2FA via Authenticator - Now Fully Rolled Out!

Hey developers!

We’re excited to announce that 2FA Authenticator is now available across web, mobile, and Studio.

This feature adds an additional layer of protection to your account, which will better protect it from unauthorized access even if someone knows your password. When you log in, you’ll be asked to enter a unique security code from the Authenticator, an application that you download and set up on your cell phone. Only you will have access to the Authenticator app; no one else will be able to obtain the security code.

Starting today

Thank you to everyone who helped us test 2FA Authenticator while it was in the web-only beta. Today, this feature is now rolled out on web, mobile, Studio, and fully available to all users!

However, the following platforms are unsupported at this time: Xbox and Universal Windows Platform (UWP). If the Authenticator feature is enabled, you will not be able to login to your account on these platforms. To log in on these platforms, you will need to temporarily turn off Authenticator on web, mobile, and studio and log into your account on Xbox or UWP.

How to Enable 2FA Authenticator

We recommend that you turn on 2FA Authenticator to increase the security of your account. This will better protect your account against account takeover, even if an attacker is able to gain access to your email account or phone number.

1. Download an Authenticator app on your phone. Some options include Google Authenticator, Microsoft Authenticator, and Twilio Authy.
2. Log into your Roblox account.
3. Go to Account Settings → Security tab and toggle on Authenticator
   

4. Scan the QR code from the Authenticator app on your phone. Alternatively, you can opt to manually enter a code into the Authenticator app.
   

2 qr388×512 60.6 KB

5. Enter the generated security code from your Authenticator app into the Authenticator Setup prompt. Authenticator is now turned on.

6. Enter your password to generate recovery codes in case you lose access to the Authenticator app.
   

7. You will see your 10 active recovery codes. Save the recovery codes in a secure place and close the prompt. You will not be shown the recovery codes again. These codes can be used in case you lose access to your phone, so don’t store them on your phone. Reminder: Roblox team members and support agents will never ask you for your recovery codes or password.

Note that in cases where you may want to temporarily disable the Authenticator, you will need to scan a new QR code or enter a new manual entry code into the Authenticator app to link your account every time you re-enable it.

How to Log In with 2FA Authenticator

1. Log into your account with email / phone / username and password.
2. Enter generated code into the prompt from your Authenticator app.
   

4 2step469×512 30.2 KB

3. If you don’t have your Authenticator app with you or want to login via a different verification method, click on “Use another verification method”. You will be able to use recovery codes or email 2SV if you have it enabled.

See our help center article about adding 2-Step Verification to your account for more information.

This topic was automatically opened after 9 minutes.

so do we just contact Roblox support if we uninstall the auth app or etc?

Wow! This is a much needed change, can’t believe this is FINALLY here; with the reputation Roblox holds for account vulnerability, this will definitely be an aid/improvement upon that - absolute godsend!

Thanks ROBLOX, this feature will totally prevent hackers from compromising peoples accounts!

I have two question though, what if a user hasn’t disabled 2-Step-Verification for a long time and had to use codes from their e-mail at the time but this feature rolled out, do they still get locked out or is it automatically set so we have to use the authenticator?

Also may it support an app called “Authy” In the future? I know we can use other authenticators but it’s pretty much okay if you couldn’t use it whatsoever.

If you enable authenticator, you will need to use authenticator unless it is disabled by support. If there was a way to get around it, it would just be useless.

No, you’d possibly have to enter a password in incase you uninstall the authenticator app or lose access to it.

Both e-mail and an authenticator app are available now, you can choose either of the two, so there isn’t really a point anymore to use e-mail based 2FA if you switch over

This is multi-factor authentication. I can’t tell if you just don’t understand this concept or are confusing it with a backup code.

When you enable authenticator, you are provided with several backup codes which you must write down safely. If your authenticator app is destroyed, glitched, broken, deleted, etc. these backup codes allow you to log-in and disable authenticator.

Thank you, thank you, thank you

You do not have to disable the authenticator entirely (unless you completely lose access to the device and have to recreate a new 2FA link), instead the settings page shows how many recovery codes you have left and you can choose at any time to generate 10 new codes.

Alright, got it now, thanks for telling!

Are there any plans to add Yubikey support in the future? Roblox is like a bank account for many users, and I would like my account to be protected like one. It’s great seeing Roblox finally adopt TFA via authenticator.

I always wanted that. ROBLOX continues to grow as a platform, thank you very much.

Maybe in the coming 5 years we’ll get it, this was quite overdue already

When having 2SV and 2FA enabled at thr same time, are both used when logging in, or does 2FA overwrite 2SV?

They aren’t very secure. Each code is less than 20 characters and they all use numbers. The codes shouldn’t be used as a security measure. It’s more for convenience.

Why has every latest update come out with problems known as it is released, has it just been a coincidence or are they just trying to get out updates as fast as possible…

How secure are these recovery codes, are they less likely to be brute forced that email 2FA?

Because they are challenging to solve and/or have a lower priority (there is a significantly lower amount of users that regularly use Roblox on Xbox/UWP app vs on mobile/desktop website)

YES. Finally a verification method besides email!

Nice ! Finally ! I was in the beta group and had this feature for a while now, it’s nice to see it being released officially !