2FAA.app

How to Enable 2FA on Steam

Steam accounts hold game libraries, inventories, and wallet funds that resell for real money, which makes them a constant phishing target. Steam's 2FA — Steam Guard — works differently from every other platform on this list: codes come only from the official Steam Mobile app.

Steam does not support standard TOTP authenticators. There is no QR code to scan with Google Authenticator, Authy, or 2FAA — the Steam Guard Mobile Authenticator inside the official Steam app is the only supported way to get codes.

Quick path: Steam Mobile app → menu → Steam Guard → Set up authenticator

Step-by-step: 2FA setup on Steam

  1. 1

    Install the Steam Mobile app

    Get the official Steam app from the App Store or Google Play and sign in to your account.

  2. 2

    Add a phone number if asked

    Steam requires a verified phone number on the account before enabling the authenticator. The app walks you through SMS verification.

  3. 3

    Open Steam Guard in the app

    Tap the shield icon (Steam Guard) in the app's navigation, then choose 'Set up authenticator'.

  4. 4

    Save your recovery code

    Steam shows a recovery code starting with 'R'. Write it down on paper — it's the only way to move or remove the authenticator if you lose the phone.

  5. 5

    Confirm logins and trades from now on

    New sign-ins show a 5-character Steam Guard code in the app (or a one-tap approval). Trades and Community Market listings ask for in-app confirmation.

Protect your other accounts with 2FAA

This platform issues codes through its own app, but most services — Discord, GitHub, Google, Epic Games — use standard TOTP. 2FAA generates those codes free in your browser, no install needed.

Open 2FAA AuthenticatorImport from Google Authenticator

Frequently asked questions

Why can't I add Steam to Google Authenticator or 2FAA?

Steam uses a proprietary variant of TOTP — 5-character alphanumeric codes with a secret that's only delivered to the official mobile app through an authenticated API. Steam never shows you a QR code or setup key, so there's nothing official to add to a third-party app.

What's the difference between email Steam Guard and the Mobile Authenticator?

Email Steam Guard (codes sent to your inbox) is the default and weaker option — anyone who controls your email controls your Steam. The Mobile Authenticator generates codes on your phone and additionally unlocks instant trading.

What is the 15-day trade hold everyone mentions?

Without the Mobile Authenticator (or if it's been active under 7 days), items you trade or list on the Community Market are held by Steam for up to 15 days as anti-theft protection. With the authenticator active for 7+ days, trades and listings are instant.

I lost my phone — how do I recover Steam Guard?

Use your 'R' recovery code on the login screen ('Help, I no longer have access to my Mobile Authenticator') to remove or move the authenticator. Without it, Steam Support recovery requires proof of ownership like purchase history, and takes days.

Can I still use 2FAA for anything Steam-related?

Not for Steam itself — but the rest of your gaming stack (Discord, Epic Games, Twitch) uses standard TOTP, and 2FAA handles all of those in one place in your browser.

Other 2FA setup guides

Discord 2FAEpic Games / Fortnite 2FARoblox 2FASpotify 2FAPayPal 2FATwitch 2FA