Categories
Device

How to add two-factor authentication to steam

How to add two-factor authentication to steam

How to add two-factor authentication to steam

With Steam being such a popular gaming platform, there are millions of people using it every day. Just like for any other respectable online service, it’s possible to add two-factor authentication to Steam for an additional layer of security.

Two-factor authentication works in a simple manner – you don’t just need to enter your password, you will also be sent a code on your phone that also has to be used during the login process. This way, if someone were to get a hold of your password they still wouldn’t be able to log into your account.

How to add two-factor authentication to Steam

How to add two-factor authentication to steam

To start, open Steam in your web browser and log into your account. Click your profile name in the upper-right corner then select “Account details”.

In the “Account Security” section, select “Manage Steam Guard account security”.

How to add two-factor authentication to steam

You can also do this from your Steam desktop app. Just launch it, select the “Steam option from the upper-left menu and click “Manage Steam Guard account security”.

Regardless if you’re on the Steam website or desktop app you have two options: you can opt to receive the codes via email or have them sent to your smartphone via the Steam app.

Get Steam codes via email

How to add two-factor authentication to steam

If you want to receive your code via email, click the “Get Steam Guard Codes by email” option. Once you receive the email, open it and copy the code it contains.

How to add two-factor authentication to steam

Enter it in the dedicated field on the login screen then click “Submit”.

Get Steam codes via the Steam app on your smartphone

To use this option you will need to have the Steam app installed on your smartphone. If you don’t have it already, visit one of the links below to get the app on your iPhone or Android device:

Launch the Steam app on your phone and login using your regular username and password. If you’ve previously set up the Steam Guard codes to be sent via email you will need to use the access code you’ll receive in order to log in.

How to add two-factor authentication to steam

Open the side menu and tap “Steam Guard” then select “Add authenticator”. To continue, enter the phone number you’re using on this smartphone and tap “Add phone”.

How to add two-factor authentication to steam

An SMS will be sent to your phone immediately. Open it and enter the code in the Steam app then tap “Submit”.

How to add two-factor authentication to steam

On the following screen, you will receive a recovery code. This has nothing to do with the two-factor authentication codes. This code can be used to recover your Steam account in case you ever lose your phone. Follow the on-screen recommendation and store it in a safe place. After you do this, hit the Done button.

With two-factor authentication enabled, when you want to log into Steam you will need to launch the Steam app on your smartphone and select “Steam Guard” from the side menu. Keep in mind the generated code is valid for a limited time so if you don’t use it before the timer resets you will need to enter the next generated code.

How to add two-factor authentication to steam

If you’ve been playing PC games in the last few years, the accumulated games in your Steam account are probably worth hundreds (or maybe even thousands) of dollars. Perhaps even more importantly, your Steam account might contain in-game items that can be traded for real-world cash…and thus, stolen with some very real consequences. So it’s a very good idea to apply Valve’s Steam Guard two-factor authentication to your account.

Two-factor authentication, for those who don’t know, is an extremely important security feature you should enable on all of your accounts. It forces you to log in with not just a password (something you know), but a code from your phone (something you have). That way, if someone gets a hold of your password, they still won’t be able to get into your account.

How to add two-factor authentication to steam

To enable it in Steam, open your browser and log in to your Steam account. Click your account name in the upper right-hand corner, then click “account details.” Under the “Account Security” portion of the page, click “Manage Steam Guard account security.”

How to add two-factor authentication to steam

Alternatively, you can open the Steam desktop application, click the “Steam” menu item in the upper left-hand corner, then “Manage Steam Guard account security.”

Option One: Receive Your Code via Email

From this screen you can choose email codes or codes sent to the official Steam App on your smartphone. Click “Get Steam Guard Codes by email” if you don’t want to use your phone: you’ll be sent an email that looks like this one whenever you log in to Steam either on the web or via the desktop app.

