Translate Ideas and Comments
Choose language:
There was an error during translation

Settings and activity

  1. 78 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    achow101 commented  · 

    I think that it is really important for Twitch to allow users to disable SMS 2FA and to have fixed backup codes like every other 2FA implementation does. SMS 2FA is not secure at all as besides the SIM jacking attack, there are other, easier and cheaper, ways that attackers can receive all SMSes for a phone number, such as the one described in this article: https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber.

    Given how easy it is for an attacker to receive SMS 2FA, it is imperative for Twitch to make their 2FA system better and more secure by allowing users to disable SMS 2FA and use other 2FA methods such as FIDO U2F.

    This is also important for those in the affiliate and partner programs as an attacker with access to the account settings and SMS 2FA can change the payout method and thus steal a streamer's earnings.