It is kind of annoying that Steam doesn’t enable the usage of third-party OTP apps. To be fair, when they first implemented the feature, that wasn’t widely used and plenty of websites only enabled the use of one specific OTP app like Authy or Google Authenticator. They recently added a QR code login feature, which makes sense, but that still shouldn’t stop them from enabling MFA via third party OTP apps.
Some third party apps allow you to import your Steam OTP, such as Gnome Authenticator
However to obtain it in the first place you need to either use SteamDesktopAuthenticator (GitHub), an android emulator on your PC, or a rooted device to export your key…
It also breaks your ability to do some actions with steam such as changing your email address because god forbid you enter the TOTP instead of pressing accept or something in the app
This is currently me, wanting to update my email but not wanting to go through the hassle of changing my authenticator back to my steam app then re exporting the key to put it back in Bitwarden.
So frustrating that they have to be ✨special✨ with their authenticator algorithm AND ALSO require the app for people who have reverse engineered it.
It seems like they implemented the extra security via the app and went “ehhh… good enough” and then promptly forgot about it and never touched it again.
Steam is the one that I’m most disappointed by. Them, followed closely by Blizzard and banks.
Every largeish online service provider has good MFA, including Microsoft, Google, Meta, the company formerly known as Twitter, etc (just to name a few). Yet, the video game platforms are still playing with what feels like Tonka trucks.
It is kind of annoying that Steam doesn’t enable the usage of third-party OTP apps. To be fair, when they first implemented the feature, that wasn’t widely used and plenty of websites only enabled the use of one specific OTP app like Authy or Google Authenticator. They recently added a QR code login feature, which makes sense, but that still shouldn’t stop them from enabling MFA via third party OTP apps.
Some third party apps allow you to import your Steam OTP, such as Gnome Authenticator
However to obtain it in the first place you need to either use SteamDesktopAuthenticator (GitHub), an android emulator on your PC, or a rooted device to export your key…
Thanks for mentioning this! I had no idea
https://bitwarden.com/help/authenticator-keys/#steam-guard-totps
I’ve always hated that I don’t have two factor on my steam account, because of that proprietary app requirement.
Thankfully bitwarden supports it!
It also breaks your ability to do some actions with steam such as changing your email address because god forbid you enter the TOTP instead of pressing accept or something in the app
This is currently me, wanting to update my email but not wanting to go through the hassle of changing my authenticator back to my steam app then re exporting the key to put it back in Bitwarden.
So frustrating that they have to be ✨special✨ with their authenticator algorithm AND ALSO require the app for people who have reverse engineered it.
It seems like they implemented the extra security via the app and went “ehhh… good enough” and then promptly forgot about it and never touched it again.
Steam is the one that I’m most disappointed by. Them, followed closely by Blizzard and banks.
Every largeish online service provider has good MFA, including Microsoft, Google, Meta, the company formerly known as Twitter, etc (just to name a few). Yet, the video game platforms are still playing with what feels like Tonka trucks.
Oh well.