Skip to content
Translate Ideas and Comments
Choose language:
There was an error during translation
← Twitch UserVoice

Settings and activity

4 results found

  1. Global AI AutoMod does not understand context

    2,218 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    135 comments  ·  Moderation » Mod Tools  ·  Admin →
    darknase supported this idea  · 

  2. Alert System - Major Bugs

    340 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    4 comments  ·  Creator Dashboard » Alerts  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    darknase commented  · 

    Broken alert system. Top priority fix!

    darknase supported this idea  · 

  3. Add Deeper Analytics for Ad Revenue

    1,165 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    Investigating  ·  30 comments  ·  Creator Dashboard » Analytics  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    darknase commented  · 

    Adding "a break out" that just says "Ads & Turbo" is not a break out. We expect better Twitch.

    darknase supported this idea  · 

  4. Stop requiring a phone number to set up 2FA.

    719 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    61 comments  ·  Account Management » Security and Privacy Settings  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    darknase commented  · 

    Giving out a phone number to get 2FA (or in general) is a no-no.

    Aside from that SMS-TAN is considered broken since at least 2016 by NIST [1], going back till 2005 [2]

    to [1]:

    "Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems SHOULD carefully consider alternative authenticators. If the out of band verification is to be made using a SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service."

    It's a GDPR privacy concern, you DO NOT NEED to know a phone number to authenticate a person.

    You already have a way to communicate, send a one time code via eMail. But even that is isn't a required, because setting up the 2FA is easily done via a scanable QR code that's issued for the user once - i.e. changes on repeat - when the user enables the 2FA on a dedicated - i.e. not constant part of the user profile - page.

    You don't like the eMail OTP solution because interception or plain text, well then set up a public PGP key dedicated to the 2FA setup, freely available on your site and on a PGP key server. Still can do a challenge-answer implementation before accepting users public key into your system.

    [1] https://pages.nist.gov/800-63-3/sp800-63b.html
    [2] https://www.schneier.com/crypto-gram/archives/2005/0515.html#16
    "Comments from Readers" - "Subject: Two-Channel Authentication with Cell Phones and SMS"

    darknase supported this idea  ·