Steam Guard

Steam Guard is the Two-Factor authentication system you can enable to protect your Steam account. It works exactly as any 2FA protection, except that the One-Time Passwords are generated by the Steam Guard Mobile Authenticator only (or received by e-mail).

As Steam does not provide a standard way to use an alternative OTP app like 2FAuth, the workaround is to get the OTP secret thanks to a third-party app. Once recovered, you will be able to use 2FAuth in place of the Steam Mobile Authenticator.

This guide assumes you are a Steam user with some advanced skills who may already be using one of the following third-party apps. Installation and registration processes of the third-party apps are not described here, please refer to their respective documentation.

The secret is a sensitive data. Don't share it with anyone, don't save it anywhere without any protection.

Getting the Steam secret

Steam Desktop Authenticator (SDA)

If your SDA data are encrypted, you need to (temporarily) disable encryption in order to read the secret:

Click the button of SDA
Type the current password
Submit the following 2 forms empty

Encryption if now Off

Get the secret:

Open your SDA installation directory
In the ./maFiles subdirectory, open the file *.maFile
The secret is the string surrounded by secret= and &issuer=Steam in the uri field value

Example

In the following fake .maFile, the secret is D5RTFGT8Z7SW4DYU6I9UH5F4RRE1DF4G

{
    "shared_secret": "KDHC3rsY8+CmiswnXJcE5e5dRfd=",
    "serial_number": "15286247589885632548",
    "revocation_code": "R52287",
    "uri": "otpauth://totp/Steam:johndoe?secret=D5RTFGT8Z7SW4DYU6I9UH5F4RRE1DF4G&issuer=Steam",
    "server_time": 1656059488,
    "account_name": "johndoe",
    "token_gid": "2d5ff8e7zs448e9f",
    "identity_secret": "W~,7%&cXs<8tY&nG=If81zEdrtc=",
    "secret_1": "$=}5NSF@c8o,tjh1zz2=",
    "status": 1,
    "device_id": "android:3dfe0914-d41f-426c-9ba4-b344e563a394",
    "fully_enrolled": true,
    "Session":{...}
}

Don't forget to set SDA encryption back On

Steam Desktop Authenticator

https://github.com/Jessecar96/SteamDesktopAuthenticator

steamguard-cli

Open your steamguard-cli config directory, usually ~/.config/steamguard-cli/
In the ./maFiles subdirectory, open the file *.maFile
The secret is the string surrounded by secret= and &issuer=Steam in the uri field value

In this fake .maFile the secret is D5RTFGT8Z7SW4DYU6I9UH5F4RRE1DF4G

{
    ...
    "uri": "otpauth://totp/Steam:johndoe?secret=D5RTFGT8Z7SW4DYU6I9UH5F4RRE1DF4G&issuer=Steam",
    ...
}

steamguard-cli

https://github.com/dyc3/steamguard-cli

Adding to 2FAuth

The manual way

Now that you got your steam secret, simply create a new account in 2FAuth using the advanced form:

Click the button
Click the button
Fill the form:
- Fill in the Account field
- Click the button
- Fill in the Secret field with your Steam secret
Click the button to save the account

New Steam account using the advanced form

QR code also works

If you feel more confortable with QR codes, you can generate a QR code from the entire uri field of the *.maFile :

otpauth://totp/Steam:johndoe?secret={YourSecretHere}&issuer=Steam

Then flash (or upload) the QR code to add the account to 2FAuth, just like any other QR code.

Avoid online generators

As said earlier, the secret is a sensitive data. You should definitely avoid online generators to convert such data.