I don't know what you mean. They already have 2FA of some type.

If you log in via non-normal means, you get a code sent to your email you must enter.

Exactly what are you asking here, as per what methods?

Originally posted by crunchyfrog:

I don't know what you mean. They already have 2FA of some type.

If you log in via non-normal means, you get a code sent to your email you must enter.

Exactly what are you asking here, as per what methods?

As in using an actual 2FA authenticator app, similar to something like Authy on mobile, lots of places allow you to just use a 3rd party authenticator app to generate 2FA codes so you don't need to wait for an email or text, steam uses the mobile app as an authenticator currently

Originally posted by Cypherous:

Originally posted by crunchyfrog:

I don't know what you mean. They already have 2FA of some type.

If you log in via non-normal means, you get a code sent to your email you must enter.

Exactly what are you asking here, as per what methods?

As in using an actual 2FA authenticator app, similar to something like Authy on mobile, lots of places allow you to just use a 3rd party authenticator app to generate 2FA codes so you don't need to wait for an email or text, steam uses the mobile app as an authenticator currently

Sure, but you need to understand that using third party apps introduces an unnecessary vulnerability to be attacked.

You seem to think Valve haven't considered this?

Valve wants to use their own in house authenticator and there are no signs of this changing after the multiple mobile app updates.

Originally posted by Cypherous:

I have literally zero use for having steam installed on my device, however i want to enable 2FA, so when are you going to enable 3rd party 2FA systems?

Valve already use 2FA.

Originally posted by Cypherous:

As in using an actual 2FA authenticator app,

Already exists. Steam Guard Mobile app.

Originally posted by crunchyfrog:

If you log in via non-normal means, you get a code sent to your email you must enter.

What's a "non-normal means?"

For Steam, you're always getting this if nothing else is enabled, and I think you can choose what to use if you have multiple methods available.

Originally posted by cSg|mc-Hotsauce:

Valve wants to use their own in house authenticator and there are no signs of this changing after the multiple mobile app updates.

:nkCool:

They want people to use the app to secure trades and the best way to assure people install it is to tie the authentication to it.

Originally posted by Nx Machina:

Originally posted by Cypherous:

As in using an actual 2FA authenticator app,

Already exists. Steam Guard Mobile app.

Yes, but i don't need the steam app for any reason, so installing it just for 2FA when 3rd party 2FA soloutions work and are used by numerous other companies means its not worth installing just for that

Originally posted by crunchyfrog:

Originally posted by Cypherous:

As in using an actual 2FA authenticator app, similar to something like Authy on mobile, lots of places allow you to just use a 3rd party authenticator app to generate 2FA codes so you don't need to wait for an email or text, steam uses the mobile app as an authenticator currently

Sure, but you need to understand that using third party apps introduces an unnecessary vulnerability to be attacked.

You seem to think Valve haven't considered this?

And yet, numerous places use them just fine, including one of if not the largest 3rd party payment provider Stripe, so no there really isn't any more of a risk than using their authenticator app as all you need for that is the username and password anyway, which if you're trying to get 2FA codes you probably already have, its also a valid reason to keep those 2 services independent as you're doubling the number of attacks someone has to do to compromise your account

The official reason I once read in some news posting is that they wanted to show details of a to be confirmed trade and this not being possible (generally...) outside of an own solution.

Yes. At least for e.g. login sounds very much like standard NIH-syndrome...

Originally posted by Cypherous:

Yes, but i don't need the steam app for any reason, so installing it just for 2FA when 3rd party 2FA soloutions work and are used by numerous other companies means its not worth installing just for that

Oh! The irony:

You do not need it just for 2FA BUT want to use a 3rd party 2FA just for 2FA.

Irrelevant what other companies do.

It is Valve's platform, Valve's choice of security in the exact same way my bank uses their own etc.

Originally posted by Yujah:

The official reason I once read in some news posting is that they wanted to show details of a to be confirmed trade and this not being possible (generally...) outside of an own solution.

Yes. At least for e.g. login sounds very much like standard NIH-syndrome...

It's generally NIH.

The login system has been improved a lot compared to how it used to be; they have separated the "authentication" from the actual login, and made it generic enough so new systems can be added without breaking existing code.

At least for logins, they could definitely add a standard authenticator, and let users decide what they want to use for a given login. Or they could do it like github -- they tend to use different auth methods to ensure you can still use them.

I have never done anything with trade confirmations, though, so I don't know how that is currently built. However, it's the same thing -- make it more generic, and let the user decide. if they can't see the trade on the authenticator, that's their thing. They can still see the trade in the webbrowser where they have just initiated it, and if they want to see it in the authenticator too, they can just install the app and use that.

Also, showing the trade has gotten worse, not better. Nowadays, you can only see the icons. You used to be able to "click" on them to actually get the information about this particular item... didn't always work perfectly because Valve is too dumb to move these popups around so they fit on the screen, but that's solvable...

Originally posted by Yujah:

The official reason I once read in some news posting is that they wanted to show details of a to be confirmed trade and this not being possible (generally...) outside of an own solution.

Yes. At least for e.g. login sounds very much like standard NIH-syndrome...

Not sure what any of that has to do with a 2FA for login though, and they can still verify the 2FA code is correct so its pretty much a non-issue

The reason they want you to use the steam mobile app is to keep the store in front of you so that you might make purchases, which is redundant seeing as i'm sat on PC looking at it already, having a steam storefront app on my phone serves literally no purpose to me

When 3rd-party 2FA will support (mostly) arbitrary stuff such as trading & market confirmations. That's when 3rd-party 2FA will become a viable option on Steam. So far, no 3rd-party 2FA does that so don't bother expecting 3rd-party 2FA support on Steam.