Two factor authentication zh CN

两步验证

Steam includes two-factor authentication system that requires extra details for various account-related activity. 您可在此处与此处了解更多详情。本页主要介绍这种两步验证系统本身，以及我们对此系统的集成方案，即 ASF 两步验证（ASF 2FA）。

ASF 逻辑

Regardless if you use ASF 2FA or not, ASF includes proper logic and is fully aware of accounts protected by 2FA on Steam. 它将在有需要的时候（如登录时）向您请求所需的详细信息。 While you can manually provide that information, certain ASF functionalities (such as MatchActively) require ASF 2FA to be operative on your bot account, which can automatically respond to 2FA prompts, automatically, whenever required by ASF.

ASF 两步验证

ASF 2FA 是为 ASF 进程提供 2FA 特性支持的内部模块，包括生成令牌和确认交易。 It can work either in standalone mode, or by duplicating your existing authenticator details (so that you can use your current authenticator and ASF 2FA at the same time).

您可以执行 2fa 命令来验证机器人帐户是否已经启用 ASF 2FA。 Without setting up ASF 2FA, all standard 2fa commands will be non-operative, which means that your bot is unavailable for advanced ASF features that require the module to be operative.

建议

有多种方法使 ASF 2FA 正常工作，我们在此列出根据您当前情况提供的建议：

If you're already using unofficial third-party app that allows you to extract 2FA details with ease, just import those to ASF.
如果您正在使用官方应用，并且不在意是否重置 2FA 凭据，则最好的方式是禁用 2FA，然后通过联合身份验证器来创建新的 2FA 凭据，这将允许您同时使用官方应用和 ASF 2FA。 This method doesn't require root or advanced knowledge, barely following instructions written here, and is arguably superior for this scenario.
如果您正在使用官方应用，并且不想重新创建您的 2FA 凭据，则您的选项是非常有限的，通常您需要 root 环境，以及一些额外操作来导入信息，甚至某些情况下是完全不可能做到的。
If you're not using 2FA yet and don't care, we recommend you to use ASF 2FA with standalone authenticator or joint authenticator with official app (same as above).

我们将在下面讨论所有可能的选项和已知的方法。

创建

ASF comes with an official MobileAuthenticator plugin that further extends ASF 2FA, allowing you to link a completely new 2FA authenticator. 这是为了以防万一您不能或不愿意使用其他工具，并且不介意以 ASF 2FA 作为您的主验证器（可能也是唯一的验证器）。 Creation process is also used in joint-authenticator method, naturally in this scenario your authenticator can co-exist in two places at once - both will generate the same codes and both will be able to confirm the same confirmations.

所有场景下的相同步骤

No matter if you plan to use ASF as the standalone or joint authenticator, you need to do those initialization steps:

为目标帐户创建 ASF 机器人，启动它并登录，您可能已经这样做过了。
Assign a working and operational phone number to the account here to be used by the bot. This will allow you to receive SMS code and allow recovery if needed. This step is not mandatory in all scenarios, however, we recommend it unless you know what you're doing.
确保帐户上没有绑定 2FA，如果有，请先禁用。 This will put your account on temporary trade-hold, there is no way around it, only import process can skip it.
执行 2fainit [Bot] 命令，其中的 [Bot] 应替换为您指定机器人的名字。

假设您得到了成功的回复，就会发生以下两件事：

ASF 会在 config 文件夹下生成一份新的 <Bot>.maFile.PENDING 文件。
Steam 会向您绑定的手机号码发送一条短信。如果您没有设置手机号码，则会向您的帐户邮箱发送一封电子邮件。

此时验证器还不能正常工作，但如果您愿意，可以看看生成的文件。如果您希望获得双保险，可以在这时就记下恢复码。接下来的步骤取决于您选择的场景。

独立身份验证器

If you want to use ASF as your main (or even only) authenticator, now you need to do the final finalization step:

执行 2fafinalize [Bot] <ActivationCode> 命令，其中的 [Bot] 应替换为您指定机器人的名字，<ActivationCode> 应替换为您在之前步骤中通过短信或邮件收到的代码。

联合身份验证器

If you want to have the same authenticator in both ASF and the official Steam mobile app, now you need to do the next, more tricky steps:

Ignore the SMS or e-mail code that you've received in the previous step.
如果您尚未安装 Steam 手机应用，请安装并打开它。前往 Steam 令牌页面，并按照应用的提示添加一个新的身份验证器。
在手机应用中添加身份验证器并可以正常使用后，回到 ASF。 Now, instead of finalization, we only need to inform ASF that mobile app already activated our previously-generated details:

