Two factor authentication zh HK

雙重驗證

Steam includes two-factor authentication system known as "Escrow" that requires extra details for various account-related activity. 詳情請見**「交易與市場確認」及交易與市集託管**。 This page considers that 2FA system as well as our solution that integrates with it, called ASF 2FA.

---

ASF 邏輯

Regardless if you use ASF 2FA or not, ASF includes proper logic and is fully aware of accounts protected by standard 2FA. 它會在需要時「例如在登錄期間」向您請求所需的詳細資訊。 However, those requests can be automated by using ASF 2FA, which will automatically generate required tokens, saving you hassle and enabling extra functionality (described below).

---

ASF 2FA

ASF 2FA is a built-in module responsible for providing 2FA features to the ASF process, such as generating tokens and accepting confirmations. It works by duplicating your existing authenticator details, so that you can use your current authenticator and ASF 2FA at the same time.

您可以執行2fa**命令**以檢查機械人帳戶是否已啟用2FA。 Unless you've already imported your authenticator as ASF 2FA, all standard 2fa commands will be non-operative, which means that your account is not using ASF 2FA, therefore it's also unavailable for advanced ASF features that require the module to be operative.

---

Recommendations

There are a lot of ways to make ASF 2FA operative, here we include our recommendations based on your current situation:

• If you're already using SteamDesktopAuthenticator, WinAuth or any other third-party app that allows you to extract 2FA details with ease, just import those to ASF.
• If you're using official app and you don't mind resetting your 2FA credentials, the best way is to disable 2FA, then create new 2FA credentials by using joint authenticator, which will allow you to use official app and ASF 2FA. This method doesn't require root or advanced knowledge, barely following instructions.
• If you're using official app and don't want to recreate your 2FA credentials, your options are very limited, typically you'll need root and extra fiddling around to import those details, and even with that it might be impossible.
• If you're not using 2FA yet and don't care, you can use ASF 2FA with standalone authenticator, third-party app duplicating to ASF (recommendation #1), or joint authenticator with official app (recommendation #2).

Below we discuss all possible options and known to us methods.

---

Creation

In general, we strongly recommend duplicating your existing authenticator, since that's the main purpose ASF 2FA was designed for. However, ASF comes with an official MobileAuthenticator plugin that further extends ASF 2FA, allowing you to link a completely new authenticator as well. This can be useful in case you're unable or unwilling to use other tools and do not mind ASF 2FA becoming your main (and maybe only) authenticator.

There are two possible scenarios for adding a two-factor authenticator with the MobileAuthenticator plugin: standalone or joint with the official Steam mobile app. In the second scenario, you will end up with the same authenticator on both the ASF and mobile app; both will generate the same codes, and both will be able to confirm trade offers, Steam Community Market transactions, etc.

Common steps for both scenarios

No matter if you plan to use ASF as the standalone authenticator or want the same authenticator on the official Steam mobile app, you need to do those initialization steps:

1. Create an ASF bot for the target account, start it, and log in, which you probably already did.
2. Optionally, assign a working and operational phone number to the account here to be used by the bot. This will allow you to receive SMS code and allow recovery if needed, but it's not mandatory.
3. Ensure you're not using 2FA yet for your account, if you do, disable it first.
4. Execute the 2fainit [Bot] command, replacing [Bot] with your bot's name.

Assuming you got a successful reply, the following two things have happened:

• A new <Bot>.maFile.PENDING file was generated by ASF in your config directory.
• SMS was sent from Steam to the phone number you have assigned for the account above. If you didn't set a phone number, then an email was sent instead to the account e-mail address.

The authenticator details are not operational yet, however, you can review the generated file if you'd like to. If you want to be double safe, you can, for example, already write down the revocation code. The next steps will depend on your selected scenario.