How to add two-factor authentication to steam

Copy the code from your email and put it into the field that appears on the login screen:

How to add two-factor authentication to steam

Click “submit” and you’re ready to go.

Option Two: Receive Your Code via the Steam Smartphone App

For the mobile version of Steam Guard, download the app on your phone: here are the links for the Android version and the iPhone app.

How to add two-factor authentication to steam

On your phone, log in with your standard Steam account and password. If you already have Steam Guard set up via email, you’ll need to check your inbox for another access code before continuing.

How to add two-factor authentication to steam

Tap the side menu button, then “Steam Guard,” the first item below your Steam username. Tap “add authenticator,” then enter the phone number of the device you’re currently using. Tap “add phone.”

How to add two-factor authentication to steam

You should receive a text message right away. Enter the code within in the next screen, and tap “Submit.”

How to add two-factor authentication to steam

On the next screen you’re given a recovery code. This is separate from the codes you’ll receive whenever you log in to Steam on your computer: it’s a permanent means of recovering your account if you should lose your phone. Take the app’s advice and put the code somewhere secure. Press “Done” when you’re ready.

How to add two-factor authentication to steam

Now when you log in to your Steam account on any device, you’ll need to open the Steam app on your phone and tap “Steam Guard” in the menu. Note that the code cycles continuously: if you don’t enter it in time on your computer or other device, you’ll need to use the next code that appears as the timer resets.

How to add two-factor authentication to steam

Steam – Turn on 2FA – How to Add Two-Factor Authentication for Steam Web or Mobile App

Note: We are reader supported and may earn a small commission when you click on links in posts

Steam Guard is Steam’s proprietary two-factor authentication (2FA) protocol used to protect accounts from hackers. Steam Guard is used to protect accounts from hackers or unauthorized access by requiring users to enter a security code each time they log in.

Steam Guard 2FA works differently on the website than on the mobile app. With Steam Guard enabled, users must log in from an authenticated mobile device. Alternatively, when logging in from a laptop or desktop computer, users must enter a code sent to the email address associated with the account.

How to Use Two-factor Authentication for Steam – Web Desktop or Laptop

Steam sets a cookie for website logins from laptop and desktop computers. To use two-factor authentication, users will have to verify their email address used for the account and enable 2FA in account settings. With two-factor authentication enabled, each time a user attempts to login into Steam, they will be sent an email with a code that must be entered each time they log in.
With Steam Guard enabled, Steam saves a cookie to remember your computer or browser.

Where is the Steam Guard Menu? Web Steam

Steam Guard for a laptop or desktop computer is turned on in Steam account settings.

  1. Log into your Steam web client
  2. Click on Steam in the upper left corner
  3. Go to Settings
  4. Under the Account tab, select Manage Steam Guard Account Security
  5. Click on Manage Steam Guard
  6. Select Get Steam Guard codes by email (will require you to re-login)

How to add two-factor authentication to steam

Each time you try to log into your Steam account when Steam Guard is enabled, a text code will be sent to the email address attached to the Steam account.
Your browser must have cookies enabled for Steam Guard to work properly.

Why is Steam Guard is Not Working?

If Steam Guard web client is still not working then you may have your web browser security is set to high, private browsing enabled, or your web browser may be clearing cookies when you exit.

How to Add Two-Factor Authentication to Steam – Mobile App

The email address associated with your Steam account can be used for web client 2FA and for account recovery, but it does not enable two-factor authentication for mobile devices.

To use Steam Guard on a mobile device users need to download the Steam app. After that, they must authenticate their phone with their team account. Users receive a unique Steam Guard code that must be used each time they log in from the mobile app. The code changes occasionally.

