add the ability to use a Yubikey or other kinds of usb 2auth devices
It would be really nice to use a usb device for 2auth (something like the yubikeys).
I am finding that some major companies, such as Google, are even going so far as to allowing its users to go passwordless simply by using said Yubikey (FIDO2 Keys) and biometric scans (such Face ID or fingerprint authentication.) I definitely fully support the use of this for multi-factor authentication (MFA) or going passwordless on Twitch.
Security keys should be integrated as standard these days. Yubikey or comparable manufacturers in particular should be compatible with such a large platform as Twitch. If AWS allows this, why isn't it also the case here on Twitch?
I have google titan keys and I definitely would like to see this option.
Please add support for using one or more hardware U2F tokens for 2FA, e.g. Yubikey, Solokeys, etc. devices. Please also add this as a stand-alone 2FA option that does *not* require a mobile phone or other authentication application if possible.
Please add the ability to use U2F or FIDO/FIDO2 authentication methods for use with the Yubikey security keys. At least enable manual TOTP creation for use with other TOTP clients.
Rob Frawley 2nd commented
Right now 2-step-auth on Twitch is such a minimal implementation, only supporting SMS codes (insecure) and Authy integration only. Why can't I at least see a bar-code with my 2-step-auth key so applications outside of Authy can be used, like Google Authenticator. Displaying the 2-step-auth key barcode at setup would even allow the use of OATH-TOTP codes using security keys like the YubiKey 4 and 5.
But ultimately, as has already been described by the many others commenting in this suggestion thread, it is important that full support for security keys is ultimately added. At a minimum you need to support "FIDO U2F/UAF" (https://en.wikipedia.org/wiki/Universal_2nd_Factor), but it would also be beneficial to support the newer "FIDO 2 UAF/U2F, WebAuthn, CTAP" standard (https://fidoalliance.org/fido2/)
The security improvements if this was implemented would be major. 2FA is a good step for most attacks, but U2F is more convenient and secure.
In addition to the benefits of U2F on its own, allowing people to add multiple 2FA options (code generator app + one or more U2F keys) reduces the chance of account lockouts.
Would be really useful for full-time streamers who would suffer significantly from having a compromised account.
I'd higly like to see the possibility of having U2F or at least hardware supported OTP as a possibility of 2FA