Steam TOTP possible?

Question

Steam TOTP possible?

Opened this issue 5 months ago · 5 comments

Hi, Steam uses his own variant of a TOTP, a 5 digit code with letters in it. Does solo v2 support this? If yes, can you add it to the advanced section?

Answer 1 · 2024-02-04T19:53:17.000Z

From my understanding Steam TOTP is just a standard HMAC-SHA-1 based TOTP, so it should already be supported.
The issue is that Steam doesn't expose the actual TOTP secret to the user. There seem to be some API wrappers that allow you to recover it, but I haven't used them and would consider such a wrapper here (and as such adding a whole Steam login flow) to be quite far outside of the scope of this app.

Answer 2 · 2024-02-05T17:18:54.000Z

Well, I tried this and it does not work. There are methods to get the key. I added it into Bitwarden and it works fine.
Of course the whole login flow is oversized. Yubikey works fine too.

Answer 3 · 2024-02-05T23:13:12.000Z

Did you set the number of digits to 5 in the advanced section when adding the TOTP secret? As far as I can tell this should be the only difference.

Answer 4 · 2024-02-07T14:48:36.000Z

Here is a screenshot of the advanced section:

As an example I got this TOTP: 12123 Bitdefender shows this (both have the same secret, I must add a steam// in Bitdefender so they know that is steam): AB1AB. The chars and numbers are random, for the Steam Bitwarden TOTP can be 123AB too and so on.

Answer 5 · 2024-02-07T22:18:59.000Z

I'll have to look more into how e.g. Bitwarden implements this and probably need to export a secret myself then...