lol, i just changed 1 (one) symbol of my "weak" password to another symbol and it was "fair".
this is a joke.

It sucks to log into twitch as I have to enter a 28 letter password and then enter a 2fa code. What’s the point of 2fa if we also have to use insanely long passwords.

I tried my password that i use for all my accounts, which was marked as too easy to guess.
However, I found that merely typing the password twice (ex: 123123 rather than 123) made it a strong password.

Agree with everything said here.
After playing around got it to accept a password which is actually far weaker that the one I wanted to use, just longer. Seems to like longer passwords.
If this is the requirement, at least say so on the page.

Your password requirements are absolutely bonkers, ESPECIALLY when you have an authenticator app. All youre doing in making people come up with absurd complex passwords that will be forgotten, leading to a continual cycle of resetting. A password containing multiple capital letters, numbers, AND punctuation should be FAR MORE than required. Unreal. My bank doesnt even require this level of complexity.

Came here just to say this, stupid requirements without any sense.
There even is the 2fa!
Let security experts decide stuff.
The fact that twitch got hacked is your problem, think about your own security instead of forcing us to change passwords, this is a useless streaming application not a bank.

whoever decided this is probably not even in IT but some kind of manager that thinks he knows everything because he read a news article about passwords

i just want everyone to know that alphabetsoupeatmy*** works but not

7Ü{.42òÛ¡HËÖö¢h@~LøßïÌtv±~ÀzÁö²Óè`ç¿5KJ{PKÃ>±5¶èÐróU¥Ü&UÊ¿Ñ&Ù$¾ü§¤%ÙÕzdQ\¨ü(m·"±U{ÀÌ[£ØªÕ¹rf¡a²·g®×"=*K»'î¥ÆtZTgSØävïïsаÁp°¸ÚàÒ

like sf_nadim said.

7Ü{.42òÛ¡HËÖö¢h@~LøßïÌtv±~ÀzÁö²Óè`ç¿5KJ{PKÃ>±5¶èÐróU¥Ü&UÊ¿Ñ&Ù$¾ü§¤%ÙÕzdQ\¨ü(m·"±U{ÀÌ[£ØªÕ¹rf¡a²·g®×"=*K»'î¥ÆtZTgSØävïïsаÁp°¸ÚàÒ

this password is too easy to guess. I think twitch has a super quantum computer or something

been trying change my pass for hours wtf !(@#!@*(#(usiajfo isnt even strong enough?

I spent 10 to 20 minutes changing password or some **** EVERYTIME! I am leaving and will never try to login to this website anymore!

Twitch is trash now, leave.

I am glad I'm not alone in thinking that your STREAMING website has insane password requirements, guaranteeing that I will never remember it and will have to go through this asinine process every single time I have to log in. Ease up, you're not the military, a missile silo or a nuclear power plant.

There are currently very many suggestions related to issues with password rules. The purpose of this suggestion is to supersede those complaints by recommending that Twitch specifically adopt the recommendations in NIST Special Publication 800-63B <https://pages.nist.gov/800-63-3/sp800-63b.html>.

The purpose is to not have any rules that make users jump through hoops without improving security. Specific recommendations include:
* Passwords should be at least 8 characters long and there should be no arbitrary maximum length (at least up to 64 characters)
* There should be no composition rules (e.g., rules like "must include a mix of letters and numbers")
* Ban passwords from previous breaches or that are trivially derived from common or easily guessable words or phrases
* Do not provide password hints
* Do no "knowledge-based" authentication (e.g., "mother's maiden name")
* Do not expire passwords without a reason
* Do not use SMS as a second factor for authentication (but any second factor is better than none)

---

Selected quotes from appendix A:

"Humans… have only a limited ability to memorize complex, arbitrary secrets… online services have introduced… which require the user to choose passwords constructed using a mix of character types, such as at least one digit, uppercase letter, and symbol. However, analyses of breached password databases reveal that the benefit of such rules is not nearly as significant as initially thought [Policies], although the impact on usability and memorability is severe."

"Password length has been found to be a primary factor in characterizing password strength… Users should be encouraged to make their passwords as lengthy as they want, within reason. Since the size of a hashed password is independent of its length, there is no reason not to permit the use of lengthy passwords (or pass phrases) if the user wishes."

"Research has shown… that users respond in very predictable ways to the requirements imposed by composition rules"
"Users also express frustration when attempts to create complex passwords are rejected by online services. Many services reject passwords with spaces and various special characters. In some cases, the special characters that are not accepted might be an effort to avoid attacks like SQL injection that depend on those characters. But a properly hashed password would not be sent intact to a database in any case, so such precautions are unnecessary. Users should also be able to include space characters to allow the use of phrases."

"it is recommended that passwords chosen by users be compared against a [BANNED PHRASE] of unacceptable passwords. This list should include passwords from previous breach corpuses, dictionary words, and specific words (such as the name of the service itself) that users are likely to choose."

"Length and complexity requirements beyond those recommended here significantly increase the difficulty of memorized secrets and increase user frustration. As a result, users often work around these restrictions in a way that is counterproductive. Furthermore, other mitigations such as [BANNED PHRASE], secure hashed storage, and rate limiting are more effective at preventing modern brute-force attacks. Therefore, no additional complexity requirements are imposed."

I want to change my password to something specific, twitch won't let me because it's too weak and it's annoying me. Can you let me set it to my password even if it's weak?

This MUST be changed. This is absolutely insane.

Agreed, trying to get the 2 people I know that are on here to go to another streaming site, as I need to reset my password every time I want to log in. We don't all need DoD approved passwords to watch someone play a game. Never seen anything like it before.

If you use twitch on 2 different devices, this is crazy, i can't remember the password, so I request a new. Now i'm gettin a message that I have requested too many password resets, no sh*t, make your password requirements more consistent with THE REST OF THE INTERNET

Youre Idea of how a password is absurd, now way I will ever remember a password thaty lives up to youre ******* ridiculous standards.
I created this password just to be able to write this. tomorrow I will not remember.......
Do you not realise that if someone want to hack they use a computer to rng passwords???

Is totally ridiculous, why you think hacker need my worthless twitch password？
If I have a 20+ character password, is it absolutely safe?
Why can't it be more convenient？

WE DON'T MUST HAVE 20+ CHARACTER PASSWORD!!!

You think that’s bad, I tried to make an account using an e mail i already used, forgot and couldn’t recover the account, and it messed up then when I tried my new e mail i kept getting “your are creating to many new accounts to quickly” message, holy **** twitch why is your sign up process so ******* ********