Wait until the next 2FA code is shown in the Steam mobile app, and use the command 2fafinalized [Bot] <2FACodeFromApp> replacing [Bot] with your bot's name and <2FACodeFromApp> with the code you currently see in the Steam mobile app. If the code generated by ASF and the code you provided are equal, ASF will assume that an authenticator was added correctly and proceed with importing your newly created authenticator.
我们强烈推荐您使用上面的方法来确保凭据信息是有效的。然而，如果您不想或不能检查二者的代码是否相同，并且您清楚自己要做什么，您可以改用 2fafinalizedforce [Bot] 命令，其中 [Bot] 应替换为您的机器人名字。 ASF 会认为已经正确添加身份验证器，并继续导入您新建的验证器。

完成之后

假设一切都正常工作，之前生成的 <Bot>.maFile.PENDING 会被重命名为 <Bot>.maFile.NEW。这表示您的 2FA 凭据现在是有效并正常工作的。我们建议您复制一份文件，保存在安全的位置。 In addition to that, if you've decided to use standalone authenticator, then we recommend you to open the file in your editor of choice and write down the revocation_code, which will allow you to, as the name implies, revoke the authenticator in case you lose it. In joint-authenticator method, you should've already done that in Steam mobile app, but feel free to do the same in case you need to.

In regards to technical details, the generated maFile includes all details that we've received from the Steam server during linking the authenticator, and in addition to that, the device_id field, which may be needed for other (third-party) authenticators, if you ever decide to import that maFile into them.

一旦完成上述流程，ASF 就会自动导入您的验证器，因此，2fa 等相关命令此时应该已经对您绑定的机器人生效。 We recommend you to verify that.

导入

导入过程需要您已拥有且绑定了受 ASF 支持的可用验证器。 We have instructions for a few different official and unofficial sources of 2FA, on top of manual method which allows you to provide required credentials yourself. Please note that those instructions should be used only if you're already using given solution - since process here involves third-party apps and tools, we do not recommend using them, and we're mentioning it exclusively for people that already decided to use them and would like to import generated details into ASF 2FA.

以下所有指南都需要您在指定的工具/应用中已有正常工作的验证器。如果导入了无效数据，ASF 2FA 将无法正常运行，因此在尝试导入之前，请确保您的验证器正常工作。这包括测试和验证以下验证器功能是否正常工作：

您可以生成令牌，并且 Steam 网络接受这些令牌
您可以获取交易确认，并且您的手机验证器也可以收到这些确认
You can react to those confirmations, and they're properly recognized by Steam network as confirmed/rejected

Ensure that your authenticator works by checking if above actions work - if they don't, then they won't work in ASF either.

Android 手机

In general for importing authenticator from your Android phone you will need root access. 下面的步骤要求您对 Android 刷机领域有一定程度的了解，我们显然不会详细解释每一步，您可以访问 XDA 或其他网站获取更多信息和帮助。

Assuming you have official Steam app working and operational (requires rooting your device):

安装 Magisk 并在设置中启用 Zygisk。
为 Zygisk 安装 LSPosed，并确保它能正常工作。
安装 SteamGuardExtractor LSPosed 模块，并在 LSPosed 设置中启用。
强制退出 Steam 应用，然后重新打开，此时应该会弹出一个包含提取信息的窗口，点击复制。

现在您已成功提取所需信息，可以禁用模块以免每次都会弹窗，提取您要添加到 ASF 2FA 的帐户信息后，复制该帐户 shared_secret 和 identity_secret 的值到一个空的文本文件中，其格式为：

{
  "shared_secret": "STRING",
  "identity_secret": "STRING"
}

用提取出来的对应私钥值替换其中的 STRING。完成这一步之后，将此文件重命名为 BotName.maFile，其中 BotName 是您需要导入 ASF 2FA 的机器人名称，然后，将它放到 ASF 的config 文件夹内。

Launch ASF, which should notice your file and import it. Assuming that you've imported the correct file with valid secrets, everything should work properly, which you can verify by using 2fa commands. 如果您不小心做错了，也可以随时删除 Bot.db 文件以重新开始这个过程。

SteamDesktopAuthenticator

如果您已有运行于 SDA 中的验证器，您应该已经注意到 maFiles 文件夹下有 steamID.maFile 文件。确保 maFile 是未加密形式，因为 ASF 无法解密 SDA 文件——未加密的文件内容应该以 { 符号开头，以 } 结尾。如果需要，您可以先在 SDA 设置中移除加密，然后在导入后重新启用。文件解密之后，将它复制到 ASF 的 config 文件夹。