Where is the Steam Guard Menu? Steam Mobile App

  1. Download the Steam app from the official Google Play store or the are the Apple store. Never download any app from third-party websites
  2. Open the Steam app and login
  3. Select Steam Guard from the menu
  4. Choose Add Authenticator and follow the instructions
  5. Enter your phone number in the pop-up screen
  6. Steam guard mobile authenticator is now enabled

A confirmation code will be sent and must be entered into the app to authenticate the phone. Entering a phone number into the Steam app authenticates the device. When a mobile device is authenticated with Steam Guard, users are sent a permanent recovery code that they should keep in case they need to recover their Steam account.

What is two-factor Authentication

Two-factor Authentication is a way to secure an online account by requiring a second step each time you log in. A common form of two-factor authentication is requiring the user to enter a code sent to an email address associated with an account. To login, the user enters a username and password. After the text code is sent to their email, it must be entered on the screen to complete the login process. Another common form of 2FA is sending the login code via SMS text to a pre-authorized mobile device.

Google Authenticator cannot be used as an alternative authenticator app for Steam

What is Steam?

Steam is a video game digital distribution platform developed by Valve Corporation. It was launched in September 2003 as a way for Valve to provide automatic updates for their games. It eventually expanded to include games from third-party publishers. The platform has over 30,000 games. Steam games include PUBG, Rainbow Six Siege, Grand Theft Auto, and Warframe. There is no monthly subscription with steam

Two-factor authentication ensures that only users with trusted devices can log on. To provide two-factor authentication, you configure the OTP service. Then, end-users scan tokens and obtain passcodes using Sophos Authenticator.

Objectives

Specify OTP service settings

First, you turn on the OTP service. Then, to maximize the protection this type of authentication offers, you require all users to use it. You also specify the features for which two-factor authentication is required.

The following steps are executed on the firewall.

Option Description
One-time password On
OTP for all users On
Auto-create OTP tokens for users On

Obtain a token and passcodes

End-users scan the OTP token through the user portal using Sophos Authenticator. The authenticator then provides passcodes.

The following steps are executed by an end-user.

  1. Download Sophos Authenticator for Android or Sophos Authenticator for iOS on a mobile device.
  2. Log on through the user portal.

The Steam platform is designed to encourage users to use two-factor authentication. One of the community tasks (achievement-like objectives) on Steam is “Use the Steam Mobile App for two-factor authentication”. This is visible on public profiles for anyone.

This could let possible hackers quickly find out whether an account uses two-factor authentication, letting them choose targets more efficiently.

Should people be concerned about this security risk? Should it be reported to Valve? Or is it harmless?

Doesn’t this feature completely undermine the purpose of 2FA as hackers would simply avoid accounts with it and choose other accounts that are valuable targets without 2FA?

How to add two-factor authentication to steam

3 Answers 3

I think this works a bit like a home alarm system sign. Just the sign itself in your front lawn will deter burglars from even trying to get into your home because of how much more difficult it looks like it will be.

In a similar sense, having this achievement acts like the sign: if an attacker saw this they might not even try to get into this account because it’s increased perceived difficulty.

Does this increase the likelihood of another account being targeted?

  • I’d say yes since the pool of potential targets just became smaller, any individual in that pool has an increased chance to be a target

What can those without the achievement do to reduce their chance of being attacked?

  • Put up a home security sign (Enable two factor authentication!)

Summary: It doesn’t undermine two factor authentication but, hopefully, encourages others to follow best practices in securing their accounts.

How to add two-factor authentication to steam

It does not undermine the purpose of 2FA, but it might affect the security of users not using 2FA.

The goal of 2FA is to change login to require, well two factors. Specifically, something you know and something you have. Publishing a list of users that use 2FA does not reduce the security of 2FA. An attacker still must obtain the password and the device.

On the other hand, there may be attack strategies that only work for accounts that do not use 2FA. For example, if a password dictionary attack is possible, attackers may use the published list to identify accounts that don’t use 2FA and hence are vulnerable to the password attack.

I think it is important to distinguish between three different questions one might ask:

Does this undermine the security of a particular user who uses 2FA? Answer: No. If you’re using two-factor authentication, making that public doesn’t help the attacker break into your account. If anything, it helps you, by deterring some attackers from attacking you.