Standalone authenticator

If you want to use ASF as your main (or even only) authenticator, now you need to do the finalization step:

5. Execute the 2fafinalize [Bot] <ActivationCode> command, replacing [Bot] with your bot's name and <ActivationCode> with the code you've received through SMS or e-mail in the previous step.

Joint authenticator

If you want to have the same authenticator in both ASF and the official Steam mobile app, now you need to do the next steps:

5. Ignore the SMS or e-mail code that you've received after the previous step.
6. Install the Steam mobile app if it's not installed yet, and open it. Navigate to the Steam Guard tab and add a new authenticator by following the app's instructions.
7. After your authenticator in the mobile app is added and working, return to ASF. You now need to tell ASF that finalization is done with the help of one of the two commands below:

• Wait until the next 2fa code is shown in the Steam mobile app, and use the command 2fafinalized [Bot] <2fa_code_from_app> replacing [Bot] with your bot's name and <2fa_code_from_app> with the code you currently see in the Steam mobile app. If the code generated by ASF and the code you provided are the same, ASF assumes that an authenticator was added correctly and proceeds with importing your newly created authenticator.
• We strongly recommend to do the above in order to ensure that your credentials are valid. However, if you don't want to (or can't) check if codes are the same and you know what you're doing, you can instead use the command 2fafinalizedforce [Bot], replacing [Bot] with your bot's name. ASF will assume that the authenticator was added correctly and proceed with importing your newly created authenticator.

After finalization

Assuming everything worked properly, the previously generated <Bot>.maFile.PENDING file was renamed to <Bot>.maFile.NEW. This indicates that your 2FA credentials are now valid and active. We recommend that you create a copy of that file and keep it in a secure and safe location. In addition to that, we recommend you open the file in your editor of choice and write down the revocation_code, which will allow you to, as the name implies, revoke the authenticator in case you lose it.

In regard to technical details, the generated maFile includes all details that we have received from the Steam server during linking the authenticator, and in addition to that, the device_id field, which may be needed for other authenticators. The file is fully compatible with SDA for import.

ASF automatically imports your authenticator once the procedure is done, and therefore 2fa and other related commands should now be operational for the bot account you linked the authenticator to.

---

導入

Import process requires already linked and operational authenticator that is supported by ASF. ASF currently supports a few different official and unofficial sources of 2FA - Android, iOS, SteamDesktopAuthenticator and WinAuth, on top of manual method which allows you to provide required credentials yourself. If you don't have any authenticator yet, you need to choose one of available apps and set it up firstly. 如果您不知道選擇哪一個，我們推薦 WinAuth，但只要您按照說明操作，上述任何一項都可以正常工作。

以下所有指南都要求您已擁有在上述工具/應用程式中 可運行的身份驗證器。 如果導入無效資料，ASF 2FA將無法正常運行，因此在嘗試導入資料之前，請確保您的身份驗證器運行正常。 這包括測試和驗證以下身份驗證器功能能否正常運行：

• 您可以生成代碼，且它們受Steam網絡承認
• 您可以由流動身份驗證器獲取交易確認
• 您可以接受這些交易確認，並且它們被Steam網絡正確地識別為確認/拒絕

Ensure that your authenticator works by checking if above actions work - if they don't, then they won't work in ASF either, you'll only waste time and cause yourself additional trouble.

---

Android手機

The below instructions apply to Steam app in version 2.X, there are currently limited resources on extracting required details from version 3.0 onwards. We'll update this section once generally-available method is found. As of today, a workaround would be to intentionally install older version of Steam app, register 2FA and extract the required details first, after which it's possible to update the application to latest version - existing authenticator will continue to work.

