Open standard 2FA with QR codes
Could we please move away from the Authy only 2FA implementation currently used and provide standard TOTP and QR codes?
This would work much better for people who already have a stack of 2FA accounts in other solutions, remove reliance on a single application, fix issues with support (eg. Windows Phone), remove the need for a phone number (important for younger users I'd imagine) and generally increase flexibility and usability of 2FA for everyone by not locking us into a proprietary implementation.
Line_Noise
shared this idea
9 comments
-
Soullfire
commented
I'd like to warn everyone with my experience around this. Even though Twitch now allows you to use other authenticators, you CANNOT DELETE your Authy account that they created for you. It will result in you no longer receiving valid 2FA codes in whichever other app you chose to use. Twitch Support will not help you get back into your account.
-
AlexWayfer
commented
Now it's here: https://help.twitch.tv/s/article/two-factor-authentication?language=en_US
(I've got an email)
-
factualspin
commented
Since the idea with Uservoice is to gather as many votes as possible on one suggestion, maybe those who voted for this should move their votes over to the one linked below as it has way more votes? I know it only asks for support for Google Authenticator but supporting GA would at least mean support for standard 2FA which can be used with your choice of 2FA app instead of being forced to use Authy.
-
letmeseeyourcakeface
commented
I have already have TOTP and U2F/FIDO devices. Installing Authy is not an option. Since I cannot secure my account with open 2FA standards used by the rest of the Internet, I do not feel confident in transacting money through Twitch to support my friends who immigrated from Mixer.
-
mulrich88
commented
Seeing as Twitch is literally the only reason I even have an account with Authy, and their app on my phone, I indeed support this. I'd like to just be able to use Google's Authentication.
I mean, even the main Amazon site allows me to do that.
-
walkendead_
commented
Absolutely. TOTP would let people use applications they already trust, like Google Authenticator. If they use password managers that support TOTP like 1Password, they don't have to use two applications to authenticate. Using non-standard 2FA makes users more dependent on your third-party provider, a relative nonentity who seems to think association with cryptocurrencies makes them look more trustworthy and not dodgy af. (In its most charitable reading, this calls their marketing competence into question.)
I tend to use 2FA everywhere, but honestly, I'm concerned that Authy, in particular, makes me less secure than 1FA using a long, unique password from my password manager. It gives me new risks to manage, and no real information to help me quantify that risk. (The guilt-by-association wrt cryptocurrencies is suggestive and concerning; nothing is objective and mitigating.)
I'm staying away from your 2FA solution for those reasons. Use standard TOTP, let me choose my provider, and I'm on it like a shot. (Or add FIDO/U2F so I can use my Yubikey.)
-
C18H26CIN3O_Zn
commented
I recently had to deal with Authy's terrible customer service. One week in, and my case is still ongoing. I really hope that Twitch can ditch these clowns and use the standard TOTP method for two factor authentication. Or at least allow it in place of Authy.
-
Divus
commented
+3 and please vote for the similar wishes too:
https://twitch.uservoice.com/forums/297558-general/suggestions/14373747-please-support-rfc-6238
-
Hibame
commented
I'd give all my votes to this if I could give more then 3.