This is a great step in the quest for better account security. Although I still have some concerns, as I wish the authenticator was more like Steam’s, where you have to confirm on the mobile app whenever you do something, and it sends a push whenever someone is trying to get into your account. The problem I see is that whenever someone gets into your account, it’s often too late to take any actions.
Another concern is the underlying issue with the customer support being social engineered into giving away access to people’s accounts, until these issues are fixed, I don’t know if I will ever be able to fully sleep at night with any items of value on my account. The sad part is, people with limited items are generally ignored when they are compromised.
Authy works also in desktop, though all apps from Authy look bad and don’t work the best.
I’m currently using 2FAS. Doesn’t have a desktop app but didn’t miss it.
You can move to it from GAuthenticator pretty nicely.
Microsoft Authenticator doesn’t backup your 2FA codes fyi.
Of course, there’s the backup codes, but realistically you should be using an app that does proper backing to your cloud service anyway so that isn’t an issue. (iCloud, Drive)
You do know how authentication works with these, right? With this type of system you must have the code on your authentication app to log in all the time, even if you have a password. If you lose the authenticator app, then you can use the 10 backup codes given to you when you set it up. Usually you store these in a private place, so that no one can access them.
Would be nice if this was also added to reselling limited items (we already have it when we spend a large sum on an item, don’t see an issue to have it for reselling as well)
2FA is inherently better than 2SV as 2FA requires 2 separate factors of authentication instead of just one with an extra step (such as having your own phone’s auth app). If you have your email behind 2FA as well, I suppose 2SV could still be fine as in order to access the email you’ll need another factor anyways making 2SV really 2SV with 2FA on top of it.
I still hope at some point Roblox’s API switches to api keys and not cookie auth. As it stands if you get cookie logged somehow, even without logging into the account someone can still use the api and the cookie to do things without 2FA.
This was MUCH appreciated, my account has been hacked about 3 times. Also just everyone’s vulnerability to being hacked is high as hell.
I really suggest the Microsoft Authenticator, I’ve had it for a while. It’s EXTREMELY simple to use, all you gotta do is sign in with an outlook or even anything line Gmail. Also you can sync your passwords and addresses for auto fill if you want…the app can ALSO be protected with Face ID, Fingerprints, ect with IPhones and maybe other phones aswell.
Warning: 2 Step Verification via Email Codes is less secure than using an Authenticator App and will still be a choice during login. It is recommended that you turn off email verification if you will be using an Authenticator app.
I might disable the 2 Step Verification via Email for me.
