Google Authentication for 2 Factor Authentication
I would love to be able to have the option for Google Authentication to be integrated into your current 2-Factor Authentication system. Hypothetically, if I were to misplace or brake my phone, it would take some time for me to be able get a new device in which time I would not be able to reenter my Twitch account. I mod for channels, work with creators and would feel awful if I was not able to continue supporting and working for them as I do.
It was also just be an ease of access thing, where I have all of my current 2F Authentication already with Google Authentication, so as this isn't necessarily an essential facet to this system, it would be a nice addition to this system.
Exciting news friends!
This is live! We are excited to announce that you can now use whatever 2fa authenticator you would like!
Twitter announcement: https://twitter.com/TwitchSupport/status/1330979700680904704
and if you have questions please read through our new help article here: https://help.twitch.tv/s/article/two-factor-authentication?language=en_US
-
Divus commented
ps: if you are really worried about our security give us at last some basic f2a by email,
there are rfc 6238 f2a apps for every device, but not for authy, i really dont get why you insist on authy. -
Divus commented
i have a similar wish -> https://twitch.uservoice.com/forums/297558-general/suggestions/14373747-please-support-rfc-6238
and warren, you can provide both, most user allready use a standard f2a app like google oder microsoft authenticator, authy can handle standard f2a on multiple devices, you can promote authy but let users decide if they want use it or stay with the app they have.
i dont like to have multiple apps for one thing, please support standard f2a... -
Markus Birth (mbirth) commented
The reason it's called "2 Factor Authentication" is that you need a second factor (e.g. another device) for authentication. If you keep your password AND your 2nd factor both in your browser (e.g. browser password store + Authy extension), it's easy for any malicious software to fetch both.
Also, the second factor should NEVER - in any form - leave the device it's on. That's why you can setup new tokens in Google Authenticator, but can't export them. It's a security feature, not a shortcoming.
-
Michael Turner commented
@Warren I did not receive the text to install Authy until five minutes ago. My apologize and thank you so much for your insight! Much appreciated :)
-
AdminWarren (Product Manager, Twitch) commented
One of the reasons why we went with Authy instead of Google Authenticator is because of the exact situation you described. Did you know Authy has a chrome plugin? With Authy, you can install it on any of your devices, including your computer with a Chrome browser.
Also, any of the other apps you have on your Google Authenticator can be easily switched to Authy as it can support any apps that use Google Authenticator 2 Factor Authentication.
-
Brant commented
I agree. 2F Authentication with Google Authentication would be a good idea. It's nice to have options.