Question about Steam TOTP codes


#1

Today I received an update for the Bitwarden Android App.
In the change log I see the following line:

  • Steam TOTP code generation

I have a steam account and I use the Steam App to generate TOTP codes for me so I can log into the Steam client (I enter the username and the password and the App generates the code for me).
This is the only reason why I have the Sream App.

I thought that Steam does not allow 3rd party authenticator apps?

Can I use Bitwarden now to generate the TOTP codes for the Steam Client?
If yes: how do I set this up in Steam (I think I can only add the app here)?
If no: what is this feature used for?

Thank you !

OLLI


#2

I would like to know this too. So far I figured out you have to type steam://YOURKEY in the TOTP key field. Dunno where to get the key from though.


#3

See here:


#4

@kspearrin Do you plan to publish a tutorial (step by step documentation) how this can be set up?
This is definitely interesting for many other users.
If I understood how this works, I plan to advertise Bitwarden at some friends, that also are gamers and that also use Steam.


#5

Why can’t they use normal TOTP? :slightly_frowning_face: I don’t play on PC anymore, but do have a Steam account and a library and I have to keep Steam on my phone just because of SteamGuard for when I occasionally log in to Steam via my web browser. sigh


#6

The article he linked is pretty much a tutorial already. Use the Steam Desktop Authenticator (or WinAuth) option. Then export your secret key from there. Then you can add it to Bitwarden and get rid of the steam android app :slight_smile:


#7

This does not seem to work. I am using my secret, prefaced by steam:// but it does not generate codes that match the desktop auth app.


#8

Unfortunately, I don’t have access to any Windows devices so I cannot extract my Steam TOTP seed. :frowning: Is there some other way to acquire it? Can you get the seed if you turn off Steam Guard and turn it back on again?


#9

Wow, just wow.

I’ve opened so many pages now that I’m dizzy for reading all of this. It is much more complicated than I thought. But anyway, Kyle’s got a (not so convenient) workaround and did his job properly. But feel free to try your own.
For now my answer is: thank you, I’ll pass. :sweat_smile:


#10
  1. Follow the steps linked here Steam Desktop Authenticator. Do not encrypt/add a password (you’re going to delete this after setting it up with Bitwarden, anyway)
  2. Look in the maFiles subdirectory where the SDA is installed. One of the files will be named [your_steamID].maFile. Open it.
  3. One of the JSON variables will look like: "uri":"otpauth://totp/Steam:your-username?secret=ABCDEFGHIJKLMN1234OPQRSTUVWXYZ4321&issuer=Steam"
  4. You want your TOTP entry in Bitwarden to look like: steam://ABCDEFGHIJKLMN1234OPQRSTUVWXYZ4321
  5. Get your SteamGuard recovery codes and store them in the notes associated with your Steam login in Bitwarden.

You can confirm it’s working by comparing the value being produced by the desktop authenticator vs Bitwarden.


#11

Thanks, was pulling the shared_secret field instead of from the secret parameter in the uri field URI. Your steps work.


#12

Be sure to give credit! Your steps were linked from here:


#13

unfortunately it doesn’t produce the same codes SDA does. I followed the instruction and tried both keys to no success.

did I miss something?


#14

Can you report back if SDA code does work?


#15

Sorry for my late reply, I’ve been on vacation. SDA did produce correct codes but bitwarden generated completely different ones.

I left the shared secret in the totp generator before I went and somehow it’s now showing the exact same codes as SDA. Problem solved I guess lol :smiley: