password requirements
The password requirements are truly insane for the average user. I shouldn't need a password so secure that it'd take years to *****, I need a password I can remember. This is a streaming site.
If a streamer wants a super secure password, they can make that themselves, but imposing insane guidelines on people who just want to follow a few people is super annoying.
-
SylveonTheYandere commented
Stop making us use random letters and numbers and characters to "protect" our accounts. BE NORMAL AND NOT STUPID. You're just ******* people off and pushing them away from your platform while hackers still get in fine.
-
snneye commented
Really nice not being able to use any of the passwords I've tried creating for this site. I followed the guidelines you presented, but each time it told me my password was too easy to guess and wouldn't let me use it. I could understand if it didn't land under the requirements such as minimum characters, at least 1 special, number, and uppercase character, but it met those. It's unclear if dictionary words are allowed because you say not to use them, but you offer LastPass or 1Password as examples. Those aren't accepted by the way.
-
metaRidori commented
Please fix this stupid ****.
-
larsgottlieb commented
I'm resetting my password, and entering 40 characters randomly selected from a more than 200 characters long string of letters, numbers, signs and old norse runes.
The response? Unacceptable! This is too easy to guess! -
growdichotomously commented
you should use a pw manager either way.
-
shujin51 commented
know what i did? I just entered a whole fucking sentence. A sentence which has something to do with ranting.....
-
one80to250 commented
"i agree". Your user management team clearly doing "stuff" and it's nice(?) that i had to link accounts with this "uservoice" service just to even make this comment.
Thus, your super tactical security ninjas know that even NIST is moving away from baroque password complexity rules: https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html
(yes, i'm a bit salty in this comment, but i just spent 15 minutes trying to set a password which i have no doubt i'll have to reset next time i have to log into twitch. )
-
blindsword11 commented
I COMPLETELY agree with this. The password requirements need updated badly.
-
starfox99705 commented
I'm just blown away by how difficult this has been made for users to create a pw and access your service. I'm never going to remember such a complex password and its frustrating trying to type random characters in each time I want to log in, typing new combos in over and over again until one is acceptable. So I just barely ever do it :/
-
INC3NSUS commented
Not a big fan of companies telling me that my password is not usable, it was 10 digit alpha numeric so are you Fn kidding me. Most of us don't want to have to write down some insane ******** password just for your website, just saying your Twitch not my bank!
-
Wolf3112 commented
Yeah The password is way to much. If I could have my password be something I know and not just bs on a word doc I'd be happy.
-
onehalfninja commented
I literally gave up on two occasions but my son bugged me enough to see it though. If you are trying to have less users then you are nailing it and keep up the good/bad work. If you want happy users then get some people with common sense in so they can put a stop to peoples bad ideas.
-
nestedmacro commented
Wouldn't hurt to put the complete complexity rules at https://help.twitch.tv/s/article/creating-a-strong-password?language=en_US
beyond length. Just let people decide on what security they feel is sufficient and move on. If it's 'weak', just make the user aware (disclaimer) and move on. If Twitch is responsible enough maintaining secrets, having a guessable password shouldn't matter much with MFA."That password is too easy to guess." By all means, proceed and let me know once you have it.
-
Jennie500713 commented
Twitch requires the most insane password strength I've ever seen. I've had accounts with banks, insurers, court systems and other state/federal government websites, and yours is the only one I will never remember. You're a streaming site. It's not like you're handing out nukes.
Literally all I (and millions of others) want to do is watch streamers and comment occasionally. If the security is this high for streamers, who have jobs and contracts surrounding twitch, then fine. But I think you'd make a lot of people happy by making two separate account types, with different levels of security measures. One for users who will stream, and ones for viewers that will never stream. The latter will be thankful you've made the change, I'm nowhere near the first person to complain, and it's a very stupid reason to lose viewers/users/potential paying customers etc.