通常情況下，您需要**root**權限以從您的Android手機導入身份驗證器。 Root方法因裝置而異，所以我無法指導您root您的設備。 Visit XDA for excellent guides on how to do that, as well as general information on rooting in general. 如果您找不到適用於您的設備或教程，嘗試有效利用Google搜索。

理論上來説，沒有root權限就無法訪問受保護的Steam檔案。 The only official non-root method for extracting Steam files is creating unencrypted /data backup in one way or another and manually fetching appropriate files from it on your PC, however because such thing highly depends on your phone manufacturer and is not in Android standard, we won't discuss it here. 如果您很幸運有這樣的功能，你可以考慮利用它，但大多數用戶並非如此。

Unofficially, it is possible to extract the needed files without root access, by installing or downgrading your Steam app to version 2.1 (or earlier), setting up mobile authenticator and then creating a snapshot of the app (together with the data files that we need) through adb backup. 但是，由於這種提取文件的方式存在嚴重的安全漏洞，且完全沒有技術支援，我們將不會在此詳細說明，原因之一是Valve在新版本中禁用此安全漏洞，我們僅是提到存在使用此方法的可能性。 Still, it might be possible to do a clean install of that version, link new authenticator, extract the required files, and then upgrade the app, which should be just enough, but you're on your own with this method anyway.

Assuming that you've successfully rooted your phone, you should afterwards download any root explorer available on the market, such as this one (or any other one of your preference). 您還可以通過ADB（Android Debug Bridge）或任何其他可用的方法訪問受保護的檔案，我們將通過資源管理器進行訪問，因為它絕對是對用戶最友好的方式。

打開根瀏覽器後，導航到/data/data資料夾。 請記住，/data/data目錄受到保護，如果沒有root訪問權限，您將無法訪問它。 在那找到com.valvesoftware.android.steam.community資料夾並將其複製到/sdcard，它指向您的內置內部存儲。 之後，您應該可以將手機連接到PC並像往常一樣從內部存儲器中復製資料夾。 如果您確定已將資料夾複製到正確的位置可該資料夾無法顯示，請嘗試重新啟動手機。

Now, you can choose if you want to import your authenticator to WinAuth first, then to ASF, or to ASF right away. 先將驗證器導入WinAuth的選項更友好，它允許您在您的PC上備份身份驗證器，這樣您就可以從3個不同的地方生成代碼並確認交易──您的手機，您的PC以及ASF。 如果您想這樣做，只需打開WinAuth，添加新的Steam身份驗證器並從Android選項中選擇導入，然後遵循指南，訪問您之前獲得的檔案。 完成後，您可以將此驗證器從WinAuth導入ASF，這將在下面的WinAuth部分中專門進行說明。

If you don't want to or don't need to go through WinAuth, then simply copy files/Steamguard-<SteamID> file from our protected directory, where SteamID is your 64-bit Steam identificator of the account that you want to add (if more than one, because if you have only one account then this will be the only file). 您需要將該檔放入ASFconfig目錄中。 Once you do that, rename the file to BotName.maFile, where BotName is the name of your bot you're adding ASF 2FA to. After this step, launch ASF - it should notice the .maFile and import it.

[*] INFO: ImportAuthenticator() <1> Converting .maFile into ASF format...
[*] INFO: ImportAuthenticator() <1> Successfully finished importing mobile authenticator!

That's all, assuming that you've imported the correct file with valid secrets, everything should work properly, which you can verify by using 2fa commands. If you made a mistake, you can always remove Bot.db and start over if needed.

---

iOS

For iOS you can use ios-steamguard-extractor. This is possible thanks to the fact that you can make decrypted backup, put in on your PC and use the tool in order to extract Steam data that is otherwise impossible to get (at least without jailbreak, due to iOS encryption).

Head over to latest release in order to download the program. Once you extract the data you can put it e.g. in WinAuth, then from WinAuth to ASF (although you can also simply copy generated json starting from { ending on } into BotName.maFile and proceed like usual). If you ask me, I strongly recommend to import to WinAuth first, then making sure that both generating tokens as well as accepting confirmations work properly, so you can be sure that everything is alright. If your credentials are invalid, ASF 2FA will not work properly, so it's much better to make ASF import step your last one.

