Two factor authentication lol US

2-FACTOR AUTHENTICASHUN

Steam includes two-factor authentication system that requires extra details for various account-related activity. U CAN READ MOAR BOUT IT HER AN HER. DIS PAEG CONSIDERS DAT 2FA SISTEM AS WELL AS R SOLUSHUN DAT INTEGRATEZ WIF IT, CALLD ASF 2FA.

ASF LOGIC

Regardless if you use ASF 2FA or not, ASF includes proper logic and is fully aware of accounts protected by 2FA on Steam. IT WILL ASK U 4 REQUIRD DETAILS WHEN THEYRE NEEDD (SUCH AS DURIN LOGGIN IN). While you can manually provide that information, certain ASF functionalities (such as MatchActively) require ASF 2FA to be operative on your bot account, which can automatically respond to 2FA prompts, automatically, whenever required by ASF.

ASF 2FA

ASF 2FA IZ BUILT-IN MODULE RESPONSIBLE 4 PROVIDIN 2FA FEATUREZ 2 TEH ASF PROCES, SUCH AS GENERATIN TOKENS AN ACCEPTIN CONFIRMASHUNS. It can work either in standalone mode, or by duplicating your existing authenticator details (so that you can use your current authenticator and ASF 2FA at the same time).

U CAN VERIFY WHETHR UR BOT AKOWNT IZ USIN ASF 2FA ALREADY BY EXECUTIN 2fa COMMANDZ. Without setting up ASF 2FA, all standard 2fa commands will be non-operative, which means that your bot is unavailable for advanced ASF features that require the module to be operative.

RECOMMENDASHUNS

THAR R LOT OV WAYS 2 MAK ASF 2FA OPERATIV, HER WE INCLUDE R RECOMMENDASHUNS BASD ON UR CURRENT SITUASHUN:

If you're already using unofficial third-party app that allows you to extract 2FA details with ease, just import those to ASF.
IF URE USIN OFFISHUL APP AN U DOAN MIND RESETTIN UR 2FA CREDENTIALS, TEH BEST WAI IZ 2 DISABLE 2FA, DEN CREATE NEW 2FA CREDENTIALS BY USIN JOINT AUTHENTICATOR, WHICH WILL ALLOW U 2 USE OFFISHUL APP AN ASF 2FA. This method doesn't require root or advanced knowledge, barely following instructions written here, and is arguably superior for this scenario.
IF URE USIN OFFISHUL APP AN DOAN WANTS 2 RECREATE UR 2FA CREDENTIALS, UR OPSHUNS R VRY LIMITD, TYPICALLY ULL NED ROOT AN EXTRA FIDDLIN AROUND 2 IMPORT DOSE DETAILS, AN EVEN WID DAT IT MITE BE IMPOSIBLE.
If you're not using 2FA yet and don't care, we recommend you to use ASF 2FA with standalone authenticator or joint authenticator with official app (same as above).

BELOW WE DISCUS ALL POSIBLE OPSHUNS AN KNOWN 2 US METHODZ.

CREASHUN

ASF comes with an official MobileAuthenticator plugin that further extends ASF 2FA, allowing you to link a completely new 2FA authenticator. DIS CAN BE USEFUL IN CASE URE UNABLE OR UNWILLIN 2 USE OTHR TOOLS AN DO NOT MIND ASF 2FA BECOMIN UR MAIN (AN MAYBE ONLY) AUTHENTICATOR. Creation process is also used in joint-authenticator method, naturally in this scenario your authenticator can co-exist in two places at once - both will generate the same codes and both will be able to confirm the same confirmations.

COMMON STEPS 4 BOTH SCENARIOS

No matter if you plan to use ASF as the standalone or joint authenticator, you need to do those initialization steps:

CREATE AN ASF BOT 4 DA TARGET AKOWNT, START IT, AN LOG IN, WHICH U PROBABLY ALREADY DID.
Assign a working and operational phone number to the account here to be used by the bot. This will allow you to receive SMS code and allow recovery if needed. This step is not mandatory in all scenarios, however, we recommend it unless you know what you're doing.
ENSURE URE NOT USIN 2FA YET 4 UR AKOWNT, IF U DO, DISABLE IT FURST. This will put your account on temporary trade-hold, there is no way around it, only import process can skip it.
EXECUTE TEH 2fainit [Bot] COMMAND, REPLACIN [Bot] WIF UR BOTS NAYM.

