Google Authentication for 2 Factor Authentication
I would love to be able to have the option for Google Authentication to be integrated into your current 2-Factor Authentication system. Hypothetically, if I were to misplace or brake my phone, it would take some time for me to be able get a new device in which time I would not be able to reenter my Twitch account. I mod for channels, work with creators and would feel awful if I was not able to continue supporting and working for them as I do.
It was also just be an ease of access thing, where I have all of my current 2F Authentication already with Google Authentication, so as this isn't necessarily an essential facet to this system, it would be a nice addition to this system.
Exciting news friends!
This is live! We are excited to announce that you can now use whatever 2fa authenticator you would like!
Twitter announcement: https://twitter.com/TwitchSupport/status/1330979700680904704
and if you have questions please read through our new help article here: https://help.twitch.tv/s/article/two-factor-authentication?language=en_US
79 commentsComments are closed
Still waiting on this. Simply inexcusable to have such a large platform, backed by Amazon no less, missing such a key security feature.
Can we please get this added? Amazon accounts have it...
It's insane that we can't use standard TOTP auth with any client/security device. Please enable it. Phone-based auth is insecure and I refuse to use it.
send my sms in my cellphone :) i cant enable 2FA
Or literally anything other than Authy. I hate having multiple 2FA apps on my phone. I use MSFT authenticator for 95% of my accounts except for Steam, Twitch, and my work account that requires some app nobody’s heard of. I’d prefer to use MSFT authenticator for Twitch instead of having Authy for just the one account. Ridiculous.
They aren't going to do anything regarding this, and I doubt they have even read this thread. Here's a medium article explaining how to set Twitch's 2FA for other TOTP apps.
Vote for the similar suggestion with the most votes: https://twitch.uservoice.com/forums/310228-account-management-e-g-login-connections-pass/suggestions/11498085-google-authentication-for-2-factor-authentication
Ridiculous, I don't want to use phone or authy. I have other apps that can consume 2FA tokens. It's not hard to support other apps.
It's been 4 years and NOTHING. Twitch please stop using an insecure, clunky method of 2FA and start using proven-secure 2FA industry standards.
Just +1'ing this idea. Don't care which authenticator (MSFT, Google...etc). I'm just a big fan of open security mechanisms.
After two months since I reported it to Twitch support they replied and direct me here...
$ years? OMG! Why twitch? Why no GA2FA?
And you still send me annoying mails that I logged on....just after sending me 2FAmail codes to the same e-mail address...
What logic is this?
Here twitch, read it twice https://krebsonsecurity.com/2020/07/whos-behind-wednesdays-epic-twitter-hack and review you SIM vs TOTP auth policy.
How idiotic is this? I spent a good 20 minutes digging through my account settings. I was positive that TOTP was such a basic integration into any website that the only explanation that I had for not being able to find it was simply user error and not, in fact, a mind boggingly anti-consumer and standards move on Twitch's part.
Here, Twitch. Imma break it down for you:
1) 2FA via SMS is a non-starter. SIM spoofing is too laughably simple.
2) Proprietary, closed source and cloud synchronized OTU services are a non starter. One time use codes are meant to be what you have, not what you know. Syncing codes to every device that you own is the LAST thing that a credential manager should offer to do.
3) I don't have a single online account with access to my finances that don't abide by these standards.
TLDR: No open standards from you == no money from me
I have already have TOTP and U2F/FIDO devices. Installing Authy is not an option. Since I cannot secure my account with open 2FA standards used by the rest of the Internet, I do not feel confident in transacting money through Twitch to support my friends who immigrated from Mixer.
Please Twitch, it's been 4 years.
It's CY2020. There is no excuse for excluding a user from utilizing a separate TOTP/2FA app.
Could we maybe change the title of this issue so it doesn't say Google? Standard TOTP for 2FA is what we want, it would result in the same win.
Let's make this happen!
Please get rid of the proprietary Authy 2FA.
Authy isn't that bad but standards existed for a reason, and people like to stick with some widely accepted and populate standards. Please bring TOTP defined in RFC 6238.