Does this undermine the security of a particular user who doesn’t use 2FA? Answer: Yes, somewhat, because it could make it easier for attackers to mount targeted attacks on users who don’t use 2FA.

That said, it’s important to keep this in perspective. It’s not harmless, but it’s not devastating either. I don’t think it’s going to be a game-changer. Suppose 50% of users use 2FA. Then an attacker who tries attacking a bunch of accounts in succession will only be able to reduce the number of accounts they need to try by at most a factor of two, using the information leak pointed out in your question. That said, I suspect many attackers probably won’t even bother to check the public profile and for those attackers this information leak will have no effect.

Does this undermine the security of the ecosystem as a whole? Answer: Yes, somewhat. Of course, this is primarily relevant to Valve, rather than to its users. They have incentive to protect their own bottom line.

As a user, if you are concerned, one possible response is to enable 2FA on your Steam account.

Should you contact Valve to disclose this information leak? Sure — why not?

Two-factor authentication adds additional security to your Reddit account by requiring a second step to sign in. It requires you to give a 6-digit verification code generated from your phone in addition to your username and password login.

When two-factor authentication is enabled, you will need your password and a verification code from your phone whenever you sign in on Reddit or with a Reddit login. Even if someone else obtained your Reddit username and password, they still could not log in as you.

How do I enable two-factor authentication?

  • Log in to your Reddit account
  • Click on preferences in the top menu and then click password/email
  • Under ‘two-factor authentication’, select enable
  • Follow the steps to complete the process
    • Verify your email address
    • Enter your password
    • Set up your authenticator app (see ‘Get the code through an authenticator app’ below for more information)
    • Generate and save your backup codes

Get the code through an authenticator app

Several mobile apps are available which allow you to generate verification codes for two-factor authentication. Typically, any app supporting Time-based One-Time Password (TOTP) protocol will work. Here are a few we suggest:

  • Google Authenticator (Android or iPhone)
  • Authy (Android or iPhone)

To use one of these apps:

  • While enabling, you’ll see a prompt with a QR code you will use to register your Reddit account with your authenticator app. Open your authenticator and follow the instructions given to you (you’ll usually select to “add a new account” or similar) and scan the QR code when prompted by the app.
  • If your authenticator app is not scanning the QR code properly or failing for another reason, you can enter the security key manually. Select enter the key manually and enter this into your authenticator app.
  • Once your app is configured, enter the security code generated by your authenticator app to complete the two-factor authentication process.
  • You will receive an email and personal message (PM) confirming your enrollment.

Generate backup codes

If you lose your mobile device or cannot use your authenticator app, you can use backup codes provided by Reddit to access your account. Ten backup codes are generated. Each code can be used only one time.

We recommend you print off and store your codes in a safe location.

To generate backup codes:

  • Log in to your Reddit account
  • Click on preferences in the top menu and then click password/email
  • Under ‘two-factor authentication’, select generate for ‘backup codes’
  • Follow the steps to complete the process
    • Enter your password
    • Access and write down your backup codes

To log in with your backup codes, see more under ‘How do I log in with two-factor authentication?’

How do I log in with two-factor authentication?

With your authenticator app

To log in on either desktop and iOS / Android:

  • Sign into Reddit
  • Enter your username and password
  • Open your authenticator app on your mobile phone. Select the Reddit account you configured
  • Enter the 6-digit code provided in your app
  • Select check code

How to add two-factor authentication to steam

How to add two-factor authentication to steam

With backup codes

To log in with your backup codes on either desktop and iOS / Android:

  • Locate your backup codes
  • Sign into Reddit
  • Enter your username and password
  • When asked for your verification code, select Or use a backup code
  • Enter the 6-digit backup code and select check code

What do I do If I lost my phone or can’t log in with two-factor authentication?

