The ridiculous password requirements need to stop. I will never remember my 20+ character password.
Twitch requires the most insane password strength I've ever seen. I've had accounts with banks, insurers, court systems and other state/federal government websites, and yours is the only one I will never remember. You're a streaming site. It's not like you're handing out nukes.
Literally all I (and millions of others) want to do is watch streamers and comment occasionally. If the security is this high for streamers, who have jobs and contracts surrounding twitch, then fine. But I think you'd make a lot of people happy by making two separate account types, with different levels of security measures. One for users who will stream, and ones for viewers that will never stream. The latter will be thankful you've made the change, I'm nowhere near the first person to complain, and it's a very stupid reason to lose viewers/users/potential paying customers etc.
"i agree". Your user management team clearly doing "stuff" and it's nice(?) that i had to link accounts with this "uservoice" service just to even make this comment.
Thus, your super tactical security ninjas know that even NIST is moving away from baroque password complexity rules: https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html
(yes, i'm a bit salty in this comment, but i just spent 15 minutes trying to set a password which i have no doubt i'll have to reset next time i have to log into twitch. )
I COMPLETELY agree with this. The password requirements need updated badly.
I'm just blown away by how difficult this has been made for users to create a pw and access your service. I'm never going to remember such a complex password and its frustrating trying to type random characters in each time I want to log in, typing new combos in over and over again until one is acceptable. So I just barely ever do it :/
Not a big fan of companies telling me that my password is not usable, it was 10 digit alpha numeric so are you Fn kidding me. Most of us don't want to have to write down some insane ******** password just for your website, just saying your Twitch not my bank!
Yeah The password is way to much. If I could have my password be something I know and not just bs on a word doc I'd be happy.
Wouldn't hurt to put the complete complexity rules at https://help.twitch.tv/s/article/creating-a-strong-password?language=en_US
beyond length. Just let people decide on what security they feel is sufficient and move on. If it's 'weak', just make the user aware (disclaimer) and move on. If Twitch is responsible enough maintaining secrets, having a guessable password shouldn't matter much with MFA.
"That password is too easy to guess." By all means, proceed and let me know once you have it.