Translate Ideas and Comments
Choose language:
There was an error during translation
← Account Management: e.g., Login, Connections, Password Reset

How can we improve the account management experience?

Account Management: e.g., Login, Connections, Password Reset: 2FA

Categories

JUMP TO ANOTHER FORUM

(thinking…)

Open standard 2FA with QR codes

Could we please move away from the Authy only 2FA implementation currently used and provide standard TOTP and QR codes?

This would work much better for people who already have a stack of 2FA accounts in other solutions, remove reliance on a single application, fix issues with support (eg. Windows Phone), remove the need for a phone number (important for younger users I'd imagine) and generally increase flexibility and usability of 2FA for everyone by not locking us into a proprietary implementation.
209 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Line_Noise shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

16 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Soullfire commented  ·   ·  Flag as inappropriate

    I'd like to warn everyone with my experience around this. Even though Twitch now allows you to use other authenticators, you CANNOT DELETE your Authy account that they created for you. It will result in you no longer receiving valid 2FA codes in whichever other app you chose to use. Twitch Support will not help you get back into your account.
  • factualspin commented  ·   ·  Flag as inappropriate

    Since the idea with Uservoice is to gather as many votes as possible on one suggestion, maybe those who voted for this should move their votes over to the one linked below as it has way more votes? I know it only asks for support for Google Authenticator but supporting GA would at least mean support for standard 2FA which can be used with your choice of 2FA app instead of being forced to use Authy.

    https://twitch.uservoice.com/forums/310228-account-management-e-g-login-connections-pass/suggestions/11498085-google-authentication-for-2-factor-authentication
  • letmeseeyourcakeface commented  ·   ·  Flag as inappropriate

    I have already have TOTP and U2F/FIDO devices. Installing Authy is not an option. Since I cannot secure my account with open 2FA standards used by the rest of the Internet, I do not feel confident in transacting money through Twitch to support my friends who immigrated from Mixer.
  • mulrich88 commented  ·   ·  Flag as inappropriate

    Seeing as Twitch is literally the only reason I even have an account with Authy, and their app on my phone, I indeed support this. I'd like to just be able to use Google's Authentication.

    I mean, even the main Amazon site allows me to do that.
  • joasegovia9427 commented  ·   ·  Flag as inappropriate

    Hi, my name is Joaquin an im a user of Twitch by web site, iPhone app and a Android TV app. My problem is when i get out some days from Android TV, my session expires, so when i try to login again, a message showsn that i have to enter in a website and activate de code on screen, but i dont have a pc nearby which i was log in to activate the code... and i dont have log in on iphone web browsers neither. So, it could be fixed by extendind Android TV session as lons as iPhone app session (infinite) or well provide a option on iPhone app whitch allow to scan a QR code in the AndroidTV app show. It will be so much easer to login in AndroidTV with my iPhone app account in a safe way. I believe you have to reach with the developing sofware team. If any part of this message doesn’t undestend, im able to be contacted by mail or skype to explan better to a sofware engeering or a product designer... i hope that new feature to log in safer and easily soon. Thanks you so much.
  • walkendead_ commented  ·   ·  Flag as inappropriate

    Absolutely. TOTP would let people use applications they already trust, like Google Authenticator. If they use password managers that support TOTP like 1Password, they don't have to use two applications to authenticate. Using non-standard 2FA makes users more dependent on your third-party provider, a relative nonentity who seems to think association with cryptocurrencies makes them look more trustworthy and not dodgy af. (In its most charitable reading, this calls their marketing competence into question.)

    I tend to use 2FA everywhere, but honestly, I'm concerned that Authy, in particular, makes me less secure than 1FA using a long, unique password from my password manager. It gives me new risks to manage, and no real information to help me quantify that risk. (The guilt-by-association wrt cryptocurrencies is suggestive and concerning; nothing is objective and mitigating.)

    I'm staying away from your 2FA solution for those reasons. Use standard TOTP, let me choose my provider, and I'm on it like a shot. (Or add FIDO/U2F so I can use my Yubikey.)
  • C18H26CIN3O_Zn commented  ·   ·  Flag as inappropriate

    I recently had to deal with Authy's terrible customer service. One week in, and my case is still ongoing. I really hope that Twitch can ditch these clowns and use the standard TOTP method for two factor authentication. Or at least allow it in place of Authy.