I think that it is really important for Twitch to allow users to disable SMS 2FA and to have fixed backup codes like every other 2FA implementation does. SMS 2FA is not secure at all as besides the SIM jacking attack, there are other, easier and cheaper, ways that attackers can receive all SMSes for a phone number, such as the one described in this article: https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber.
Given how easy it is for an attacker to receive SMS 2FA, it is imperative for Twitch to make their 2FA system better and more secure by allowing users to disable SMS 2FA and use other 2FA methods such as FIDO U2F.
This is also important for those in the affiliate and partner programs as an attacker with access to the account settings and SMS 2FA can change the payout method and thus steal a streamer's earnings.
I think that it is really important for Twitch to allow users to disable SMS 2FA and to have fixed backup codes like every other 2FA implementation does. SMS 2FA is not secure at all as besides the SIM jacking attack, there are other, easier and cheaper, ways that attackers can receive all SMSes for a phone number, such as the one described in this article: https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber.
Given how easy it is for an attacker to receive SMS 2FA, it is imperative for Twitch to make their 2FA system better and more secure by allowing users to disable SMS 2FA and use other 2FA methods such as FIDO U2F.
This is also important for those in the affiliate and partner programs as an attacker with access to the account settings and SMS 2FA can change the payout method and thus steal a streamer's earnings.