I agree with this sentiment. Steam notably falls into the third category, while otherwise being pretty good.
But I’m quite disgusted now seeing an image of a Yubikey for the first time. I’ve heard so many good things about them that it’s a major disappointment to see now that they use that awful noncomplaint shape of USB plug.
There are two very important reasons for the metal shield around USB plugs: 1. For ESD protection, and 2. to hold the receptacle’s tongue in place and prevent it from bending away and losing contact. Every USB device I’ve owned that was a flat plug (like this Yubikey image in this post) has within a month deformed the USB receptacle it’s plugged into to the point that the device no longer works in that port. Compliant USB devices still work in that port’s deformed receptacle, because they have a correct metal shield that bends the tongue back into the correct position.
No problems with yubikeys or the receptacle they are plugged into yet… no idea what you do while these sticks are plugged in… doesnt seem like a major concern per the reviews
I’ve had my ubikey fido2 token knocking around on my keychain for about 7 years now. Scratched and beaten, works perfectly and never had a port damaged, it doesn’t put enough pressure on it.
It is kind of annoying that Steam doesn’t enable the usage of third-party OTP apps. To be fair, when they first implemented the feature, that wasn’t widely used and plenty of websites only enabled the use of one specific OTP app like Authy or Google Authenticator. They recently added a QR code login feature, which makes sense, but that still shouldn’t stop them from enabling MFA via third party OTP apps.
Some third party apps allow you to import your Steam OTP, such as Gnome Authenticator
However to obtain it in the first place you need to either use SteamDesktopAuthenticator (GitHub), an android emulator on your PC, or a rooted device to export your key…
It also breaks your ability to do some actions with steam such as changing your email address because god forbid you enter the TOTP instead of pressing accept or something in the app
This is currently me, wanting to update my email but not wanting to go through the hassle of changing my authenticator back to my steam app then re exporting the key to put it back in Bitwarden.
So frustrating that they have to be ✨special✨ with their authenticator algorithm AND ALSO require the app for people who have reverse engineered it.
It absolutely is, the issue is that most mfa apps spit out 6 character outputs, while Steam requires 5. They’d need to implement the alternative algorithm, but 1password for instance flat out refuses since it’s non standard.
It is actually possible to use Aegis for Steam, that’s what I do.
It’s a pain to setup if you’re not rooted (I think you need to use an Android emulator on a computer and then export the Aegis DB to reimport it on your mobile IIRC) but it’s possible. Look at https://github.com/beemdevelopment/Aegis/wiki/Adding-Steam-to-Aegis-from-Steam-Desktop-Authenticator
Steam is still very welcome to go fuck themselves with their shitty app, though.
I think the good people at yubikey want to provide people with every possible form factor, for whatever is convenient for them.
If your organization issued you a yubikey, but you don’t like the form factor, I’m sure you could purchase your own and have them add it instead.
You can also use a USB extension cable, to add a bunch of flexibility between your yubi key and your computer, especially if you leave it always attached. That would remove the lever problem you mentioned
I agree with this sentiment. Steam notably falls into the third category, while otherwise being pretty good.
But I’m quite disgusted now seeing an image of a Yubikey for the first time. I’ve heard so many good things about them that it’s a major disappointment to see now that they use that awful noncomplaint shape of USB plug.
There are two very important reasons for the metal shield around USB plugs: 1. For ESD protection, and 2. to hold the receptacle’s tongue in place and prevent it from bending away and losing contact. Every USB device I’ve owned that was a flat plug (like this Yubikey image in this post) has within a month deformed the USB receptacle it’s plugged into to the point that the device no longer works in that port. Compliant USB devices still work in that port’s deformed receptacle, because they have a correct metal shield that bends the tongue back into the correct position.
Yubikey also has usb-c versions with compliant plugs.
YubiKeys have almost every imaginable form factor these days. Here’s the USB-C version without NFC:
Yeah I have an even smaller USB-C one. It sticks out less than 0.5cm from the port.
No problems with yubikeys or the receptacle they are plugged into yet… no idea what you do while these sticks are plugged in… doesnt seem like a major concern per the reviews
I’ve had my ubikey fido2 token knocking around on my keychain for about 7 years now. Scratched and beaten, works perfectly and never had a port damaged, it doesn’t put enough pressure on it.
It is kind of annoying that Steam doesn’t enable the usage of third-party OTP apps. To be fair, when they first implemented the feature, that wasn’t widely used and plenty of websites only enabled the use of one specific OTP app like Authy or Google Authenticator. They recently added a QR code login feature, which makes sense, but that still shouldn’t stop them from enabling MFA via third party OTP apps.
Some third party apps allow you to import your Steam OTP, such as Gnome Authenticator
However to obtain it in the first place you need to either use SteamDesktopAuthenticator (GitHub), an android emulator on your PC, or a rooted device to export your key…
Thanks for mentioning this! I had no idea
https://bitwarden.com/help/authenticator-keys/#steam-guard-totps
I’ve always hated that I don’t have two factor on my steam account, because of that proprietary app requirement.
Thankfully bitwarden supports it!
It also breaks your ability to do some actions with steam such as changing your email address because god forbid you enter the TOTP instead of pressing accept or something in the app
This is currently me, wanting to update my email but not wanting to go through the hassle of changing my authenticator back to my steam app then re exporting the key to put it back in Bitwarden.
So frustrating that they have to be ✨special✨ with their authenticator algorithm AND ALSO require the app for people who have reverse engineered it.
iirc it’s possible to somehow export the secret key used by steams 2fa
It absolutely is, the issue is that most mfa apps spit out 6 character outputs, while Steam requires 5. They’d need to implement the alternative algorithm, but 1password for instance flat out refuses since it’s non standard.
2fas supports 5, 6 , 7 and 8 char 2fa
It is actually possible to use Aegis for Steam, that’s what I do. It’s a pain to setup if you’re not rooted (I think you need to use an Android emulator on a computer and then export the Aegis DB to reimport it on your mobile IIRC) but it’s possible. Look at https://github.com/beemdevelopment/Aegis/wiki/Adding-Steam-to-Aegis-from-Steam-Desktop-Authenticator Steam is still very welcome to go fuck themselves with their shitty app, though.
can we please make shitty MFA illegal? Where is the EU and the US government when you need them.
I think the good people at yubikey want to provide people with every possible form factor, for whatever is convenient for them.
If your organization issued you a yubikey, but you don’t like the form factor, I’m sure you could purchase your own and have them add it instead.
You can also use a USB extension cable, to add a bunch of flexibility between your yubi key and your computer, especially if you leave it always attached. That would remove the lever problem you mentioned