Originally posted by https://winauth.com/2015/06/11/steam-guard-mobile/:

The Mobile Steam Guard uses a standard time-based one-time password (RFC 6238) to generate the hash from the user’s secret key. However, Steam’s implementation differs from the standard in generating the actual displayed code. Rather than creating a 6 or 8 digit base10 code, Steam keeps compatibility with their existing email codes to create a 5 character string. This string is created from a specific set of 26 letters or digits.

Please Valve, just use the standard TOTP algorithm without screwing with the output.

There are heaps of us who want to use third party apps (e.g. Google Authenticator or Authy) or physical keys (e.g. YubiKey) on which to store our TOTP seeds.