is to control access, and increase security.

If users dondt cared to use or would like to use yubikey as protection, it would be an extra step: it wouldnt need to replace the authenticator. it would be possible to have one or both active, because yubikey could be a gate to open the steam client, before it attempts to check to login.

Originally posted by EverNow:

Originally posted by Ami:

Employing fido 2fa would allow compatibility with many devices and increase security without locking people into using the Yubikey.

Plus why not accept Yubikey? It is very secure, and probably more secure than the existing auth app

As I said, it locks people in to using the Yubikey. I know it is more secure than the existing app, I have one as well.
As Yubikey has fido you could still use it, but people who don't have one, have other security keys or want to buy a cheaper one will still have access to enhanced security.

Originally posted by @R+5:

Originally posted by The Living Tribunal:

You know what valve does accept? Paypal.

Read what is something before you downvote it. yubikey is to control access, and increase security.

But does zilch regarding securing trade confirmations. Because that's what the Steam Mobile Authenticator was designed for. Providing elaborate information about a trade you then confirm.
Tell us how you can view the contents of a trade on your Yubikey. I'll wait.

Yubikey(Yubico) is just one company of many that makes physical security keys that support several different kinds of security protocols. Those protocols are not owned by Yubico, many are open source even. Valve would simply be incorporating additional security protocols into their systems. This would ensure much greater security for any users who adopted these methods if made available.

Originally posted by Snapjak:

I doubt that Valve wants to rely on a third party for account security.

And instead relies on three other parties that do not even give a full guarantee of the safety of use?
1. The cell phone number may be lost if the telecom operator terminates the contract as a result of the phone number not being used for some long time.
2. The public email server can delete the mailbox.
3. The phone may get a virus.

And all this against Yubikey which is specifically designed for safe secure work including financial transactions?

Yubikey integration has been asked for before and Valve said no.
Why would Valve put the login security of their users in the hands of another business?

Originally posted by HikariLight:

Yubikey integration has been asked for before and Valve said no.
Why would Valve put the login security of their users in the hands of another business?

Because Valve still puts this control in the hands of the administrator of the public mail service and the manufacturer of the smartphone.
As many as two faces, and both are deeply indifferent to the compromise of their service.

But the seller of the hardware key is not only one person, but he also cannot afford to comment on the hardware and software he sells.
(In fact, not Yubico will be supported, but authentication according to one or another security standard)