ASSUMIN U GOT SUCCESFUL REPLY, TEH FOLLOWIN 2 THINGS HAS HAPPEND:

A NEW <Bot>.maFile.PENDING FILE WUZ GENERATD BY ASF IN UR config DIRECTORY.
SMS WUZ SENT FRUM STEAM 2 TEH FONE NUMBR U HAS ASSIGND 4 DA AKOWNT ABOOV. IF U DIDNT SET FONE NUMBR, DEN AN EMAIL WUZ SENT INSTEAD 2 TEH AKOWNT E-MAIL ADDRES.

TEH AUTHENTICATOR DETAILS R NOT OPERASHUNAL YET, HOWEVR, U CAN REVIEW TEH GENERATD FILE IF UD LIEK 2. IF U WANTS 2 BE DOUBLE SAFE, U CAN, 4 EXAMPLE, ALREADY RITE DOWN TEH REVOCASHUN CODE. TEH NEXT STEPS WILL DEPEND ON UR SELECTD SCENARIO.

STANDALONE AUTHENTICATOR

If you want to use ASF as your main (or even only) authenticator, now you need to do the final finalization step:

EXECUTE TEH 2fafinalize [Bot] <ActivationCode> COMMAND, REPLACIN [Bot] WIF UR BOTS NAYM AN <ActivationCode> WIF TEH CODE UVE RECEIVD THRU SMS RO MALI IN DA PREVIOUS STEP.

JOINT AUTHENTICATOR

If you want to have the same authenticator in both ASF and the official Steam mobile app, now you need to do the next, more tricky steps:

Ignore the SMS or e-mail code that you've received in the previous step.
INSTALL TEH STEAM MOBILE APP IF IZ NOT INSTALLD YET, AN OPEN IT. NAVIGATE 2 TEH STEAM GUARD TAB AN ADD NEW AUTHENTICATOR BY FOLLOWIN TEH APPS INSTRUCSHUNS.
AFTR UR AUTHENTICATOR IN DA MOBILE APP IZ ADDD AN WERKIN, RETURN 2 ASF. Now, instead of finalization, we only need to inform ASF that mobile app already activated our previously-generated details:

Wait until the next 2FA code is shown in the Steam mobile app, and use the command 2fafinalized [Bot] <2FACodeFromApp> replacing [Bot] with your bot's name and <2FACodeFromApp> with the code you currently see in the Steam mobile app. If the code generated by ASF and the code you provided are equal, ASF will assume that an authenticator was added correctly and proceed with importing your newly created authenticator.
WE STRONGLY RECOMMEND 2 DO TEH ABOOV IN ORDR 2 ENSURE DAT UR CREDENTIALS R VALID. HOWEVR, IF U DOAN WANTS 2 (OR CANT) CHECK IF CODEZ R TEH SAME AN U KNOE WUT URE DOIN, U CAN INSTEAD USE TEH COMMAND 2fafinalizedforce [Bot], REPLACIN [Bot] WIF UR BOTS NAYM. ASF WILL ASSUME DAT TEH AUTHENTICATOR WUZ ADDD RITE AN PROCED WIF IMPORTIN UR NEWLY CREATD AUTHENTICATOR.

AFTR FINALIZASHUN

ASSUMIN EVRYTHIN WERKD PROPERLY, TEH PREVIOUSLY GENERATD <Bot>.maFile.PENDING FILE WUZ RENAMD 2 <Bot>.maFile.NEW. DIS INDICATEZ DAT UR 2FA CREDENTIALS R NAO VALID AN ACTIV. We recommend that you move that file to a secure and safe location. In addition to that, if you've decided to use standalone authenticator, then we recommend you to open the file in your editor of choice and write down the revocation_code, which will allow you to, as the name implies, revoke the authenticator in case you lose it. In joint-authenticator method, you should've already done that in Steam mobile app, but feel free to do the same in case you need to.

