An alleged Twitch hack just possibly revealed a massive amount of information about the streaming service, including full source code for the site and its various clients; creator payout details since 2019; details about various backend SDK and Amazon Web Services tools; and even a Steam rival. If it’s real, it’s bad.
User passwords don’t appear to be part of the leak. But given the extensiveness of the hack, it’s a good idea to change your Twitch password and turn on two-factor authentication for the site. Regardless of whether you’re a streamer or a viewer, or whether the hack is legitimate, you should ideally be using a strong, unique password for the site and have 2FA enabled anyway. This is the perfect excuse to get those ducks in a row to keep your account safe.
How to change you Twitch password
Brad Chacos/IDG
Fortunately, Twitch makes it easy to change your password. After logging into your Twitch account, you can both change your password and set up two-factor authentication via the site’s security settings page. Hit that link or follow the steps below:
From the main page, click your avatar in the upper-right corner, and do the following:
Again: Be sure to use a strong, unique password for the service (and every site or service you belong to). Doing so prevents hackers from using your credentials to logging into your other accounts if one account is breached. A password manager can help you keep track of your assorted logins, and our password manager guide can help you pick the best one.
How to turn on Twitch two-factor authentication
The same security settings page at Avatar > Settings > Security and Privacy also holds the option to set up two-factor authentication. If two-factor authentication is enabled, you’ll be asked to confirm your identity using your phone whenever you sign onto a new device.
Click the “Set up two-factor authentication” button on the Security and Privacy page and follow the instructions onscreen to set it up. (If you’re a content creator, this may already be completed, as Twitch requires you to set up 2FA before you can start streaming.) You’ll have the option to choose between receiving your 2FA prompts either via text message or an authenticator app. Security pros generally consider the authenticator app to be a more secure option, but receiving codes via text message may be easier and is still vastly superior to leaving 2FA disabled. If you’re unfamiliar with the technology, our two-factor authentication explainer can get you up to speed and point you towards the best authenticator app options.