It presumably works with a normal TOTP app.
Comment on You can now use authenticator apps to keep your GOG account secure!
Sonotsugipaa@lemmy.dbzer0.com 3 weeks agoWhat does GOG’s 2FA do that Steam’s 2FA doesn’t?
Ulrich@feddit.org 3 weeks ago
Sonotsugipaa@lemmy.dbzer0.com 3 weeks ago
Steam works with a normal TOTP app for me, hell, it works with two normal TOTP apps for me
Ulrich@feddit.org 3 weeks ago
I’m pretty sure it doesn’t but I’ll bite: How did you set that up?
Sonotsugipaa@lemmy.dbzer0.com 3 weeks ago
I don’t recall, I’ve set it up a few years ago - I’ve been trying to look for instructions for another comment, but it seems that they made it VERY difficult for people without rooted Android to obtain the TOTP secret.
Though it is RFC 6238 compliant, using 5 digits instead of 6.
ramble81@lemm.ee 3 weeks ago
Unless I’m missing something, Steam only does code to email 2FA, not an actual TOTP app
Ulrich@feddit.org 3 weeks ago
They have TOTP but only in their app.
ramble81@lemm.ee 3 weeks ago
So effectively, they don’t do what GOG is doing.
Ulrich@feddit.org 3 weeks ago
Not exactly, no
Sonotsugipaa@lemmy.dbzer0.com 3 weeks ago
Steam works with a normal TOTP app for me, hell, it works with two normal TOTP apps for me
ramble81@lemm.ee 3 weeks ago
Teach a brother how? I swear I couldn’t find it anywhere in the account settings.
Sonotsugipaa@lemmy.dbzer0.com 3 weeks ago
I don’t quite remember how to get the TOTP secret from the Steam app (they could in fact take notes from GOG here), iirc you have to extract it from the Android app via adb;
but once you have it, if this GitHub comment is correct you simply have to set the code size to 5 digits.If your phone has a rooted Android install, this guide this guide
… I swear when I did it, it wasn’t this hard ._.
NuXCOM_90Percent@lemmy.zip 3 weeks ago
At a glance (haven’t enabled yet, will later today), GoG uses the RFC standard TOTP model. This means you can use whatever app you want whether that is the google authenticator that ties it to your cloud account, something related to your password manager (e.g. keepass or bitwarden), or even just a python script you have in a random directory. It gives you control of your 2FA and protects you in the event you lose a device without properly de-authenticating it.
Valve use their own model that, to my knowledge, is only accessible through the Steam web app. Which is a huge nightmare if you ever have a device stolen/damaged.