2FA via Security Keys - Now Available on Web Browsers

(post deleted by author​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​)

I am so happy about this update, by a coincidence I ordered two new security keys for other projects a few days ago, I can now add another site!!!

Thanks Roblox

Your phone’s security key shouldn’t be associated with your phone’s SIM. However, I do suggest you look up how your phone works with the Webauthn standard.

I absolutely love this, it’s something should have been here ages ago but I’m glad it here now. If you have the ability to use it, you absolutely should.

However I do have some concerns over wording:

Classifying both auth app and U2F as “very secure” doesn’t feel like the right wording. They are both secure but U2F is an entirely different level of security. Defining email as secure is also very interesting.

I would had personally gone with:

• Email: Good
• App: Better
• U2F: Best

I’ve waitet for this so long and I’m glad that you finally support security keys!
Still hope that other platforms follow…

It is good that ROBLOX is taking developer security more seriously, an excellent addition which will prevent a much wider range of attacks that covers regular app 2FA’s shortfalls. Thanks ROBLOX!

Awesome! I honestly can’t believe how on this large of a platform this wasn’t added sooner, but hey it’s here now so I can’t really complain. Nice job

Awesome update, by a security one of the very secure, like Authenticator those are new security keys and other things devices as such will be great update of layer security.

I know that a few developers have been asking for this for some time and I’ve been wanting to try it out as well. I didn’t really understand how a hardware key could work but it sounds more simple and convenient than I thought, plus I’m really liking the sound of it being more secure than current options. Just better hope that I don’t damage that key and keep it real safe…

Any recommendations on which Yubikey to get?

Physical keys are better since you physically have to have it to log in. Only way to get past it would be the Roblox support social engineering method

Can someone explain me the difference between this Authenticator??

When it would want me to put the code from the authenticator I would use my biometrics to fill it up anyways, so what’s the catch up with this? Ain’t this the same thing?

it’s more convienent and secure. that’s basically it. tho i suggest using authenticator and security key incase you can’t access your security key/biometrices

Will it be possible in the future to disable Authenticator 2FA and just use a security key for 2FA?

I feel that if you must have Authenticator 2FA as an alternative when using security keys, there’s not really much point in using a security key for, well, its security, since you can just use another less secure alternative.

Do you ever think you’ll add a similar thing to what PayPal has, where you login on your desktop and it sends a notification to you phone to confirm Face/Touch ID?

This feature has the Chrome verify thing, however that only supports Android Devices.

its a really really good update but my old account which is still locked with 2 step verification that has my deleted gmail set to it

This is awesome! I can finally make good use of FaceID on my Apple devices and physical security keys on my WIndows computer.

Well done, Roblox!

I already have authenticator app.

There is no point of this update. It’s really stupid.

How is security keys good? Get someone’s fingerprint, there you go.

I believe this is a step ahead in the right direction, keep it up

You have to physically have the security key at your computer unless you’ve set up a phone security key like me to access your account. With an auth app, if the app developer doesn’t put enough security into it, someone could just TeamViewer you and get the code.