The Bitwarden Blog
Protecting your Twitch account with Bitwarden
October 7th, 2021
Twitch remains the dominant service of streamers everywhere. Recent news also shows that users must stay vigilant on how they manage credentials, specifically passwords, across websites. If people reuse passwords, a leak from one website can have ramifications to many other accounts. However, if the password you use for each website is unique, a breach could be just a minor inconvenience of having to reset your password for just that one impacted site.
Here are a few tips and examples to ensure you protect your Twitch account.
You can immediately take control of your online security by using a password manager. A password manager helps you create long, complex, random, and unique passwords for every site you visit. This makes a brute force attack impossible in our current lifetimes, and if one site you use were to be breached, your other accounts will still be secure.
Whether you are setting up a new Twitch account, or have an existing one, you can generate a long, complex, random and unique password with a password generator. Perhaps you make it extra long, up to 128 characters! Check out the Bitwarden password generator inside any Bitwarden client, or visit our web-based password generator.
Let’s explore how to sign up for Twitch.tv from scratch using the Bitwarden browser extension.
While on the signup screen you can launch the Bitwarden extension and enter your intended credentials before even putting them into Twitch. Twitch allows signup with a username, but also offers an option with email. Here we have chosen a username of
Next comes the first power move - generating a long, complex, random, and unique password for Twitch. We’ll use the password generator built into Bitwarden by clicking the Generator icon on the far right of the Password field.
You can pick a super long password with all the bells and whistles, for example 54 characters, capitals, lower case, numbers, and symbols.
Most importantly, Select AND Save this credential. Here is the Save step.
After Saving, you will see the green notifier indicating that the credential has been saved.
You will now see that we have a Twitch credential within the Bitwarden browser extension ready to autofill. We can click within the extension, or use CTRL/CMD + Shift + L to autofill the new Twitch username and password.
Twitch tells us that we have a strong password, and has autofilled it for us in both locations.
Upon completing the signup, via Phone Number or Email, Twitch will send a 6 digit code to complete the process
After that we are in!
Once you have your account setup with a long, complex, random, and unique password for Twitch, you can add two-factor authentication for even more protection.
If you are already a Twitch user, this is an important step as well, including creating a new long, complex, random, and unique password for Twitch first.
From the Settings > Security and Privacy menu, select
Set Up Two-Factor Authentication
Choose Enable 2FA.
Twitch currently offers options for two-factor authentication, but the first workflow required of the user is via phone.
After you enter a phone number, you’ll receive a code and be asked to enter it.
From here, Twitch offers the option to set up an Authenticator App. Many people view Authenticator Apps as being safer than SMS due to the cases of SIM jacking that happen within the mobile phone ecosystem.
With Bitwarden you also have an option to integrate two-factor authentication directly into your password manager. This is part of Bitwarden Premium Features, available with any paid plan. You can still set up two-factor authentication for Twitch with the Bitwarden Basic Free Account but you will need to keep your two-factor separate, such as an app like Authy or Google Authenticator.
In fact, if you use Authy, and Authy has the same phone number you provided to Twitch for confirmation, Twitch will automatically integrate your two-factor into Authy. In the email from Twitch you might see
If you haven’t done so already, we also strongly recommend that you opt-in to receive your security codes via the Authy app. Receiving security codes via Authy will save you on SMS costs and is also a more secure method.
However, we prefer to keep our two-factor authentication integrated into Bitwarden for the following reasons
- Your Bitwarden Vault hopefully already has two-step login using some other method. (ie. do not use the Bitwarden Authenticator to protect your Bitwarden account.) Therefore it is currently protected with a high level of security and, in fact, two-step login.
- Having two-step login enabled for websites and applications is always better than not having it enabled. A tighter bundling of two-step login makes it easier to use more frequently, which promotes better security practices.
- If you need to share an item, you can share it with two-step login enabled, which, again, is better security practice. This is a collaboration and two-step login power move.
- You do not need to remember which authentication app you used, since it is built in.
- You can always choose, on an individual basis, which login you want to authenticate internally within the Bitwarden app, or externally using a separate Authenticator app.
Once the screen appears with the QR code, we can use our Bitwarden mobile app to quickly integrate that into Bitwarden.
In the mobile app, open the new Twitch item and choose Edit. Then select the camera icon next to
Authenticator Key (TOTP) to scan the QR code. Save the item and you’ll automatically get the
Verification Code (TOTP), part of the built in Bitwarden Authenticator with Bitwarden Premium features.
Two-factor authentication helps keep your account secure but it is also important that you do not lose your authentication device or app. Using Bitwarden, your authentication is built in and can be synchronized across devices. Other authenticator apps offer this option, but you often need to sign up for an account to be able to sync your authentication codes across devices. Be sure to complete this important step.
Following this step is a congratulations message from Twitch.
And we see that we now have an authentication app enabled and SMS as a backup.
Once you have everything configured, Bitwarden makes logging on via mobile devices easy. Here’s a stereotypical login on iOS using the built in Bitwarden Authenticator.
With Bitwarden you can start today with a password manager that syncs unlimited logins across unlimited devices. Using Bitwarden Premium Features, you can also integrate your two-step authentication. If you have a need for password management at work, Bitwarden offers Teams and Enterprise plans.
Start your Bitwarden account here.
Back to Blog