Use backup code

If you’ve lost your mobile device, you can use backup codes to log in to your Reddit account. See more under ‘Generate backup codes’.

Sign in from a trusted computer

You may be signed into Reddit on a trusted desktop computer even though you have lost your mobile device. If you are, you can disable two-factor authentication until you can again get verification codes. See more under ‘How do I disable two-factor authentication?’

How do I disable two-factor authentication?

To disable two-factor authentication on your Reddit account:

  • Log in to your Reddit account
  • Click on preferences in the top menu and then click password/email
  • Under ‘two-factor authentication’, select disable
  • Enter your password and select disable two-factor

Will my third-party applications work with two-factor authentication?

Yes. Applications using OAuth will be supported. When signing in with your Reddit credentials, you will be asked to enter your 6-digit verification code.

However, some applications may not be using the OAuth protocol. If you have two-factor authentication enabled, and you are unable to sign in to a third-party application, you can use the following method:

While using the third-party application:

  • In the username field, enter your Reddit username as you normally would
  • In the password field, enter your password and your verification code in the following format: “

: ”. Don’t forget the colon in the middle!

Doing so should allow you access to the app.

What if I switch or get a new phone?

If you get a new mobile device, you’ll need to set up two-factor authentication with your new phone:

  • Disable two-factor authentication. See ‘How do I disable two-factor authentication?’
  • Re-enable two-factor authentication on your new phone. See ‘How Do I enable Two-Factor Authentication’

Internet security is a big deal, and it is something that the vast majority of social media companies and platforms out there place a lot of emphasis on. After all, most users are not going to be interested in a site that isn’t secure, and frequent security breaches can lead to users being concerned their privacy, worrying that they might not be able to get the same level of safety that they desire.

TikTok, arguably the fastest growing social media platform in the world, has lagged behind in this area. In spite of the fact that a lot of users have been asking the platform time and time again to improve its security, the social media platform has for some reason greatly delayed the rollout of two step security measures that have become commonplace in most other social media platforms that have managed to attain a lot of success in the market based on the services they provide.

It seems like TikTok is finally wising up based on a number of users noting that two factor authentication (2FA) has now been widely rolled out. You will get the option to receive a code on your phone through SMS before you can log in, making it so that even if someone has your password they would still need access to your phone in order to be able to get the security code you will receive.

One reason why it took TikTok so long to roll such a feature out might be due to the reason that it did not have the kind of infrastructure required for this sort of thing. Most social media platforms that use 2FA did not start out like this, they merely adopted it once it became commonplace. Hence, TikTok’s delay is certainly understandable, and now that it has been rolled out users will be able to feel a lot more secure while using the app.

With the number of personal account hacks on the rise, many internet services now offer users the ability to implement two-factor authentication, or 2FA as it is sometimes known. With two-factor authentication, even if the hacker has your password, they will need your phone or security key to get into your account.

Authentication factors are categories of credentials used to verify that someone or something is who or what they are claiming to be. There are three categories: 1) Knowledge factors – these are credentials that the user knows, typically a username and password. 2) Possession factors – these are things that the user has, typically a mobile phone. 3) Inherence factors – these are things that the user is, typically a biometric characteristic such as a fingerprint or an iris pattern. Strong authentication means the system is using two or more of these options.

In May 2019, Google announced a one-year study it did in partnership with New York University and the University of California, San Diego. The trio found that SMS two factor authentication blocked 96 percent of bulk phishing attacks, and 76 percent of targeted attacks trying to crack into your Google account.

If you would like to add two-factor authentication to your social media accounts, we recommend downloading an authenticator app on your smartphone, such as Google Authenticator or Duo Mobile. Sending your smartphone a text message for your two-factor authentication, is still more secure than simply using a stand-alone password, however, if the hacker has got your physical device they could still get into your accounts.

Here’s how you can set up two-factor authentication on social media platforms with these apps (available for free on both iOS and Android smartphones).

