Hacker News new | past | comments | ask | show | jobs | submit login

The argument I've heard for why steam requires a custom 2fa is to do with trading on the marketplace [1]

The custom component makes sure that marketplace activity is valid (somewhat like the custom banking dongles you get that require both your pin and some transaction identifier).

They'd be better off allowing the option of standard TOTP auth for login, so users can use a standard authenticator app, and then layer on a custom app for trading if needed.

1: http://steamcommunity.com/discussions/forum/0/49463187366895...

Right their needs don't really justify a custom 2FA at all. Security through obscurity isn't all that much of an advantage and bundling the trade approvals and 2FA into the same app is maybe nicer for some users, but technically unnecessary. If anything it just scans as Valve's traditional NIH syndrome being exhibited here.

Can you elaborate? I don't use the marketplace; how does the custom component achieve any of that?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact