-
Google Authentication for 2 Factor Authentication
I would love to be able to have the option for Google Authentication to be integrated into your current 2-Factor Authentication system. Hypothetically, if I were to misplace or brake my phone, it would take some time for me to be able get a new device in which time I would not be able to reenter my Twitch account. I mod for channels, work with creators and would feel awful if I was not able to continue supporting and working for them as I do.
It was also just be an ease of access thing, where I have all of…
359 votes -
Open standard 2FA with QR codes
Could we please move away from the Authy only 2FA implementation currently used and provide standard TOTP and QR codes?
This would work much better for people who already have a stack of 2FA accounts in other solutions, remove reliance on a single application, fix issues with support (eg. Windows Phone), remove the need for a phone number (important for younger users I'd imagine) and generally increase flexibility and usability of 2FA for everyone by not locking us into a proprietary implementation.
39 votes -
add the ability to use a Yubikey or other kinds of usb 2auth devices
It would be really nice to use a usb device for 2auth (something like the yubikeys).
21 votes -
2FA status in users endpoint (when authing as the user)
We third party dev's often build tools that assist with moderation actions/services for broadcasters.
We tell Moderators to enable 2FA, but we have no way to check it.
It would be useful to block Logins to our tool if 2FA is not enabled. But 2FA data is not surfaced in the API and there's no way to require a User to be 2FA during the login/oAuth loop.
I'd like to see the users endpoint(s) provide 2FA status.
I expect this to be behind the user read or openID scopes.openID allows email verified. Why not 2fa status (for example)
Worth…
10 votes -
An option to disable SMS authentication fallback after enabling Authy.
SMS as 2FA is well known to be the least secure of the methods available but still a better option than no 2FA at all, but I suggest an option to disable it as a fallback after having enabled Authy to lessen the security risks to the user account. You could learn from others mistakes such as Reddit's: https://arstechnica.com/information-technology/2018/08/password-breach-teaches-reddit-that-yes-phone-based-2fa-is-that-bad/
3 votes -
Provide backup codes for 2FA
Also provide other options for 2FA apps not just Authy
3 votes -
Your TFA requires a phone.
the need to use other time based 2FA without the need of a SMS capable phone to use. Many sites now uses 2FA and a single platform to build it around doesn't make sense.
please use a open system
2 votes -
Fix the random logging-out bug on iOS
The iOS app has this annoying habit of logging me out of the app seemingly at random, and with no input at all on any other device. This is very disruptive as I have 2FA set up on my account, and to log in I have to both provide my password and an auth code that may/may not be easy to get to depending on whether I have my auth code generator to hand.
The iOS app never used to randomly log out, so the question is why is it doing it now. I'm aware of the "30 days" feature…
1 vote
- Don't see your idea?