现在您可以将 steamID.maFile 文件重命名为 BotName.maFile 并将其放入 ASF 配置文件夹，其中 BotName 是您需要导入 ASF 2FA 的机器人名称。或者，您可以将其保持原样，ASF 将会在登录帐户后自动选择此文件。如果您在这一步帮助 ASF 重命名，ASF 就可以在登录之前使用 ASF 2FA，否则，ASF 就只能在成功登录之后导入文件（因为 ASF 在登录之前无法获取您帐户的 steamID）。

Launch ASF, which should notice your file and import it. Assuming that you've imported the correct file with valid secrets, everything should work properly, which you can verify by using 2fa commands. 如果您不小心做错了，也可以随时删除 Bot.db 文件以重新开始这个过程。

WinAuth

首先在 ASF 的配置文件夹内新建一个空的 BotName.maFile 文件，其中 BotName 是您需要导入 ASF 2FA 的机器人名称。如果您提供的文件名错误，ASF 将无法识别它。

现在像平常一样启动 WinAuth。右键单击 Steam 图标，选择“Show SteamGuard and Recovery Code”。然后勾选“Allow copy”。您应该能在窗口底部找到熟悉的以 { 开头的 JSON 结构。将完整文本复制到上一步创建的 BotName.maFile 文件中。

Launch ASF, which should notice your file and import it. Assuming that you've imported the correct file with valid secrets, everything should work properly, which you can verify by using 2fa commands. 如果您不小心做错了，也可以随时删除 Bot.db 文件以重新开始这个过程。

Manual

如果您是高级用户，也可以手动生成 maFile。如果您希望从上述其他来源导入验证器，则可能需要这样做。它的有效 JSON 结构如下：

{
  "shared_secret": "STRING",
  "identity_secret": "STRING"
}

标准的身份验证器数据含有更多字段——在导入过程中，ASF 会完全忽略这些字段，因为 ASF 不需要它们。 You don't need to remove them - ASF only requires valid JSON with 2 mandatory fields described above, and will ignore additional fields (if any). 当然，您需要将上述示例中的 STRING 占位符替换为与您的帐号关联的实际内容。每个 STRING 都应该是构成对应私钥的字节的 Base64 编码形式。

常见问题

ASF 的两步验证模块的作用是？

如果 ASF 2FA 可用，ASF 将会使用它来自动确认 ASF 所发送/接受的交易报价。它还能够在需要时自动生成两步验证令牌，例如在登录时。除此之外，拥有 ASF 2FA 也会为您启用 2fa 命令。

How can I obtain 2FA token?

您需要两步验证令牌才能访问受两步验证保护的帐户，这也包括启用了 ASF 2FA 的帐户。 If you've decided to use standalone authenticator, then you should use 2fa <BotNames> command to generate temporary token for given bot instances. In all other scenarios, we recommend to use original authenticator that you've used, although you can use the command as well if it's more convenient to you.

将验证器导入 ASF 2FA 之后，我原来的验证器还能用吗？

是的，您原有的验证器会保留所有功能，并且可以与 ASF 2FA 一起使用。 Keep in mind however that if you invalidate it through any method, then linked ASF 2FA credentials will also no longer be valid.

如何移除 ASF 2FA？

只需要关闭 ASF 并移除指定机器人的 BotName.db 文件。 This option will remove associated imported 2FA with ASF, but will NOT invalidate (unlink) your authenticator. If you instead want to invalidate your authenticator, apart from removing it from ASF (firstly), you should unlink it in original authenticator of your choice. If you can't do that for some reason, for example because you're using ASF 2FA in standalone mode, then use revocation code that you've received during setup, on the Steam website. It's not possible to invalidate your authenticator through ASF.

I linked authenticator in third-party app, then imported to ASF. Can I now link it again on my phone?

不。 Doing so will invalidate the previously imported credentials and your ASF 2FA will stop functioning (by generating codes no longer being accepted by Steam). Firstly decide where you want to have your original or third-party authenticator located, then import it as ASF 2FA.

Is using ASF 2FA better than third-party authenticator set to accept all confirmations?

从几个方面来说，是的。第一点也是最重要的一点——使用 ASF 2FA 会显著增强安全性，因为 ASF 2FA 模块会确保 ASF 只自动接受它自己的确认，所以即使攻击者向您发送了有害的交易请求，ASF 2FA 也不会接受此交易，因为它并非来自 ASF。 In addition to security part, using ASF 2FA also brings performance/optimization benefits, as ASF 2FA fetches and accepts confirmations immediately after they're generated, and only then, as opposed to inefficient polling for confirmations each X minutes which is achieved by other solutions. There is no reason to use third-party authenticator over ASF 2FA, if you plan on automating confirmations generated by ASF - that's exactly what ASF 2FA is for, and using it does not conflict with you confirming everything else in authenticator of your choice. We strongly recommend to use ASF 2FA for entire ASF activity.