I mean the mobile authenticator is already a separate 2FA. Just because its software based doesn't make physical tokens better. They're mostly objectively worse as

1) People lose these things like candy
2) you can't utilize things such as push authentications to a physical token

I would sooner jump into a volcano than try to deploy physical token 2FA again. I was on a first name basis with Fedex because we were shipping out lost RSA tokens CONSTANTLY to our national sales force.

Yes please support FIDO or at least TOTP (both preferably).
Phone apps are cancer.
I'd even overpay for a specific Valve physical key (like Blizzard used to have) just to not have to use a phone.

引用自 tyl0413：

Yes please support FIDO or at least TOTP (both preferably).
Phone apps are cancer.
I'd even overpay for a specific Valve physical key (like Blizzard used to have) just to not have to use a phone.

The mobile authenticator IS a TOTP app.

And why bother using a physical one that has a non-recharge able battery (thus requires you to buy a new one), can get easily broken (thus need to buy a new one), and can get easily lost (thus need to buy a new one).

I'd say a phone app that is FREE is far better than something I would have to pay for to replace everytime I lose, break, or it's battery dies.
The physical keys are a blatant way to just take your money.

引用自 Hikari Light：

引用自 tyl0413：

Yes please support FIDO or at least TOTP (both preferably).
Phone apps are cancer.
I'd even overpay for a specific Valve physical key (like Blizzard used to have) just to not have to use a phone.

The mobile authenticator IS a TOTP app.

And why bother using a physical one that has a non-recharge able battery (thus requires you to buy a new one), can get easily broken (thus need to buy a new one), and can get easily lost (thus need to buy a new one).

I'd say a phone app that is FREE is far better than something I would have to pay for to replace everytime I lose, break, or it's battery dies.
The physical keys are a blatant way to just take your money.

Yeah its a proprietary TOTP that you need a app for and a number to use instead of doing it like every normal company who lets you just put it in whatever TOTP app you want.
Phone app is not free when Im soon forced to buy a new phone when they brick the current version again which I will not do.
You clearly know nothing about physical keys, they don't have batteries, don't drain and don't need replacement unless you lose it or snap it in half I guess.
Obviously it should be an extra option for those that already have one wanting to use it on here, normal TOTP for everyone else.

引用自 tyl0413：

引用自 Hikari Light：

The mobile authenticator IS a TOTP app.

And why bother using a physical one that has a non-recharge able battery (thus requires you to buy a new one), can get easily broken (thus need to buy a new one), and can get easily lost (thus need to buy a new one).

I'd say a phone app that is FREE is far better than something I would have to pay for to replace everytime I lose, break, or it's battery dies.
The physical keys are a blatant way to just take your money.

Yeah its a proprietary TOTP that you need a app for and a number to use instead of doing it like every normal company who lets you just put it in whatever TOTP app you want.
Phone app is not free when Im soon forced to buy a new phone when they brick the current version again which I will not do.
You clearly know nothing about physical keys, they don't have batteries, don't drain and don't need replacement unless you lose it or snap it in half I guess.
Obviously it should be an extra option for those that already have one wanting to use it on here, normal TOTP for everyone else.

Current security works just fine without adding more.
Maybe if you stopped downloading anything and everything you wouldn't need a dozen security methods.
And before you complain more, I use 2FA systems, but I don't bother wasting my time demanding a service use security they don't want to use.

引用自 Hikari Light：

引用自 tyl0413：

Yeah its a proprietary TOTP that you need a app for and a number to use instead of doing it like every normal company who lets you just put it in whatever TOTP app you want.
Phone app is not free when Im soon forced to buy a new phone when they brick the current version again which I will not do.
You clearly know nothing about physical keys, they don't have batteries, don't drain and don't need replacement unless you lose it or snap it in half I guess.
Obviously it should be an extra option for those that already have one wanting to use it on here, normal TOTP for everyone else.

