Check out our Monthly Survey Page to see what our users are running.
We do often include affiliate links to earn us some pennies. See more here.

Valve testing new mobile Steam app with QR codes for sign ins

By - | Views: 45,162

Valve are now testing a new version of the Steam app for Android and iOS, which comes with a much more modern design and a QR code login system too.

From the announcement Valve say it has been rebuilt "on a new framework and modernized the design", joking that 2015 called and wanted their app back. As before you can browse the store, get Steam Guard codes and confirm trades but you also now get the brand new QR code sign in system that many other applications also offer (like Discord). So you can scan it with your phone on the web, and not have to enter a password.

The new app also has smarter notifications, an improved library views and there's also now multi-account support which has become increasingly important especially with the Steam Deck now too. There's a new Steam Group you can join to get updates on it.

I would have taken some shots, but seeing as I'm now on iOS myself it's limited to 10,000 people and that filled up within seconds of the original announcements. Here's some shots from a reader on Android (click to enlarge):

Article taken from GamingOnLinux.com.
Tags: Apps, Meta, Steam
23 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
22 comments
Page: «2/3»
  Go to:

Quoting: Hohlraum
Quoting: belisamaSo this is using a QR code to log into the website? Ugh, what's the point of that, logging into a real website on a real computer is easy. With something like KeePass, it's just a few keystrokes. What would actually be useful is using QR codes to log into phone apps, instead of having to do a prolonged, error-prone hunt-and-peck.

What you are avoiding isn't just the username/pass. It's the 2-factor code (which is also a pain in the butt).
TOTP 2-factor authentication is not a pain if you use a good app (I use OTPClient and it just 2 extra clicks.)

Steam doesn't support TOTP though: they use their own nonstandard system. That seems like the real problem.
belisama 25 Aug
Quoting: RandomizedKirbyTree47Steam doesn't support TOTP though: they use their own nonstandard system. That seems like the real problem.

It really is. They've no good reason for requiring a proprietary app just for MFA.
slaapliedje 25 Aug
View PC info
  • Supporter Plus
Quoting: QuinnCan't wait for people to have their Steam accounts hacked because they used a QR code for logging in (it's too easy to spoof them).
If it is like the Discord one; the client will pop up the login box with a QR code (so it is generated by Valve). Then you would launch the Steam App on your mobile device to take a picture of the code on your monitor, then it authenticates through the app, telling the client you have authorized it to login.

So not sure where it would be able to spoof it, unless you went around using the app to scan things that are not the Steam client.
belisama 25 Aug
Quoting: slaapliedjeSo not sure where it would be able to spoof it, unless you went around using the app to scan things that are not the Steam client.

First of all, never underestimate the wacky stuff users will do. Second, if it works on the website (or even if people just *expect* that it will), rather than just the dedicated client, then some sort of site spoofing could be possible. In any case, QR Code normalization is bad. I about died when they became the new hotness in restaurants during Covid.
I dream of a world where most Steam clients aren’t just browsers and I can get excited about something like this.
slaapliedje 25 Aug
View PC info
  • Supporter Plus
Quoting: belisama
Quoting: slaapliedjeSo not sure where it would be able to spoof it, unless you went around using the app to scan things that are not the Steam client.

First of all, never underestimate the wacky stuff users will do. Second, if it works on the website (or even if people just *expect* that it will), rather than just the dedicated client, then some sort of site spoofing could be possible. In any case, QR Code normalization is bad. I about died when they became the new hotness in restaurants during Covid.
Oh, I agree with you. I was just posting how, in theory, it would work. I have been saying for many years that QR codes are a terrible idea and totally something that would be easy to exploit.
Quoting: Philadelphus
Quoting: BlackBloodRumValve just remembered they have a mobile app!

With that said, I hope it doesn't interfere with the current 2FA system too much - as with the current system I have it working in KeePassXC and don't require the app every time I need to login on my desktop (which is frequent due to my VPN)

So hopefully they haven't changed / altered the 2FA code system.
Does that handle entering the code for you? That's pretty slick.
Yup. But bear in mind it can be a little tricky getting your 2FA secret key out of the current android app, as for the new one? no idea!

With KeePassXC once your 2FA is all setup in the DB, you can just have autotype set to:

 
{USERNAME}{TAB}{PASSWORD}{ENTER}{DELAY 9999}{TOTP}{ENTER}


(Long delay because it likes to take it's time to show the 2FA input box sometimes.

So I just clear the username field, hit "perform auto type" and poof I'm logged back in.

Now if Valve support Yubikey's on the other hand.. that would be great, considering how much value could potentially be held in an account due to the games!

(Thankfully not my account, My account only has around 360 games or so, so it's not worth stealing to anyone )


Last edited by BlackBloodRum on 25 August 2022 at 10:44 pm UTC
rustigsmed 26 Aug
Can't log in now since this change. Thanks valve!
Quoting: belisamaSo this is using a QR code to log into the website? Ugh, what's the point of that, logging into a real website on a real computer is easy.

You have to understand that games like Dota and Counter Strike are (were? it's been a while) VERY popular in Asia, where you play them in net cafe/PC rental shop. This would make it so much more convenient and secure in those environments.

You might have a better threat model, in which case that's cool, but this is a good feature to have in those environment and would only help.

Besides, as someone who often got logged out due to vpn stuff, this would be handy for me too even if I have bitwarden, since I wouldn't have to open my browser.
So, any of you security experts actually try the app? 🤣🤣🤣

For anyone reading comments to find out what the new app is like, it is SO much better! Much more responsive and it is very well organized. It's been long overdue and it is such a welcome change. The left to right scrolling through games (at least on the Great on Deck page) is a little buggy so hopefully they sort that out soon. Discovery Queue needs some work too. Beta, folks, beta!

The QR code login worked flawlessly for me. My extensive library loads near instantly now where as on the old app I'd have to shave my beard several times before seeing it pop up. You can currently sort your library by name, playtime or recent but it doesn't look like they have added any custom collections as of yet.

Wishlist lets you sort by all the same things the desktop client does, whereas in the old app, sorting was more limited (for instance sorting by discount % was missing).

Wishlist also let's you filter games by platform, Deck Compatibility (Playable, and/or Verified), and numerous other options.

There are settings for notifications so you can select what type you'd like to receive or block - receiving a gift, discussion replies, new inventory items, friend invitations, major sales, prepurchased game is available to preload, and of course, when wishlist items go on sale.

As in the desktop client you can select your Home Screen, albeit with some different choices than on desktop, e.g. Store, News, Steam Guard, Notifications.

In general the app seems as full featured as the desktop client. A very welcome change! Keep in mind it is only in beta so expect bugs and changes. I'd say it is already less buggy than the existing app though, so don't be afraid to give it a try because of UI bug worries.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone with no article paywalls. We also don't have tons of adverts, there's also no tracking and we respect your privacy. Just good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register

Or login with...
Sign in with Steam Sign in with Twitter Sign in with Google
Social logins require cookies to stay logged in.