Facebook

To turn on or manage two-factor authentication:

  1. Go to your Security and Login Settings.
  2. Scroll down to ‘Use two-factor authentication’ and click ‘Edit’.
  3. Choose the security method you want to add and follow the on-screen instructions.

If you’re using an authenticator app the method you’ll want to choose is ‘Login codes from a third party authentication app.’

From then on whenever you sign into Facebook it will request a six-digit code that can be found when you open the authenticator app.

Snapchat

To set up two-factor authentication on Snapchat follow these steps:

  1. Tap ⚙️ in My Profile to open ‘Settings’
  2. Tap ‘Two-Factor Authentication’
  3. Tap ‘Continue’ to finish setting it up!

Then, select that you are using an authenticator app. As with Facebook, after two-factor authentication has been set up, your authenticator app will generate a single-use code that only work for a short amount of time, each time you login to Snapchat.

How to add two-factor authentication to steam

Instagram

The process on Instagram is slightly more complicated. To set up two-factor authentication:

  1. Tap or your profile picture in the bottom right to go to your profile.
  2. Tap in the top right, then tap ’Settings’.
  3. Tap ‘Security’ and then scroll down and tap ‘Two-Factor Authentication’.
  4. Tap next to ‘Authentication App’, then tap ‘Set Up Manually’. If you don’t see the toggle switch, tap ‘Get Started’.
  5. Tap ‘Copy Key’ below the Instagram key and paste it into your authentication app
    • Please note: It is important to copy the key code to your clipboard, take a screenshot, or save it in some other way since you won’t be able to access the code again once you’ve finished setting up.
  6. After your Instagram account is linked to your authentication app, copy the 6-digit code your authentication app creates.
  7. Go back to the Instagram app, tap ‘Next’ and paste the 6-digit code to complete the process on that device.

Twitter

To add your two-factor authentication on Twitter:

  1. In the top menu, tap your ‘profile’ icon, then tap ‘Settings and privacy’.
  2. Tap ‘Account’, then tap ‘Security’.
  3. Tap ‘Two-factor authentication’.
  4. Then select: ‘Authentication app.’

It is also worth mentioning that this technology does not require an internet connection or phone service to use, meaning you can login with two-factor authentication at any time. This is because the time counter used in the app that provides you with an up-to-date code is synced with the current time on your phone. The client and server therefore remain in sync as long as the system times remain the same.

However, there are a few things to be aware of though when using authentication apps. The app will need to be up to date with the latest software version, and if you change phone you will need to login to the service provider on your web browser and click ‘Change Phone’ to update your details, as well as scanning a barcode in the app on your new phone. This is because it is the phone itself that is linked directly to the authentication process, and only one device can be linked at one time.

If you found this post helpful, we recommend reading these previous posts:

Internet security is a big deal, and it is something that the vast majority of social media companies and platforms out there place a lot of emphasis on. After all, most users are not going to be interested in a site that isn’t secure, and frequent security breaches can lead to users being concerned their privacy, worrying that they might not be able to get the same level of safety that they desire.

TikTok, arguably the fastest growing social media platform in the world, has lagged behind in this area. In spite of the fact that a lot of users have been asking the platform time and time again to improve its security, the social media platform has for some reason greatly delayed the rollout of two step security measures that have become commonplace in most other social media platforms that have managed to attain a lot of success in the market based on the services they provide.

It seems like TikTok is finally wising up based on a number of users noting that two factor authentication (2FA) has now been widely rolled out. You will get the option to receive a code on your phone through SMS before you can log in, making it so that even if someone has your password they would still need access to your phone in order to be able to get the security code you will receive.

One reason why it took TikTok so long to roll such a feature out might be due to the reason that it did not have the kind of infrastructure required for this sort of thing. Most social media platforms that use 2FA did not start out like this, they merely adopted it once it became commonplace. Hence, TikTok’s delay is certainly understandable, and now that it has been rolled out users will be able to feel a lot more secure while using the app.