About forcing their app, while it's not necessary (you can use mail guard or extract the OTP key to run just the OTP generation); the improvements it makes to account security is top notch. I have a 2007 dated Steam account that had its username password combination leaked way back when i used the same username password combo everywhere. After setting up Steam Guard; I never had to change anything off of it. It used to just generate OTPs with its app; now it also shows where were login attempts made to your account, occasionally I get "yo this random fuck from China tried to login your account; is this you" notifications on my phone which i can pretty much ignore.
My old accounts on other platforms have really different stories, but on none of them i was able to call the account safe without changing its credientials at all.
About forcing their app, while it's not necessary (you can use mail guard or extract the OTP key to run just the OTP generation); the improvements it makes to account security is top notch. I have a 2007 dated Steam account that had its username password combination leaked way back when i used the same username password combo everywhere. After setting up Steam Guard; I never had to change anything off of it. It used to just generate OTPs with its app; now it also shows where were login attempts made to your account, occasionally I get "yo this random fuck from China tried to login your account; is this you" notifications on my phone which i can pretty much ignore.
My old accounts on other platforms have really different stories, but on none of them i was able to call the account safe without changing its credientials at all.