有關問題/錯誤，請訪問** issues **。

請記住，上面的工具是非官方的，您使用它需要自擔風險。 We do not offer technical support if it doesn't work properly - we got a few signals that it's exporting invalid 2FA credentials - verify that confirmations work in authenticator like WinAuth prior to importing that data to ASF!

---

Steam桌面驗證器

如果您的身份驗證器已經在SDA中運行，您應該注意到maFiles資料夾中存在steamID.maFile文件。 Make sure that maFile is in unencrypted form, as ASF can't decrypt SDA files - unencrypted file content should start with { and end with } character. If needed, you can remove the encryption from SDA settings first, and enable it again when you're done. Once the file is in unencrypted form, copy it to config directory of ASF.

You can now rename steamID.maFile to BotName.maFile in ASF config directory, where BotName is the name of your bot you're adding ASF 2FA to. 或者您可以保持原樣，ASF會在登錄後自動識別它。 Renaming the file helps ASF by making it possible to use ASF 2FA before logging in, if you don't do that, then the file can be picked only after ASF successfully logs in (as ASF doesn't know steamID of your account before in fact logging in).

如果您正確執行了所有操作，請啟動ASF，您應該注意到：

[*] INFO: ImportAuthenticator() <1> Converting .maFile into ASF format...
[*] INFO: ImportAuthenticator() <1> Successfully finished importing mobile authenticator!

從現在開始，您的ASF 2FA應該可以在此帳戶運行。

---

WinAuth

Firstly create new empty BotName.maFile in ASF config directory, where BotName is the name of your bot you're adding ASF 2FA to. Remember that it should be BotName.maFile and NOT BotName.maFile.txt, Windows likes to hide known extensions by default. 如果您提供的名稱不正確，ASF將不會識別它。

現在像往常一樣啟動WinAuth。 右鍵單擊Steam圖標，然後選擇“顯示SteamGuard和恢復代碼”。 然後選擇“允許複製”。 You should notice familiar to you JSON structure on the bottom of the window, starting with {. Copy whole text into a BotName.maFile file created by you in previous step.

如果您正確執行了所有操作，請啟動ASF，您應該注意到：

[*] INFO: ImportAuthenticator() <1> Converting .maFile into ASF format...
[*] INFO: ImportAuthenticator() <1> Successfully finished importing mobile authenticator!

從現在開始，您的ASF 2FA應該可以在此帳戶運行。

---

完成

From this moment, all 2fa commands will work as they'd be called on your classic 2FA device. You can use both ASF 2FA and your authenticator of choice (Android, iOS, SDA or WinAuth) to generate tokens and accept confirmations.

If you have authenticator on your phone, you can optionally remove SteamDesktopAuthenticator and/or WinAuth, as we won't need it anymore. However, I suggest to keep it just in case, not to mention that it's more handy than normal steam authenticator. Just keep in mind that ASF 2FA is NOT a general purpose authenticator, it doesn't include all data that authenticator should have, but limited subset of original maFile. It's not possible to convert ASF 2FA back to original authenticator, therefore always make sure that you have general-purpose authenticator or maFile in other place, such as in WinAuth/SDA, or on your phone.

---

如何使用

ASF如何使用2FA模組？

如果ASF 2FA可用，ASF將使用它自動確認由ASF發送/接受的交易。 它還可以根據需要自動生成2FA代碼，例如為了登錄。 除此之外，還可以執行2fa命令以使用ASF 2FA。 That should be all for now, if I didn't forget about anything - basically ASF uses 2FA module on as-needed basis.