In regards to technical details, the generated maFile includes all details that we've received from the Steam server during linking the authenticator, and in addition to that, the device_id field, which may be needed for other (third-party) authenticators, if you ever decide to import that maFile into them.

ASF AUTOMATICALLY IMPORTS UR AUTHENTICATOR ONCE TEH PROCEDURE IZ DUN, AN THEREFORE 2fa AN OTHR RELATD COMMANDZ SHUD NAO BE OPERASHUNAL 4 DA BOT AKOWNT U LINKD TEH AUTHENTICATOR 2. We recommend you to verify that.

IMPORT

IMPORT PROCES REQUIREZ ALREADY LINKD AN OPERASHUNAL AUTHENTICATOR DAT IZ SUPPORTD BY ASF. We have instructions for a few different official and unofficial sources of 2FA, on top of manual method which allows you to provide required credentials yourself. Please note that those instructions should be used only if you're already using given solution - since process here involves third-party apps and tools, we do not recommend using them, and we're mentioning it exclusively for people that already decided to use them and would like to import generated details into ASF 2FA.

ALL FOLLOWIN GUIDEZ REQUIRE FRUM U 2 ALREADY HAS WERKIN AN OPERASHUNAL AUTHENTICATOR BEAN USD WIF GIVEN TOOL/APPLICASHUN. ASF 2FA WILL NOT OPERATE PROPERLY IF U IMPORT INVALID DATA, THEREFORE MAK SURE DAT UR AUTHENTICATOR WERKZ PROPERLY BEFORE ATTEMPTIN 2 IMPORT IT. DIS DOEZ INCLUDE TESTIN AN VERIFYIN DAT FOLLOWIN AUTHENTICATOR FUNCSHUNS WERK PROPERLY:

U CAN GENERATE TOKENS AN DOSE TOKENS R ACCEPTD BY STEAM NETWORK
U CAN FETCH CONFIRMASHUNS, AN THEY R ARRIVIN ON UR MOBILE AUTHENTICATOR
You can react to those confirmations, and they're properly recognized by Steam network as confirmed/rejected

Ensure that your authenticator works by checking if above actions work - if they don't, then they won't work in ASF either.

ANDROID FONE

In general for importing authenticator from your Android phone you will need root access. TEH BELOW INSTRUCSHUNS REQUIRE FRUM U FAIRLY DESENT KNOWLEDGE IN ANDROID MODDIN WURLD, WERE DEFINITELY NOT GOIN 2 EXPLAIN EVRY STEP HER, VISIT XDA AN OTHR RESOURCEZ 4 ADDISHUNAL INFORMASHUN/HALP WIF BELOW.

Assuming you have official Steam app working and operational (requires rooting your device):

INSTALL MAGISK AN ENABLE ZYGISK IN DA SETTINGS.
INSTALL LPosed (4 ZYGISK) AN ENSURE IT WERKZ.
INSTALL SteamGuardExtractor LSPOSD MODULE AN ENABLE IT IN LSPOSD SETTINGS.
FORCE KILL STEAM APP, DEN OPEN IT, WINDOW WIF EXTRACTD DETAILS SHUD POP UP, CLICK COPY.

NAO DAT UVE SUCCESFULLY EXTRACTD REQUIRD DETAILS, DISABLE TEH MODULE 2 PREVENT TEH WINDOW FRUM SHOWIN EACH TIEM, DEN COPY VALUE OV shared_secret AN identity_secret OV TEH AKOWNT DAT U INTEND 2 ADD 2 ASF 2FA, INTO NEW TEXT FILE WIF BELOW STRUCCHUR:

{
  "shared_secret": "STRING",
  "identity_secret": "STRING"
}

REPLACE EACH STRIN VALUE WIF APPROPRIATE PRIVATE KEY FRUM EXTRACTD DETAILS. ONCE U DO DAT, RENAME TEH FILE 2 BotName.maFile WER BotName IZ TEH NAYM OV UR BOT URE ADDIN ASF 2FA 2, AN PUT IT IN ASFS config DIRECTORY IF U HAVENT YET.

