I mean the mobile authenticator is already a separate 2FA. Just because its software based doesn't make physical tokens better. They're mostly objectively worse as

1) People lose these things like candy
2) you can't utilize things such as push authentications to a physical token

I would sooner jump into a volcano than try to deploy physical token 2FA again. I was on a first name basis with Fedex because we were shipping out lost RSA tokens CONSTANTLY to our national sales force.

Yes please support FIDO or at least TOTP (both preferably).
Phone apps are cancer.
I'd even overpay for a specific Valve physical key (like Blizzard used to have) just to not have to use a phone.

Originally posted by tyl0413:

Yes please support FIDO or at least TOTP (both preferably).
Phone apps are cancer.
I'd even overpay for a specific Valve physical key (like Blizzard used to have) just to not have to use a phone.

The mobile authenticator IS a TOTP app.

And why bother using a physical one that has a non-recharge able battery (thus requires you to buy a new one), can get easily broken (thus need to buy a new one), and can get easily lost (thus need to buy a new one).

I'd say a phone app that is FREE is far better than something I would have to pay for to replace everytime I lose, break, or it's battery dies.
The physical keys are a blatant way to just take your money.

Originally posted by Hikari Light:

Originally posted by tyl0413:

Yes please support FIDO or at least TOTP (both preferably).
Phone apps are cancer.
I'd even overpay for a specific Valve physical key (like Blizzard used to have) just to not have to use a phone.

The mobile authenticator IS a TOTP app.

And why bother using a physical one that has a non-recharge able battery (thus requires you to buy a new one), can get easily broken (thus need to buy a new one), and can get easily lost (thus need to buy a new one).

I'd say a phone app that is FREE is far better than something I would have to pay for to replace everytime I lose, break, or it's battery dies.
The physical keys are a blatant way to just take your money.

Yeah its a proprietary TOTP that you need a app for and a number to use instead of doing it like every normal company who lets you just put it in whatever TOTP app you want.
Phone app is not free when Im soon forced to buy a new phone when they brick the current version again which I will not do.
You clearly know nothing about physical keys, they don't have batteries, don't drain and don't need replacement unless you lose it or snap it in half I guess.
Obviously it should be an extra option for those that already have one wanting to use it on here, normal TOTP for everyone else.

Originally posted by tyl0413:

Originally posted by Hikari Light:

The mobile authenticator IS a TOTP app.

And why bother using a physical one that has a non-recharge able battery (thus requires you to buy a new one), can get easily broken (thus need to buy a new one), and can get easily lost (thus need to buy a new one).

I'd say a phone app that is FREE is far better than something I would have to pay for to replace everytime I lose, break, or it's battery dies.
The physical keys are a blatant way to just take your money.

Yeah its a proprietary TOTP that you need a app for and a number to use instead of doing it like every normal company who lets you just put it in whatever TOTP app you want.
Phone app is not free when Im soon forced to buy a new phone when they brick the current version again which I will not do.
You clearly know nothing about physical keys, they don't have batteries, don't drain and don't need replacement unless you lose it or snap it in half I guess.
Obviously it should be an extra option for those that already have one wanting to use it on here, normal TOTP for everyone else.

Current security works just fine without adding more.
Maybe if you stopped downloading anything and everything you wouldn't need a dozen security methods.
And before you complain more, I use 2FA systems, but I don't bother wasting my time demanding a service use security they don't want to use.

Originally posted by Hikari Light:

Originally posted by tyl0413:

Yeah its a proprietary TOTP that you need a app for and a number to use instead of doing it like every normal company who lets you just put it in whatever TOTP app you want.
Phone app is not free when Im soon forced to buy a new phone when they brick the current version again which I will not do.
You clearly know nothing about physical keys, they don't have batteries, don't drain and don't need replacement unless you lose it or snap it in half I guess.
Obviously it should be an extra option for those that already have one wanting to use it on here, normal TOTP for everyone else.

Current security works just fine without adding more.
Maybe if you stopped downloading anything and everything you wouldn't need a dozen security methods.
And before you complain more, I use 2FA systems, but I don't bother wasting my time demanding a service use security they don't want to use.

I need two, my normal TOTP that works with everything, and Steam because they refuse to support standards like everyone else.

Originally posted by Hikari Light:

Originally posted by tyl0413:

Yes please support FIDO or at least TOTP (both preferably).
Phone apps are cancer.
I'd even overpay for a specific Valve physical key (like Blizzard used to have) just to not have to use a phone.

The mobile authenticator IS a TOTP app.

And why bother using a physical one that has a non-recharge able battery (thus requires you to buy a new one), can get easily broken (thus need to buy a new one), and can get easily lost (thus need to buy a new one).

I'd say a phone app that is FREE is far better than something I would have to pay for to replace everytime I lose, break, or it's battery dies.
The physical keys are a blatant way to just take your money.

Physical keys have NO battery at all. They are cheap. They don't require you to have a stupid android iOS phone, which both suck. A physical key is better in every way than a phone app. And they are extremely hard to break, actually, unlike most modern "one-year" phones.

I strongly disagree that the current authentication is "working fine". I got hacked and they bypassed my 2FA. Hence why I want physical keys...

Originally posted by Sera ˚ʚ♡ɞ˚:

I strongly disagree that the current authentication is "working fine". I got hacked and they bypassed my 2FA. Hence why I want physical keys...

you were hijacked or phished, not hacked

Originally posted by Ferox_Stormdragon:

Originally posted by Sera ˚ʚ♡ɞ˚:

I strongly disagree that the current authentication is "working fine". I got hacked and they bypassed my 2FA. Hence why I want physical keys...

you were hijacked or phished, not hacked

That's the point. You can not* (with asterisk) do it when someone has a physical key.
You'd need physical access to the key to log in, and then again to unlink the key from the account. You'd also need physical access to the key to clone it (assuming a vulnerability is known).
You can still use a physical key to access whatever steam sends it's 2fa code to. Neither email nor sms are encrypted, though.