Skip to content
Translate Ideas and Comments
Choose language:
There was an error during translation

Account Management

This Forum concerns: Login, Connections and Password Resets

How it works:
  • Choose a relevant category for your idea and check to see if any other users have already submitted this suggestion before creating your own
  • Be clear with your suggestion, provide examples and solutions to the problem you are posing. Suggestions without actionable feedback may be closed without comment
  • Upvote existing ideas, as opposed to creating multiple similar requests
  • Be sure to share your suggestion with others to gain more support!
  • Note: Suggestions are not guarantees that we will take action on an idea. We will try our best to communicate why an idea may not work, but may not always be able to share that information.
  • Titles that are unclear or unnecessarily vulgar may be reworded to better reflect the request for ease of discovery


If you need help:
This forum is for ideas only. If you need help, please check out our help portal for tons of articles that may answer your questions. If you still need help, you can reach out to our support team in the help portal as well!

Appeals or commentary on suspension decisions, support requests, suggestions disparaging others, and non-constructive feedback will be closed without comment.



Account Management

Categories

JUMP TO ANOTHER FORUM

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

43 results found

  1. First of all, good job on implementing non-Authy, non-SMS 2FA!

    That being said, there's still a major hole in your 2FA implementation, and that's requiring a user to set up SMS authentication before they can set up other forms of 2FA. Unless I've missed something huge, whenever I try to set up 2FA on Twitch, I get directed to put in my phone number first. There's no prompt I can use to skip this step.

    This is completely counter to how a lot of other sites do 2FA, where SMS authentication is an option, not a requirement. You can completely…

    1,075 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Could we please move away from the Authy only 2FA implementation currently used and provide standard TOTP and QR codes?

    This would work much better for people who already have a stack of 2FA accounts in other solutions, remove reliance on a single application, fix issues with support (eg. Windows Phone), remove the need for a phone number (important for younger users I'd imagine) and generally increase flexibility and usability of 2FA for everyone by not locking us into a proprietary implementation.

    327 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. It would be really nice to use a usb device for 2auth (something like the yubikeys).

    202 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Also provide other options for 2FA apps not just Authy

    153 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. SMS as 2FA is well known to be the least secure of the methods available but still a better option than no 2FA at all, but I suggest an option to disable it as a fallback after having enabled Authy to lessen the security risks to the user account. You could learn from others mistakes such as Reddit's: https://arstechnica.com/information-technology/2018/08/password-breach-teaches-reddit-that-yes-phone-based-2fa-is-that-bad/

    113 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. In https://help.twitch.tv/s/article/two-factor-authentication?language=en_US#Emotes?tt_content=two_factor_emote_rewards&tt_medium=notification_center it says that "When you set up Two-Factor Authentication on your account, an Authy account is automatically created for you even if you choose to actively use an alternative authentication app. This means you can fill out Authy’s Phone Change Form and recover access to your account." I don't need you creating an Authy account behind my back. You have to give us the option to undo this.

    38 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Please Fix 2 fa so it works with all phones. I am currently having to find a work around because MY cell carrier is NOT supported. it is preventing me from getting my affiliate that is B.S. There should be another option to authenticate other than cell phone OR your system should just send a code out to what ever # i put in even if it is not on some list. this is crazy as my Number works for every other site on internet!

    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. I understand Twitch has recently allowed people to use other apps for means of authentication, but please allow users to use U2F/FIDO authentication, this is not only more secure but also very reliable. Having a U2F as primary with a TOTP as a backup is in my opinion the best method of security, given that Affiliate/Partner accounts hold alot of personal Tax information, I feel this fits more as it's such sensitive information.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. I already have 2FA. I do not want emails confirming a login, especially if it's from a known location. Please add an Unsubscribe option for this notice.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. I tried to use a password that is autogenerated by my password manager. Obviously I won't put that here, but another one generated by it is: "speed applause deceiver endpoint cash freckles polygraph mothball unsaid raffle vacant unmoved".
    This is apparently "not secure" and "too easy to guess". Instead I had to make it: "speed applause deceiver endpoint cash freckles polygraph mothball unsaid raffle vacant unmoved1!"