Current security works just fine without adding more.
Maybe if you stopped downloading anything and everything you wouldn't need a dozen security methods.
And before you complain more, I use 2FA systems, but I don't bother wasting my time demanding a service use security they don't want to use.

I need two, my normal TOTP that works with everything, and Steam because they refuse to support standards like everyone else.

引用自 Hikari Light：

引用自 tyl0413：

Yes please support FIDO or at least TOTP (both preferably).
Phone apps are cancer.
I'd even overpay for a specific Valve physical key (like Blizzard used to have) just to not have to use a phone.

The mobile authenticator IS a TOTP app.

And why bother using a physical one that has a non-recharge able battery (thus requires you to buy a new one), can get easily broken (thus need to buy a new one), and can get easily lost (thus need to buy a new one).

I'd say a phone app that is FREE is far better than something I would have to pay for to replace everytime I lose, break, or it's battery dies.
The physical keys are a blatant way to just take your money.

Physical keys have NO battery at all. They are cheap. They don't require you to have a stupid android iOS phone, which both suck. A physical key is better in every way than a phone app. And they are extremely hard to break, actually, unlike most modern "one-year" phones.

I strongly disagree that the current authentication is "working fine". I got hacked and they bypassed my 2FA. Hence why I want physical keys...

引用自 Sera ˚ʚ♡ɞ˚：

I strongly disagree that the current authentication is "working fine". I got hacked and they bypassed my 2FA. Hence why I want physical keys...

you were hijacked or phished, not hacked

引用自 Ferox_Stormdragon：

引用自 Sera ˚ʚ♡ɞ˚：

I strongly disagree that the current authentication is "working fine". I got hacked and they bypassed my 2FA. Hence why I want physical keys...

you were hijacked or phished, not hacked

That's the point. You can not* (with asterisk) do it when someone has a physical key.
You'd need physical access to the key to log in, and then again to unlink the key from the account. You'd also need physical access to the key to clone it (assuming a vulnerability is known).
You can still use a physical key to access whatever steam sends it's 2fa code to. Neither email nor sms are encrypted, though.

引用自 WoJo ©：

引用自 Ferox_Stormdragon：

you were hijacked or phished, not hacked

That's the point. You can not* (with asterisk) do it when someone has a physical key.
You'd need physical access to the key to log in, and then again to unlink the key from the account. You'd also need physical access to the key to clone it (assuming a vulnerability is known).
You can still use a physical key to access whatever steam sends it's 2fa code to. Neither email nor sms are encrypted, though.

they don't send a 2fa code if you scan the qr code

引用自 Ferox_Stormdragon：

引用自 Sera ˚ʚ♡ɞ˚：

I strongly disagree that the current authentication is "working fine". I got hacked and they bypassed my 2FA. Hence why I want physical keys...

you were hijacked or phished, not hacked

FIDO keys can't be phished BTW.

引用自 Ferox_Stormdragon：

they don't send a 2fa code if you scan the qr code

That's 'cuz you use the mobile app as 2fa... which I don't understand why anyone would do.
Then again, physical key would be required to use the mobile app just as well as the desktop one. So one way or the other, you would have to touch the key at least once to log in, and at least once more to change your login credentials.

Why use a phone that you may replace or a fob that you may lose? What about a read only usb device that functions as a hardware key for your steam account? Plug it in and leave it in so when you turn on your computer and steam boots up you are logged in as an authorized user. Then if you go somewhere else to play like a library or internet cafe or a friends house you just plug in your usb key and start steam and you have access to your games.

Any time you lose your key call steam, they deactivate your usb key and mail you a new one for your account.

引用自 player：

Any time you lose your key call steam, they deactivate your usb key and mail you a new one for your account.

The keys are not made by valve (they can be, but why,,, it would ultimately lead to trouble). You just use your own key, assign 2 or 3 different ones to your account. If you lose (or damage) 1, you have a spare or 2, so you just buy another one, remove the old one from your account and add the new one.