---

為何我需要2FA代碼？

您需要2FA代碼才能訪問受2FA保護的帳戶，其中包括具有ASF 2FA的每個帳戶。 您應該在用於導入的身份驗證器中生成代碼，但您也可以通過聊天向給定機器人的發送2fa命令生成臨時代碼。 您還可以使用2fa <BotNames>命令為給定的機械人實例生成臨時代碼。 這應該足以讓您訪問機械人帳戶，例如通過瀏覽器，但如上所述——您應該使用友好的身份驗證器（Android，iOS，SDA或WinAuth）。

---

在導入ASF 2FA後，我可以使用我原有的身份驗證器嗎？

是的，您的原始驗證器仍然可用並可以與ASF 2FA一起使用。 這就是整個過程——我們將您的身份驗證器憑據導入ASF，因此ASF可以使用它們並代表您接受選定的確認。

---

ASF流動身份驗證器在哪裏保存？

ASF流動驗證器以及與給定帳戶相關的其他關鍵數據保存在配置目錄中的BotName.db檔案中。 如果您想移除ASF 2FA，請閱讀以下內容。

---

如何移除ASF 2FA？

Simply stop ASF and remove associated BotName.db of the bot with linked ASF 2FA you want to remove. This option will remove associated imported 2FA with ASF, but will NOT delink your authenticator. If you instead want to delink your authenticator, apart from removing it from ASF (firstly), you should delink it in authenticator of your choice (Android, iOS, SDA or WinAuth), or - if you can't for some reason, use revocation code that you received during linking that authenticator, on the Steam website. It's not possible to unlink your authenticator through ASF, this is what general-purpose authenticator that you already have should be used for.

---

我將身份驗證器鏈接到SDA/WinAuth，然後導入到ASF。 我現在可以取消鏈接並在手機上再次鏈接嗎？

從未。 ASF 導入您的身份驗證器數據以便使用它。 如上所述，如果您使用身份驗證器，那麼您也會導致ASF 2FA停止運行，無論您是否首先將其移除。 如果您想在手機和ASF上使用身份驗證器（加上SDA/WinAuth中的身份驗證器），那麼您需要從手機中導入您的身份驗證器，而不是在SDA/WinAuth中創建新身份驗證器。 您只能擁有一個鏈接身份驗證器，這就是ASF 導入該身份驗證器及其數據的原因，以便將其用作ASF 2FA——它與原本的身份驗證器相同，只是存在於兩個地方。 If you decide to delink your mobile authenticator credentials - regardless in which way, ASF 2FA will stop working, as previously copied mobile authenticator credentials will no longer be valid. 如上所述，要在手機上將ASF 2FA與身份驗證器一起使用，您必須將其從Android/iOS導入。

---

使用ASF 2FA比WinAuth/SDA/其他驗證器接受所有確認更好嗎？

是的，有幾個原因。 First and most important one - using ASF 2FA significantly increases your security, as ASF 2FA module ensures that ASF will only accept automatically its own confirmations, so even if attacker does request a trade that is harmful, ASF 2FA will not accept such trade, as it was not generated by ASF. In addition to security part, using ASF 2FA also brings performance/optimization benefits, as ASF 2FA fetches and accepts confirmations immediately after they're generated, and only then, as opposed to inefficient polling for confirmations each X minutes done e.g. by SDA or WinAuth. In short, there is no reason to use third-party authenticator over ASF 2FA, if you plan on automating confirmations generated by ASF - that's exactly what ASF 2FA is for, and using it does not conflict with you confirming everything else in authenticator of your choice. We strongly recommend to use ASF 2FA for entire ASF activity - this is much more secure than any other solution.

---

進階

如果您是高級用戶，還可以手動生成maFile。 This can be used in case you'd want to import authenticator from other sources than the ones we've described above. 它應有的**有效JSON結構**如下：

{
  "shared_secret": "STRING",
  "identity_secret": "STRING"
}

標準驗證器數據有更多字段——在導入期間它們完全被ASF忽略，因為它們不是必需的。 You don't have to remove them - ASF only requires valid JSON with 2 mandatory fields described above, and will ignore additional fields (if any). Of course, you need to replace STRING placeholder in the example above with valid values for your account. Each STRING should be base64-encoded representation of bytes the appropriate private key is made of.