Valve begins testing Steam Guard Mobile Authenticator app for two-factor logins
Valve is beefing up the security for its game service, Steam.
It has begun testing a mobile app, which will protect users by using a Two-factor authentication system to verify login attempts.
The app is called Steam Guard Mobile Authenticator, and is being tested in a Closed Beta, at the Steam community forums. The app will work similarly to the existing Steam Guard email system.
Here is how the Steam Guard works currently:
When you login to your account on Steam, using a web browser or using the desktop client, you will be greeted by a security prompt. It will ask you to input a security code, which will be sent to your registered email address, tied to your Steam account.
So, the first step will require you to either log in to your email account on a browser, or open the email via a mobile app and note down the security code (or copy and paste it if you are using a PC browser). Next, you will have to return to the browser (or steam client), and input the security code which you received.
You will then be asked to assign a name for the PC, from which you have logged in to Steam, for easier identification of future logins.
The new mobile app “Steam Guard Mobile Authenticator” will offer a similar code login system. Additionally it will also offer more ways to protect and recover your Steam Account.
This feature is being rolled to the Android version of the app today. The iOS version of the app will be updated with this feature soon.
IGN says that the new mobile authentication system is in closed beta for now, and will roll out to all accounts soon, once the beta test is completed without any hiccups.
Steam isn’t the first to have this feature. A lot of popular apps and services like Gmail, Microsoft Outlook, Yahoo, LastPass also use two-factor authentication system to help protect user accounts.
Early reviewers of the Steam Guard Mobile Authenticator, are unhappy with the lack of support for TOTP. (Time-based One-time Password Algorithm). But it appears that Steam currently wants the authentication system to work with their app alone.
TOTP generates a one-timepassword from a shared secret key, and based on the current time of the device. So, a password is only valid for about 30 seconds, after which a newer one is generated. Users will have to input the code generated by the app within this time frame to authenticate their account.
Google and Microsoft have their own TOTP Authenticator apps, and also support third party authentication systems.