The password requirements are truly insane for the average user. I shouldn't need a password so secure that it'd take years to *****, I need a password I can remember. This is a streaming site.
If a streamer wants a super secure password, they can make that themselves, but imposing insane guidelines on people who just want to follow a few people is super annoying.
I posted a similar comment in the Password Reset section, and there is an additional one in the Signup section.
Please lower the complexity of the password requirements. Stop trying to micromanage people's ability to log in.
I just wrote a suggestion in the "Password Reset" section myself, not seeing this one here in sign up.
I have easier passwords with much more important things in my life than Twitch. This level of complexity is insane. Let the users make their passwords. Don't try to micromanage a person's ability to log in. Not to mention the fail safes of security codes and email verifications that pop up too.
My suggestion? Chill out on your password requirements.
Currently, the requirements are ridiculously high and very finnicky. I typed a random password of "edited!" as a test of desperation after attempting for 15 minutes trying to decide, and it says the password is weak. I have an easier password with my bank account than I do with twitch.
I typed a bunch of random passwords to test, and found that this just seemed sporadic and overly complicated. Here are another 2 that I typed in comedically --- "edited!" and "edited!" are both considered weak.
I WORK IN TECH. This is ridiculous, and I wouldn't even want to log in to twitch if it wasn't for the fact I typed this up and I need to log in to complain about it.
Your updated password requirements are obtuse and the strong password page does not give clear indications on what an acceptable password would be other than just accepting what random password a browser or password manager offers and then changing it again when you change devices or can't carry that password with you. This doesn't make an account more secure as then you need to write that down then you have a physical copy to compromise your account if you are in a shared living space.
My password was fine, you forced me to change it, my account was never compromised simply because of MFA. As others have said, take these requirements and shove them. Let us be as secure as we want, but that means expanding MFA, you know, proper investment into the platform.
THIS!!! 100% I had a 1600+ character expletive filled comment ready to send. Calmness got the better of me. Fix your password bullsh1t. I can tell you my current password doesn't meet your requirements and I want to make it slightly more difficult but until you let me make it what I WANT I'll just leave it ****** and compromised. :) No reason p1ssing people off when they also have 2FA enabled.
Stop making us use random letters and numbers and characters to "protect" our accounts. BE NORMAL AND NOT STUPID. You're just ******* people off and pushing them away from your platform while hackers still get in fine.
Really nice not being able to use any of the passwords I've tried creating for this site. I followed the guidelines you presented, but each time it told me my password was too easy to guess and wouldn't let me use it. I could understand if it didn't land under the requirements such as minimum characters, at least 1 special, number, and uppercase character, but it met those. It's unclear if dictionary words are allowed because you say not to use them, but you offer LastPass or 1Password as examples. Those aren't accepted by the way.
Please fix this stupid ****.
I'm resetting my password, and entering 40 characters randomly selected from a more than 200 characters long string of letters, numbers, signs and old norse runes.
The response? Unacceptable! This is too easy to guess!
you should use a pw manager either way.
know what i did? I just entered a whole fucking sentence. A sentence which has something to do with ranting.....
"i agree". Your user management team clearly doing "stuff" and it's nice(?) that i had to link accounts with this "uservoice" service just to even make this comment.
Thus, your super tactical security ninjas know that even NIST is moving away from baroque password complexity rules: https://www.schneier.com/blog/archives/2017/10/changes_in_pass.html
(yes, i'm a bit salty in this comment, but i just spent 15 minutes trying to set a password which i have no doubt i'll have to reset next time i have to log into twitch. )
I COMPLETELY agree with this. The password requirements need updated badly.
I'm just blown away by how difficult this has been made for users to create a pw and access your service. I'm never going to remember such a complex password and its frustrating trying to type random characters in each time I want to log in, typing new combos in over and over again until one is acceptable. So I just barely ever do it :/
Not a big fan of companies telling me that my password is not usable, it was 10 digit alpha numeric so are you Fn kidding me. Most of us don't want to have to write down some insane ******** password just for your website, just saying your Twitch not my bank!
Yeah The password is way to much. If I could have my password be something I know and not just bs on a word doc I'd be happy.
I literally gave up on two occasions but my son bugged me enough to see it though. If you are trying to have less users then you are nailing it and keep up the good/bad work. If you want happy users then get some people with common sense in so they can put a stop to peoples bad ideas.
Wouldn't hurt to put the complete complexity rules at https://help.twitch.tv/s/article/creating-a-strong-password?language=en_US
beyond length. Just let people decide on what security they feel is sufficient and move on. If it's 'weak', just make the user aware (disclaimer) and move on. If Twitch is responsible enough maintaining secrets, having a guessable password shouldn't matter much with MFA.
"That password is too easy to guess." By all means, proceed and let me know once you have it.
Twitch requires the most insane password strength I've ever seen. I've had accounts with banks, insurers, court systems and other state/federal government websites, and yours is the only one I will never remember. You're a streaming site. It's not like you're handing out nukes.
Literally all I (and millions of others) want to do is watch streamers and comment occasionally. If the security is this high for streamers, who have jobs and contracts surrounding twitch, then fine. But I think you'd make a lot of people happy by making two separate account types, with different levels of security measures. One for users who will stream, and ones for viewers that will never stream. The latter will be thankful you've made the change, I'm nowhere near the first person to complain, and it's a very stupid reason to lose viewers/users/potential paying customers etc.