Launch ASF, which should notice your file and import it. Assuming that you've imported the correct file with valid secrets, everything should work properly, which you can verify by using 2fa commands. IF U MADE MISTAEK, U CAN ALWAYS REMOOV Bot.db AN START OVAR IF NEEDD.

SteamDesktopAuthenticator

IF U HAS UR AUTHENTICATOR RUNNIN IN SDA ALREADY, U SHUD NOTICE DAT THAR IZ steamID.maFile FILE AVAILABLE IN maFiles FOLDR. MAK SURE DAT maFile IZ IN UNENCRYPTD FORM, AS ASF CANT DECRYPT SDA FILEZ - UNENCRYPTD FILE CONTENT SHUD START WIF { AN END WIF } CHARACTR. IF NEEDD, U CAN REMOOV TEH ENCRYPSHUN FRUM SDA SETTINGS FURST, AN ENABLE IT AGAIN WHEN URE DUN. ONCE TEH FILE IZ IN UNENCRYPTD FORM, COPY IT 2 config DIRECTORY OV ASF.

U CAN NAO RENAME steamID.maFile 2 BotName.maFile IN ASF CONFIG DIRECTORY, WER BotName IZ TEH NAYM OV UR BOT URE ADDIN ASF 2FA 2. ALTERNATIVELY U CAN LEEF IT AS IT IZ, ASF WILL DEN PICK IT AUTOMATICALLY AFTR LOGGIN IN. RENAMIN TEH FILE HELPS ASF BY MAKIN IT POSIBLE 2 USE ASF 2FA BEFORE LOGGIN IN, IF U DOAN DO DAT, DEN TEH FILE CAN BE PICKD ONLY AFTR ASF SUCCESFULLY LOGS IN (AS ASF DOESNT KNOE steamID OV UR AKOWNT BEFORE IN FACT LOGGIN IN).

Launch ASF, which should notice your file and import it. Assuming that you've imported the correct file with valid secrets, everything should work properly, which you can verify by using 2fa commands. IF U MADE MISTAEK, U CAN ALWAYS REMOOV Bot.db AN START OVAR IF NEEDD.

WinAuth

FIRSTLY CREATE NEW EMPTY BotName.maFile IN ASF CONFIG DIRECTORY, WER BotName IZ TEH NAYM OV UR BOT URE ADDIN ASF 2FA 2. IF U PROVIDE INCORRECT NAYM, IT WONT BE PICKD BY ASF.

NAO LAUNCH WINAUTH AS USUAL. RITE CLICK ON STEAM ICON AN SELECT "SHOW STEAMGUARD AN RECOVERY CODE". DEN CHECK "ALLOW COPY". U SHUD NOTICE FAMILIAR 2 U JSON STRUCCHUR ON TEH BOTTOM OV TEH WINDOW, STARTIN WIF {. COPY WHOLE TEXT INTO BotName.maFile FILE CREATD BY U IN PREVIOUS STEP.

Launch ASF, which should notice your file and import it. Assuming that you've imported the correct file with valid secrets, everything should work properly, which you can verify by using 2fa commands. IF U MADE MISTAEK, U CAN ALWAYS REMOOV Bot.db AN START OVAR IF NEEDD.

Manual

IF URE ADVANCD USR, U CAN ALSO GENERATE MAFILE MANUALLY. DIS CAN BE USD IN CASE UD WANTS 2 IMPORT AUTHENTICATOR FRUM OTHR SOURCEZ THAN TEH ONEZ WEVE DESCRIBD ABOOV. IT SHUD HAS VALID JSON STRUCCHUR OV:

{
  "shared_secret": "STRING",
  "identity_secret": "STRING"
}

STANDARD AUTHENTICATOR DATA HAS MOAR FIELDZ - THEYRE ENTIRELY IGNORD BY ASF DURIN IMPORT, AS THEYRE NOT NEEDD. You don't need to remove them - ASF only requires valid JSON with 2 mandatory fields described above, and will ignore additional fields (if any). OV COURSE, U NED 2 REPLACE STRING PLACEHOLDR IN DA EXAMPLE ABOOV WIF VALID VALUEZ 4 UR AKOWNT. EACH STRING SHUD BE BASE64-ENCODD REPRESENTASHUN OV BYTEZ TEH APPROPRIATE PRIVATE KEY IZ MADE OV.

