Google Authentication for 2 Factor Authentication
I would love to be able to have the option for Google Authentication to be integrated into your current 2-Factor Authentication system. Hypothetically, if I were to misplace or brake my phone, it would take some time for me to be able get a new device in which time I would not be able to reenter my Twitch account. I mod for channels, work with creators and would feel awful if I was not able to continue supporting and working for them as I do.
It was also just be an ease of access thing, where I have all of my current 2F Authentication already with Google Authentication, so as this isn't necessarily an essential facet to this system, it would be a nice addition to this system.
Or literally anything other than Authy. I hate having multiple 2FA apps on my phone. I use MSFT authenticator for 95% of my accounts except for Steam, Twitch, and my work account that requires some app nobody’s heard of. I’d prefer to use MSFT authenticator for Twitch instead of having Authy for just the one account. Ridiculous.
They aren't going to do anything regarding this, and I doubt they have even read this thread. Here's a medium article explaining how to set Twitch's 2FA for other TOTP apps.
Ridiculous, I don't want to use phone or authy. I have other apps that can consume 2FA tokens. It's not hard to support other apps.
It's been 4 years and NOTHING. Twitch please stop using an insecure, clunky method of 2FA and start using proven-secure 2FA industry standards.
Just +1'ing this idea. Don't care which authenticator (MSFT, Google...etc). I'm just a big fan of open security mechanisms.
After two months since I reported it to Twitch support they replied and direct me here...
$ years? OMG! Why twitch? Why no GA2FA?
And you still send me annoying mails that I logged on....just after sending me 2FAmail codes to the same e-mail address...
What logic is this?
Here twitch, read it twice https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-epic-twitter-hack and review you SIM vs TOTP auth policy.
How idiotic is this? I spent a good 20 minutes digging through my account settings. I was positive that TOTP was such a basic integration into any website that the only explanation that I had for not being able to find it was simply user error and not, in fact, a mind boggingly anti-consumer and standards move on Twitch's part.
Here, Twitch. Imma break it down for you:
1) 2FA via SMS is a non-starter. SIM spoofing is too laughably simple.
2) Proprietary, closed source and cloud synchronized OTU services are a non starter. One time use codes are meant to be what you have, not what you know. Syncing codes to every device that you own is the LAST thing that a credential manager should offer to do.
3) I don't have a single online account with access to my finances that don't abide by these standards.
TLDR: No open standards from you == no money from me
I have already have TOTP and U2F/FIDO devices. Installing Authy is not an option. Since I cannot secure my account with open 2FA standards used by the rest of the Internet, I do not feel confident in transacting money through Twitch to support my friends who immigrated from Mixer.
Please Twitch, it's been 4 years.
It's CY2020. There is no excuse for excluding a user from utilizing a separate TOTP/2FA app.
Could we maybe change the title of this issue so it doesn't say Google? Standard TOTP for 2FA is what we want, it would result in the same win.
Let's make this happen!
Please get rid of the proprietary Authy 2FA.
Authy isn't that bad but standards existed for a reason, and people like to stick with some widely accepted and populate standards. Please bring TOTP defined in RFC 6238.
This is a great idea, and I feel like Twitch should implement this.
I have another account (besides this one) that I've been using for 5 years on Twitch that has 2FA enabled. I got locked out of it about 3 weeks ago and haven't been able to log back into my main account.
Twitch needs to get rid of Authy and 2FA and send the One Time Code by Email like how they do it with NEW created accounts.
It's 2020 after all this should have already been done, and since it has not been done, it needs to happen sooner than later.
Why am I forced to use Authy for my 2FA. I prefer to use DUO Authenticator, for my 2FA as I use it extensively in my work and home environments. Even a Yubikey would be acceptable. I am trying to remove all SMS based 2FA as it is proven insecure. Its 2020 Lets work to be open.
How is this STILL not a thing? TOTP and U2F are well established industry standards that don't require disclosing a private phone number.
How is this still not a thing? 2FA should work by scanning QR with any app like Google Authenticator, LastPass, Microsoft Authenticator, whatever... not just forced Authy.
BTW I've just requested Authy account deletion and I will stick just with SMS for twitch.
Lets stop calling it 'Google' authenticator
as then it becomes a stupid brand war. Get over yourselves, aspire to be decent.
What we want, what is required is TOTP so we can choose.
Not everyone is a complete dependent fool just because they are game enthusiasts and not everyone subscribes to the mass coopt of having data and security handled for us.
At least give the few people that care an option to opt-out and generate their own codes.
For shame. SHAME.
Using a proprietary standard like Authy instead of industry standard practices like TOTP is beyond unacceptable. This needs priority attention. But of course I'm sure Amazon/Twitch cut a swanky deal with Twilio to use exclusively Authy.