Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.

Valve testing new mobile Steam app with QR codes for sign ins

By - | Views: 70,978

Valve are now testing a new version of the Steam app for Android and iOS, which comes with a much more modern design and a QR code login system too.

From the announcement Valve say it has been rebuilt "on a new framework and modernized the design", joking that 2015 called and wanted their app back. As before you can browse the store, get Steam Guard codes and confirm trades but you also now get the brand new QR code sign in system that many other applications also offer (like Discord). So you can scan it with your phone on the web, and not have to enter a password.

The new app also has smarter notifications, an improved library views and there's also now multi-account support which has become increasingly important especially with the Steam Deck now too. There's a new Steam Group you can join to get updates on it.

I would have taken some shots, but seeing as I'm now on iOS myself it's limited to 10,000 people and that filled up within seconds of the original announcements. Here's some shots from a reader on Android (click to enlarge):

Article taken from GamingOnLinux.com.
Tags: Apps, Misc, Steam
22 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. Find me on Mastodon.
See more from me
The comments on this article are closed.
21 comments
Page: «2/3»
  Go to:

belisama Aug 25, 2022
Quoting: RandomizedKirbyTree47Steam doesn't support TOTP though: they use their own nonstandard system. That seems like the real problem.

It really is. They've no good reason for requiring a proprietary app just for MFA.
slaapliedje Aug 25, 2022
Quoting: GuestCan't wait for people to have their Steam accounts hacked because they used a QR code for logging in (it's too easy to spoof them).
If it is like the Discord one; the client will pop up the login box with a QR code (so it is generated by Valve). Then you would launch the Steam App on your mobile device to take a picture of the code on your monitor, then it authenticates through the app, telling the client you have authorized it to login.

So not sure where it would be able to spoof it, unless you went around using the app to scan things that are not the Steam client.
belisama Aug 25, 2022
Quoting: slaapliedjeSo not sure where it would be able to spoof it, unless you went around using the app to scan things that are not the Steam client.

First of all, never underestimate the wacky stuff users will do. Second, if it works on the website (or even if people just *expect* that it will), rather than just the dedicated client, then some sort of site spoofing could be possible. In any case, QR Code normalization is bad. I about died when they became the new hotness in restaurants during Covid.
itscalledreality Aug 25, 2022
I dream of a world where most Steam clients aren’t just browsers and I can get excited about something like this.
slaapliedje Aug 25, 2022
Quoting: belisama
Quoting: slaapliedjeSo not sure where it would be able to spoof it, unless you went around using the app to scan things that are not the Steam client.

First of all, never underestimate the wacky stuff users will do. Second, if it works on the website (or even if people just *expect* that it will), rather than just the dedicated client, then some sort of site spoofing could be possible. In any case, QR Code normalization is bad. I about died when they became the new hotness in restaurants during Covid.
Oh, I agree with you. I was just posting how, in theory, it would work. I have been saying for many years that QR codes are a terrible idea and totally something that would be easy to exploit.
BlackBloodRum Aug 25, 2022
View PC info
  • Supporter Plus
Quoting: Philadelphus
Quoting: BlackBloodRumValve just remembered they have a mobile app!

With that said, I hope it doesn't interfere with the current 2FA system too much - as with the current system I have it working in KeePassXC and don't require the app every time I need to login on my desktop (which is frequent due to my VPN)

So hopefully they haven't changed / altered the 2FA code system.
Does that handle entering the code for you? That's pretty slick.
Yup. But bear in mind it can be a little tricky getting your 2FA secret key out of the current android app, as for the new one? no idea!

With KeePassXC once your 2FA is all setup in the DB, you can just have autotype set to:

 
{USERNAME}{TAB}{PASSWORD}{ENTER}{DELAY 9999}{TOTP}{ENTER}


(Long delay because it likes to take it's time to show the 2FA input box sometimes.

So I just clear the username field, hit "perform auto type" and poof I'm logged back in.

Now if Valve support Yubikey's on the other hand.. that would be great, considering how much value could potentially be held in an account due to the games!

(Thankfully not my account, My account only has around 360 games or so, so it's not worth stealing to anyone )


Last edited by BlackBloodRum on 25 August 2022 at 10:44 pm UTC
rustigsmed Aug 26, 2022
Can't log in now since this change. Thanks valve!
fenglengshun Aug 26, 2022
Quoting: belisamaSo this is using a QR code to log into the website? Ugh, what's the point of that, logging into a real website on a real computer is easy.

You have to understand that games like Dota and Counter Strike are (were? it's been a while) VERY popular in Asia, where you play them in net cafe/PC rental shop. This would make it so much more convenient and secure in those environments.

You might have a better threat model, in which case that's cool, but this is a good feature to have in those environment and would only help.

Besides, as someone who often got logged out due to vpn stuff, this would be handy for me too even if I have bitwarden, since I wouldn't have to open my browser.
wit_as_a_riddle Aug 26, 2022
So, any of you security experts actually try the app? 🤣🤣🤣

For anyone reading comments to find out what the new app is like, it is SO much better! Much more responsive and it is very well organized. It's been long overdue and it is such a welcome change. The left to right scrolling through games (at least on the Great on Deck page) is a little buggy so hopefully they sort that out soon. Discovery Queue needs some work too. Beta, folks, beta!

The QR code login worked flawlessly for me. My extensive library loads near instantly now where as on the old app I'd have to shave my beard several times before seeing it pop up. You can currently sort your library by name, playtime or recent but it doesn't look like they have added any custom collections as of yet.

Wishlist lets you sort by all the same things the desktop client does, whereas in the old app, sorting was more limited (for instance sorting by discount % was missing).

Wishlist also let's you filter games by platform, Deck Compatibility (Playable, and/or Verified), and numerous other options.

There are settings for notifications so you can select what type you'd like to receive or block - receiving a gift, discussion replies, new inventory items, friend invitations, major sales, prepurchased game is available to preload, and of course, when wishlist items go on sale.

As in the desktop client you can select your Home Screen, albeit with some different choices than on desktop, e.g. Store, News, Steam Guard, Notifications.

In general the app seems as full featured as the desktop client. A very welcome change! Keep in mind it is only in beta so expect bugs and changes. I'd say it is already less buggy than the existing app though, so don't be afraid to give it a try because of UI bug worries.
Eike Aug 31, 2022
View PC info
  • Supporter Plus
Quoting: wit_as_a_riddleSo, any of you security experts actually try the app? 🤣🤣🤣

Well, I tried it after your comment and now I will take a look how to get rid of it again.

It's got severe longer loading times than the old one on my mobile. It shows me lots of crap I don't care for, and what I actually care for, new discussion posts, is a) well hidden, b) hardly set apart from old discussions and c), when I choose a thread with new posts, it loads quite some seconds just to not bring me to the first new item. I'd rather use the web site on my mobile browser than this.


Last edited by Eike on 31 August 2022 at 9:30 am UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.