Google Authentication for 2 Factor Authentication
I would love to be able to have the option for Google Authentication to be integrated into your current 2-Factor Authentication system. Hypothetically, if I were to misplace or brake my phone, it would take some time for me to be able get a new device in which time I would not be able to reenter my Twitch account. I mod for channels, work with creators and would feel awful if I was not able to continue supporting and working for them as I do.
It was also just be an ease of access thing, where I have all of my current 2F Authentication already with Google Authentication, so as this isn't necessarily an essential facet to this system, it would be a nice addition to this system.
Exciting news friends!
This is live! We are excited to announce that you can now use whatever 2fa authenticator you would like!
Twitter announcement: https://twitter.com/TwitchSupport/status/1330979700680904704
and if you have questions please read through our new help article here: https://help.twitch.tv/s/article/two-factor-authentication?language=en_US
-
KellyClowers commented
Guys, why are you using some weird Authy-specific API? The mechanism to set up TOTP with a QR code is pretty well universal. You can use Authy, Google Authenticator, FreeOTP, LastPass and others. Just give us the dang QR code!
-
Haylee commented
On top of what Dustin said, it helps consolidate what could be dozens and dozens of multi-factors into one app, which is more convenient because all your second factors can be in one place on the device you're using and it also can help save storage space on phones and tablets that don't have much storage space. This also saves people the SMS expensives, and I do believe Authy doesn't allow for modifying the name or other identifying features, which are essential of it you have multiple accounts (Say one for you and one for a personal mod bot)
-
FerretBomb commented
TOTP would be the way to go here. Limiting it to Authy is shortsighted at best. Open standard versus requiring a single closed app (or SMS, possibly being served through Authy anyway) is frustrating. I already have an auth app that works for everything EXCEPT Twitch.
-
Julius Häger commented
Holy, how anti consumer can you be? This makes the whole idea of 2FA and security just a joke. People should be able to trust whichever 2FA app they want, if we are forced to use a single (probably sponsored) 2FA app then the trust the user has for the app/company has no part in it totally nullifying the reason to even have 2FA.
-
Dustin commented
Supporting an open OTP standard such as implemented by Google Authenticator would also allow use of MANY other OTP app options.
Additionally, this would allow us to add more security on top of that if we're using an OTP client that supports it, such as a YubiKey. With YubiKey authenticator you store your OTP settings on a hardware key, which you pair with the authenticator app to unlock the site-specific OTP.
So now you get true 'multi-factor authentication' instead of 'two-factor authentication'. You aren't tied into use of an application which exports your OTP settings to the cloud as a potential vector for attack (even if they are password protected.. this defeats the 'something you have' component as a strength point for MFA).
And... it's easier. I don't want to have several different OTP apps for various competitors who refuse to work with an open standard.
-
Dan Fiscus commented
For the love of god just support ALL 2FA APPS it's not that hard to figure out that's what the community wants. Authy is absolute trash and I have to use two 2fa apps because I refuse to put any of my other 2FA codes on it
-
Anonymous commented
Please use barcodes and let us choose which 2FA client we want to use.
-
Jeroen Heijster commented
"One of the reasons why we went with Authy instead of Google Authenticator is because of the exact situation you described. Did you know Authy has a chrome plugin? With Authy, you can install it on any of your devices, including your computer with a Chrome browser."
I don't want a third party to have access to all of my 2 factor authentication details in an environment I have no control over. Having a chrome plugin makes it even worse. If someone has that installed, all it takes is getting into the computer. Password manager has the login to Twitch, the plugin provides the "secure" token. The whole point of 2FA is that you don't have everything in one place.
I use an app on my phone which backs it up in an encrypted way which I can check for security issues. I have full control over my data. The only way I can get a token is by using that app and entering a pin.
-
ph1lt0r_and_lala commented
Please, please add this twitch. Authy is so, so bad.
-
Der commented
Google Auth so I can have one app run ALL my auth please... I shouldn't have to do a one-to-one site to app secure environment.
-
Jan commented
Why on Earth would you go with Authy only? Half the planet uses Google Authenticator, and the other half doesn't own a smartphone.
-
DQSeba commented
Ok, so instead of going the secure route, which isnt very convenient, Twitch has decided to go the convenient way, which in this case isn't very secure. Well done, lads..
-
lee commented
I have a Yubikey Neo, which works with the Yubico Authenticator app (on Android and on the desktop). It requires the same details as Google Authenticator - you provide it the shared secret, either manually or via a QR scan, and off you go. It has the advantage of requiring a physical token to see your current OTPs.
I would very much like to be able to add Twitch to this app. Authy does not have any support for Yubico hardware. As Joe said, I would also like to see a standardised TOTP implementation. -
Joe commented
I would also like to add my vote for giving us QR Codes (in the otpauth URI format: https://github.com/google/google-authenticator/wiki/Key-Uri-Format ) that can be used in any 2FA app that supports the standard, including Google Authenticator, Microsoft Authenticator, and others.
-
Fernando Paulino commented
I would like to use Microsoft Authenticator, my phone runs Windows Mobile 10... Authy doesn't run on Windows 10 Mobile... I apologize for being so direct but locking 2FA to a single app is plain STUPID. Provide a QR Code and let the users choose.
-
Mark commented
when are you guys going to support two factor with Google Authenticator?
-
Anonymous commented
Google Authenticator is open-source and would allow us to easily set up two-factor authentication without a phone number.
-
Rich commented
I already have several account through Google Authenticator. Is there a way to set it by manual entry through G Auth? I'm not going to download a second app.
-
Brad Zacher commented
i don't quite understand why you'd lock your users to a specific service for 2FA.
why not just provide the QR code to enable it in the app of the user's choice, then suggest authy?
or if you are contractually obligated to use authy... setup with authy *then* give the user the QR code option if they go look in the settings...
-
Toad King commented
It would be awesome if the authentication was done via TOTP so we could use any 2FA client we want instead of having to use yet another one. I use Authenticator Plus and I won't want to download yet another authenticator application just for Twitch.