Skip to content

Using KeePassOTP with Steam

Jump to bottom
Rookiestyle edited this page Oct 3, 2020 · 2 revisions

Many thanks to @koitsu for providing these vefy helpful instructions (cf. #21)

You can use KeePassOTP as your authenticator source, instead of using Steam Guard via your mobile phone, or Steam Desktop Authenticator.
You cannot use KeePassOTP for anything else except logins, other actions like confirming trades, ... are not possible with KeePassOTP.

The tricky part in using KeePassOTP as authenticator for Steam involves getting the OTP seed, which Valve has made difficult for unknown reasons.

The below instructions describe how to obtain the seed using a temporary installation of Steam Desktop Authenticator on Windows. There are several alternate approaches for other OSes and devices, but YMMV.

Setup

  1. Install Steam Desktop Authenticator and follow their instructions slowly.
    • Note: it's important that you save the recovery code shown during setup, in case things go awry. Do not lose this code!
    • Note: Do not define an encryption key during setup of Steam Desktop Authenticator. You won't be able to read the required files in step 4 otherwise
  2. Once Steam Desktop Authenticator is set up and working, keep it running.
  3. Navigate to the maFiles directory within the program directory itself.
  4. Open the file maFiles\STEAM_ACCOUNT_ID.maFile in Notepad.exe or a text editor of your choice. STEAM_ACCOUNT_ID is your 17-digit Steam ID number. The file you've opened is just a JSON file.
  5. Find the string "uri":"otpauth://topt/Steam:YOUR_STEAM_USERNAME:secret=LOTS_OF_CHARACTERS&issuer=Steam" and copy the otpauth://topt/Steam:YOUR_STEAM_USERNAME:secret=LOTS_OF_CHARACTERS&issuer=Steam portion.
  6. Find (or add) the appropriate entry in your KeePass database, and choose KeePassOTP -> OTP Setup.
  7. Paste the above string into the Seed field.
  8. Check the Use advanced options checkbox, and change Type to Steam. Leave the other fields alone.
  9. Verify that the 5-letter OTP code shown in KeePassOTP is the same as that in Steam Desktop Authenticator, ignoring spaces. The codes should be 5 digit alphanumerics, such as F68YG or KTD38, and will automatically change every 30 seconds.
  10. If everything matches, you can delete/uninstall Steam Desktop Authenticator.

Congratulations: can now use the 5-digit value shown in KeePassOTP when prompted for a Steam Guard Mobile Authentication code!

As a reminder, it's recommended you store the authenticator backup recovery code in your KeePass entry in case you ever need to re-configure Steam's OTP/2FA bits.

Resetting everything

If for some reason you need to deauthenticate the authenticator in Steam to re-do this process, you can do so by logging into your Steam account on their website, clicking your account name in the upper right of the page, choosing Account Details, clicking Manage Steam Guard, and Remove Authenticator.

Clone this wiki locally