Two-factor authentication: allow us to use Google Authenticator
Google Authenticator is open-source and would allow us to easily set up two-factor authentication without a phone number.
I live in a cellphone dead zone. So its not ideal to require my cell phone for authentication.
I'm surprised after so many years we still don't have any new options, especially with how much they are pushing security for your twitch account.
One day we can dream
Please add this.
Not supporting google auth is literal cancer.
up vote. don't wanna use an app which only used for twitch rather than twitch itself.
Zodo Turtle commented
Short statement. I'm with these guys. Please, Use the open standard TOTP.
Please Allow us to Google Authenticator. This will simplify things instead of having multiple apps on the phone. No phone can't get in.
Still waiting on this to be a proper thing. This needs to happen. I do not want 10 different authenticators when I can have one.
Why does twitch not allow the scanning of QR codes to allow choice in 2FA apps? I myself prefer an open source android app, but every other service I use allow you choice by giving QR codes or some other method to choose.
Andreas Ebbert-Karroum commented
I just enabled 2FA and was kind of shocked to be forced to use some proprietary technology instead of open standards for security.
Not having Google Auth is frustrating and I know that one day I'll end up locked out of my account for a few hours or a day when I don't have cell service for whatever reason. Frustrating to be forced to use authy.
Kevin Palembas commented
Seriously, this was suggested over a year ago and still hasn't been implemented? Do you even care about the wants and needs of your viewers and streamers AT ALL?
On top of what Dustin said, it helps consolidate what could be dozens and dozens of multi-factors into one app, which is more convenient because all your second factors can be in one place on the device you're using and it also can help save storage space on phones and tablets that don't have much storage space. This also saves people the SMS expensives, and I do believe Authy doesn't allow for modifying the name or other identifying features, which are essential of it you have multiple accounts (Say one for you and one for a personal mod bot)
Supporting an open OTP standard such as implemented by Google Authenticator would also allow use of MANY other OTP app options.
Additionally, this would allow us to add more security on top of that if we're using an OTP client that supports it, such as a YubiKey. With YubiKey authenticator you store your OTP settings on a hardware key, which you pair with the authenticator app to unlock the site-specific OTP.
So now you get true 'multi-factor authentication' instead of 'two-factor authentication'. You aren't tied into use of an application which exports your OTP settings to the cloud as a potential vector for attack (even if they are password protected.. this defeats the 'something you have' component as a strength point for MFA).
And... it's easier. I don't want to have several different OTP apps for various competitors who refuse to work with an open standard.