    Its worth pointing out that adding a password requirement of any kind besides length and restricting obvious dictionary sequences is well known (even by the US government via its most recent NIST standards) to…

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Requiring users to enter some code via sms every 30-days is just stupidity disguised as security theatre. These codes do nothing to further protect our data at-rest, nor do they validate identity. It's just another unnecessary hoop to jump through. If it wasn't a meaningless, pointless, futile exercise, you wouldn't have added a 30-day option to not-validate - you'd be validating with every new browser instance. We don't need another TSA in our lives.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. It is so hard to sign in when I do not have a cell phone number for this authy app anymore. Please change this for ppl. This is make it so difficult to stream now. Please go back to the old twitch where I can sign in with just my email please!

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. To have the possibility of not receiving gift subscriptions in any channel. Currently, you can deactivate the receipt of gift subscriptions in channels that you don't follow but not in the ones you do follow, would be good to have an option to deactivate this completely regardless of whether you are a follower or not.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Allot of different websites offer this feature, but, how about making it so that if you somehow in someway can't login to your account after reporting missing credentials, it will offer you the chance to send the email about (e.g resetting your password) to an email that you can access.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Recently a 19 year old got susspended on Twitch indefinitley for being under age, this is not ok. Twitch should be absolutley sure about ages and not have an auto bot ban users falsly.
    This idea is all about having an ID registered into the accounts when creating them, using the candidate number, date of birth, ect. Basically a debit card for paying for bits, but with an ID registering the person behind the account and also verifying their age. If the ID is renewed then Twitch should ask the user to update their details with the new ID.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Why do I have to use just SMS code login options when I went through the process of verifying my email. I should be able to chose SMS or email verification and if I'm trying to change my SMS code phone number why does it send a code to the phone number I'm trying to change? why not send a email to my already verified email. When I'm trying to disable 2FA why isn't there a option to disable it via email as well? Also if you no longer have your phone number you had when you made the account…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. When you sign up for a new account you are asked to input a one time code through email.

    Please implement the One Time Code for ALL, EXISITING & NEW accounts when logging in.

    Context: I do not have an active cell phone, I live in an area that does not receive SMS Text for the login code, therefore I can't use Authy either. I've been trying to log back into my account for about 3 weeks at this point with help from friends, but to no avail it didn't work.

    Conclusion: Please implement this into the login system, it…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Hello! I welcome the new Twitch guidelines and support people doing their own content, as long as it's labelled properly.

    Having said that, where I can see Twitch improve upon in terms of safety is something that Sony did a long time ago for PSN accounts: If you're under 18, your Twitch account has to be a mandatory supervised account by another Twitch account that's over 18. That way, anything M-rated and labelled with suggestive/sexual content could be forcefully filtered out for those supervised accounts and when the user turns 18, they get an option to remove said restrictions. It's…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Allowing users to complete the Affiliate Application by using their Paypal or another method that doesn't include sharing their SSN would be a major step privacy wise.

    If someone's SSN gets stolen, it can ruin them financially for years to come or even for life. This is why we are told never to share that number. Having a work around where we can file the taxes ourselves without having to give out our SSN to Twitch or Amazon would be beneficial to all involved and would help reduce the chances of people getting their SSN stolen.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. The password system in twitch has me put beyond disbelief. I have truly never experienced a more horrific security protocol; it is almost comparable to the password game, which was created as a joke. I would like to suggest some changes.

    1. scrap the existing system, unfixable.
    2. make a three character minimum; this is all that is necessary for actual security increase. People who take their privacy seriously will act accordingly.
    3. Allow special characters. It is genuinely baffling that as a company you made the conscious decision to decrease the amount of usable characters in a password.
    4. Get rid of whatever…
    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3
  • Don't see your idea?