FAQ

HOW IZ ASF MAKIN USE OV 2FA MODULE?

IF ASF 2FA IZ AVAILABLE, ASF WILL USE IT 4 AUTOMATIC CONFIRMASHUN OV TRADEZ DAT R BEAN SENT/ACCEPTD BY ASF. IT WILL ALSO BE CAPABLE OV AUTOMATICALLY GENERATIN 2FA TOKENS ON AS-NEEDD BASIS, 4 EXAMPLE IN ORDR 2 LOG IN. IN ADDISHUN 2 DAT, HAVIN ASF 2FA ALSO ENABLEZ 2fa COMMANDZ 4 U 2 USE.

How can I obtain 2FA token?

U WILL NED 2FA TOKEN 2 ACCES 2FA-PROTECTD AKOWNT, DAT INCLUDEZ EVRY AKOWNT WIF ASF 2FA AS WELL. If you've decided to use standalone authenticator, then you should use 2fa <BotNames> command to generate temporary token for given bot instances. In all other scenarios, we recommend to use original authenticator that you've used, although you can use the command as well if it's more convenient to you.

I CAN USE MAH ORIGINAL AUTHENTICATOR AFTR IMPORTIN IT AS ASF 2FA?

YEZ, UR ORIGINAL AUTHENTICATOR REMAINS FUNCSHUNAL AN U CAN USE IT TOGETHR WIF USIN ASF 2FA.c Keep in mind however that if you invalidate it through any method, then linked ASF 2FA credentials will also no longer be valid.

HOW 2 REMOOV ASF 2FA?

SIMPLY STOP ASF AN REMOOV ASSOCIATD BotName.db OV TEH BOT WIF LINKD ASF 2FA U WANTS 2 REMOOV. This option will remove associated imported 2FA with ASF, but will NOT invalidate (unlink) your authenticator. If you instead want to invalidate your authenticator, apart from removing it from ASF (firstly), you should unlink it in original authenticator of your choice. If you can't do that for some reason, for example because you're using ASF 2FA in standalone mode, then use revocation code that you've received during setup, on the Steam website. It's not possible to invalidate your authenticator through ASF.

I linked authenticator in third-party app, then imported to ASF. Can I now link it again on my phone?

NO. Doing so will invalidate the previously imported credentials and your ASF 2FA will stop functioning (by generating codes no longer being accepted by Steam). Firstly decide where you want to have your original or third-party authenticator located, then import it as ASF 2FA.

Is using ASF 2FA better than third-party authenticator set to accept all confirmations?

YEZ, IN SEVERAL WAYS. FURST AN MOST IMPORTANT WAN - USIN ASF 2FA SIGNIFICANTLY INCREASEZ UR SECURITY, AS ASF 2FA MODULE ENSUREZ DAT ASF WILL ONLY ACCEPT AUTOMATICALLY ITZ OWN CONFIRMASHUNS, SO EVEN IF ATTACKR DOEZ REQUEST TRADE DAT IZ HARMFUL, ASF 2FA WILL NOT ACCEPT SUCH TRADE, AS IT WUZ NOT GENERATD BY ASF. In addition to security part, using ASF 2FA also brings performance/optimization benefits, as ASF 2FA fetches and accepts confirmations immediately after they're generated, and only then, as opposed to inefficient polling for confirmations each X minutes which is achieved by other solutions. There is no reason to use third-party authenticator over ASF 2FA, if you plan on automating confirmations generated by ASF - that's exactly what ASF 2FA is for, and using it does not conflict with you confirming everything else in authenticator of your choice. We strongly recommend to use ASF 2FA for entire ASF activity.