How To Enable 2FA In Twitch

As Twitch is so incredibly popular, that makes it a target for hackers and scammers. Any platform that counts its users in the millions has the same challenge. The traditional username and password is just not secure so using 2FA, Two-factor Authentication, is a no-brainer. This tutorial will show you how to enable 2FA in Twitch.


Streaming

Two-factor Authentication uses two factors, two verification methods to permit access to an account. You probably already use it elsewhere, for banking Gmail, Outlook, PayPal or something else. You log in using your username and password and then a code is sent to your phone. You enter the code into the login box and you’re granted entry to your account. That’s two-factor authentication.

It’s an extra step in the login process and does require you to have your phone with you all the time but who doesn’t have their phone with them constantly?

Enable 2FA in Twitch

Twitch uses Authy to provide 2FA. You can use a phone app or SMS to verify and the system is very user friendly. SMS takes just a few seconds to arrive and you can be logged in and streaming or viewing just a few seconds after that. Given the ease of use and extra security 2FA offers, I recommend everyone uses it.

You will need a verified Twitch account for 2FA to work. You also need to enable it on the desktop website first. You cannot enable 2FA on mobile. You can use it on the mobile version once enabled though.

To use SMS verification:

  1. Log into Twitch and select your username in the top right.
  2. Select Settings to access your Dashboard.
  3. Select the Security and Privacy tab.
  4. Select the purple ‘Set Up Two-Factor Authentication’ button by Security.
  5. Enter your password to verify your account.
  6. Enter your phone number in the box.
  7. Enter the code you received via SMS into the Twitch window.

Use 2FA with the Authy app:

Navigate to your app store and search for Authy.

  1. Download and install the app.
  2. Open the app and select Set Up.
  3. Enter your country, phone number and email address.
  4. Select the code method, App, SMS or Phone Call.
  5. Authorize the app if prompted.

If you register Authy with the same email address you use for Twitch, you should see Twitch appear under where you see ‘2FA Accounts’. If you used a different email address, you may have to link Authy with your Twitch account.

Once verified, the account should now be secured by 2FA. From now on, you will have to log in using your username and password and then enter a code delivered by your chosen method.

How 2FA secures online accounts

Two-factor authentication has been around a while and is now default for most banks and financial institutions. Many online stores, game platforms and other online communities also have the option for 2FA. It’s a simple, yet very effective way to secure your personal data online.

But how does it protect you?

In an old-style account, your account data was protected by an authentication layer that required a username and password. Both entries needed to be correct to allow access to that account. The challenge is that however long your password might be, bots and bot nets are powerful enough to be able to crack them in seconds, perhaps minutes if you use a passphrase.

As the platform needs to have username and password access open to allow you to use the system, this also left it open to attack. A brute force or dictionary attack could be launched at the login screen and try literally millions of combinations a minute. Once cracked, your account was open for all to see.

Second factor

When you enable 2FA, an extra layer is added to the login process on your account. Without passing through and authenticating this layer, the system will not allow access to the account. So, someone hacks you username and password, they will not be able to access the account without adding that second factor, the verification code.

In the scenario above, if a bot net attacked the platform, that second verification layer would not allow the hacker access to your details. They would also need the verification code send via SMS or the Authy app. Unless they could also hack your phone or have physical access to your phone, they are out of luck.

As you can see, 2FA isn’t perfect. It can still be hacked with access to your phone but the chances of that happening are a tiny fraction of the chances of a non-2FA account being hacked. That, and the fact the system is cheap and simple to use, means we will be using 2FA for a long time yet!