Skip to content
Translate Ideas and Comments
Choose language:
There was an error during translation

Settings and activity

2 results found

  1. 1,135 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    alanblip commented  · 

    The Twitch FAQ for 2FA states: "When you set up Two-Factor Authentication on your account, an Authy account is automatically created for you even if you choose to actively use an alternative authentication app."

    Talk about insecure! Twilio, the owner of Authy, suffered a breach recently that exposed some user's Authy data. Twitch is forcing its 2FA users to have an unnecessary account at a 3rd party site that's known to have suffered data breaches. I closed my Authy account recently, and now Twitch wants to reopen it for me. Ridiculous!

    Requiring an Authy account "behind the scenes" is entirely unnecessary and reduces account security. It increases attack surface by putting my data on a website I have no control over and didn't agree to. Every other website I use where I've setup TOTP 2FA does so without requiring my phone number to create an Authy account for me. There is no sane reason for Twitch to do it this way.

    alanblip supported this idea  · 
  2. 337 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    alanblip supported this idea  · 
    An error occurred while saving the comment
    alanblip commented  · 

    I recently deleted my Authy account due to the recent security breach at Twilio (owner of Authy) that compromised some Authy accounts, their recent removal of backup features I relied on, and their lack of transparency in not providing any way to export tokens.

    Now I'm trying to activate 2FA on Twitch, and I get an error verifying my phone number. Apparently it's because Twitch is attempting to create an Authy account with my phone number, but that account is in "Delete pending" state so it cannot be used.

    So I can't do 2FA on Twitch while my Authy account is being deleted. Then, Twitch will apparently recreate my Authy account WHICH I DO NOT WANT BECAUSE AUTHY LETS HACKERS TAKE OVER USER ACCOUNTS. (ok, that's a little bit of hyperbole, but Authy is untrustworthy to me).

    Please get rid of this ridiculous creation of an Authy account. I just setup TOTP 2FA on over a dozen accounts and none of them tried to create an Authy account for me. What is it about Twitch's technology that the others can do it right but Twitch can't?