This page describes the hidden special features implemented in andOTP. Most of these features will be non-standard OTP algorithms that were implemented on special request. Since I don't have time to fully support every algorithm out there those are hidden and only for users that know what they are doing. There will be no further support for those algorithms other than implementing them. In most cases the user will have to figure out how to get their shared secret for the account they want to add by themselves. Remember: Google is your friend! Any questions on how to get the secret will be ignored (like I said, no further support).
How to enable the special features
- This only works with andOTP versions newer than v0.2.8
- Go to the "About" page in andOTP
- Find the tile that says "Version"
- Tap it 7 times (will start to count after 3 taps)
- Read and understand the dialog that pops up
- Click on "OK"
After the features are enabled they will persist until you clear the apps data. Even then already added accounts with non-standard algorithms (from a restored backup for example) will still work, you just won't be able to add new ones.
Steam Guard codes
- Supported since: v0.2.8
- Description: Steam uses a slightly modified version of the standard TOTP algorithm for its Steam Guard. This version uses letters in addition to numbers to encode the OTP token. Since only the encoding is different this was very easy to implement in addition to the standard TOTP tokens. The only challenging part is for the user to get the shared secret (see below).
- Limitations: Trading won't work if you just use andOTP and not the official authenticator since you won't be able to confirm trades. This will never be implemented as it is far beyond the scope of a simple 2FA app, so please don't ask for it.
How to get the shared secret: Follow the method for your device in the guide available here, except where it says to get the
"shared_secret"field, instead get the secret from the
"uri"field follows the more common
otpathformat which looks like this:
"uri":"otpauth:\/\/totp\/Steam:USERNAME?secret=################################&issuer=Steam". You need to grab everything from the end of
&issuer=Steam". The resulting string can be input into andOTP as your accounts Secret. Don't forget to check if andOTP displays the same token as the app you used to extract the shared secret!
- Supported since: v0.3.1
- Description: Allows developers (and users) to take screenshots of the main screen without having to re-compile the app.