Settings and activity
3 results found
-
212 votesAmphitryon supported this idea ·
-
4 votes
An error occurred while saving the comment Amphitryon supported this idea · -
1,139 votesAmphitryon supported this idea ·
3 results found
The application I want to register does not require any authentication flows other than the OAuth Client Credentials Grant Flow, i.e., there are no users whose information could be put at risk if my app (or Twitch account) is compromised. I cannot even enable SMS- or TOTP-based 2FA, as TOTP isn't an option unless SMS is already enabled (and remains that way), and SMS (despite implications to the contrary https://help.twitch.tv/s/article/two-factor-authentication) is not allowed for VoIP numbers such as Google Voice.
Add in the fact that SMS-based 2FA and especially SMS-based password reset will greatly reduce security for security-conscious individuals (i.e., most developers), and it becomes clear that the mobile 2FA requirement should be re-evaluated and either removed or replaced with something more secure, such as pure TOTP without SMS.