steam-guard.md

Steam Guard

Steam Guard is the Two-Factor authentication system you can enable to protect your Steam account. It works exactly as any 2FA protection, except that the One-Time Passwords are generated by the Steam Guard Mobile Authenticator only (or received by e-mail).

As Steam does not provide a standard way to use an alternative OTP app like 2FAuth, the workaround is to get the OTP secret thanks to a third-party app. Once recovered, you will be able to use 2FAuth in place of the Steam Mobile Authenticator.

!!!warning This guide assumes you are a Steam user with some advanced skills who may already be using one of the following third-party apps. Installation and registration processes of the third-party apps are not described here, please refer to their respective documentation. !!!

!!!danger The secret is a sensitive data. Don't share it with anyone, don't save it anywhere without any protection. !!!

Getting the Steam secret

Steam Desktop Authenticator (SDA)

If your SDA data are encrypted, you need to (temporarily) disable encryption in order to read the secret:

==- How to disable encryption in SDA

• Click the [!button size="xs" variant="light" text="Setup Encryption"] button of SDA
• Type the current password
• Submit the following 2 forms empty

!!!success Encryption if now Off !!!

==-

Get the secret:

• Open your SDA installation directory
• In the ./maFiles subdirectory, open the file *.maFile
• The secret is the string surrounded by secret= and &issuer=Steam in the uri field value

Example

In the following fake .maFile, the secret is D5RTFGT8Z7SW4DYU6I9UH5F4RRE1DF4G

{
    "shared_secret": "KDHC3rsY8+CmiswnXJcE5e5dRfd=",
    "serial_number": "15286247589885632548",
    "revocation_code": "R52287",
    "uri": "otpauth://totp/Steam:johndoe?secret=D5RTFGT8Z7SW4DYU6I9UH5F4RRE1DF4G&issuer=Steam",
    "server_time": 1656059488,
    "account_name": "johndoe",
    "token_gid": "2d5ff8e7zs448e9f",
    "identity_secret": "W~,7%&cXs<8tY&nG=If81zEdrtc=",
    "secret_1": "$=}5NSF@c8o,tjh1zz2=",
    "status": 1,
    "device_id": "android:3dfe0914-d41f-426c-9ba4-b344e563a394",
    "fully_enrolled": true,
    "Session":{...}
}

!!!warning Don't forget to set SDA encryption back On !!!

!ref icon="globe" target="blank" text="Steam Desktop Authenticator"

steamguard-cli

• Open your steamguard-cli config directory, usually ~/.config/steamguard-cli/
• In the ./maFiles subdirectory, open the file *.maFile
• The secret is the string surrounded by secret= and &issuer=Steam in the uri field value

||| In this fake .maFile the secret is D5RTFGT8Z7SW4DYU6I9UH5F4RRE1DF4G

{
    ...
    "uri": "otpauth://totp/Steam:johndoe?secret=D5RTFGT8Z7SW4DYU6I9UH5F4RRE1DF4G&issuer=Steam",
    ...
}

||| !ref icon="globe" target="blank" text="steamguard-cli"

Adding to 2FAuth

The manual way

Now that you got your steam secret, simply create a new account in 2FAuth using the advanced form:

• Click the [!button corners="pill" size="xs" text="New"] button
• Click the [!button corners="pill" size="xs" text="Use the advanced form"] button
• Fill the form:
  • Fill in the Account field
  • Click the [!button corners="round" size="xs" variant="dark" text="STEAM"] button
  • Fill in the Secret field with your Steam secret
• Click the [!button corners="pill" size="xs" text="Create"] button to save the account

:::mobile-screen :::

QR code also works

If you feel more confortable with QR codes, you can generate a QR code from the entire uri field of the *.maFile :

otpauth://totp/Steam:johndoe?secret={YourSecretHere}&issuer=Steam

Then flash (or upload) the QR code to add the account to 2FAuth, just like any other QR code.

!!! warning Avoid online generators As said earlier, the secret is a sensitive data. You should definitely avoid online generators to convert such data. !!!