2FA via Security Keys - Now Available on Web Browsers

Can someone explain me the difference between this Authenticator??

When it would want me to put the code from the authenticator I would use my biometrics to fill it up anyways, so what’s the catch up with this? Ain’t this the same thing?

it’s more convienent and secure. that’s basically it. tho i suggest using authenticator and security key incase you can’t access your security key/biometrices

Will it be possible in the future to disable Authenticator 2FA and just use a security key for 2FA?

I feel that if you must have Authenticator 2FA as an alternative when using security keys, there’s not really much point in using a security key for, well, its security, since you can just use another less secure alternative.

Do you ever think you’ll add a similar thing to what PayPal has, where you login on your desktop and it sends a notification to you phone to confirm Face/Touch ID?

This feature has the Chrome verify thing, however that only supports Android Devices.

its a really really good update but my old account which is still locked with 2 step verification that has my deleted gmail set to it

This is awesome! I can finally make good use of FaceID on my Apple devices and physical security keys on my WIndows computer.

Well done, Roblox!

I already have authenticator app.

There is no point of this update. It’s really stupid.

How is security keys good? Get someone’s fingerprint, there you go.

I believe this is a step ahead in the right direction, keep it up

You have to physically have the security key at your computer unless you’ve set up a phone security key like me to access your account. With an auth app, if the app developer doesn’t put enough security into it, someone could just TeamViewer you and get the code.

I’m not sure why but in my mind a physical key to log into your account on Roblox is very futuristic. Although digital keys I guess are more futuristic which is what 2FA auth apps are for.

But this is very cool, are you planning to add this to mobile in the future; because far more phones have stuff like fingerprint scanners and faceID than pcs.

Yes they are planning to add it in 2023 it says in the post.

I use Google Authenticator, which has enough security.

Personally for me that is enough security too. But sometimes people either forget their phone, their phone has to charge, their phone is updating and bla bla.

A physical security key could be attached to your keychain meaning you’d forget it less (unless you’re one of these people that forget their keys) it wont need updating etc.

Lol I feel so stupid, sometimes I think I’m blind honestly.

Yeah. I don’t forget my phone though.

Yeah, me neither but there is some people, you never know. And after all this update isn’t forced it’s just another feature to add onto the current security features.

Is it recommended to not use your Phone Number because of the whole Sim Swapping issue in fact I think that might be how I got hacked because when I got hacked I had a complex pass 2FA a Pin and Email verified and I never clicked on any links or anything I was just hacked just like that and all my group funds and items were gone within minutes…

In general a physical key is required to complete authentication. You may find it stupid but my threat model is not your threat model.

They represent a level of security above auth apps, primarily that there is reduced attack surface from an entire OS as well as not requring a battery to get codes from.

For those who are high risk, this is a vital tool in their security arsenal to minimise the risks assoated with these direct attacks against their accounts.

When Google gave U2F security keys to all their employees, phishing related attacks dropped to 0.

Even without that, I strongly urge you to read this paper from Google which showed the effectiveness of U2F, such as reduced auth time, reduced support tickets.

It is what I and much of the community has demanded, just because it’s not for you doesn’t make it a bad update.

If you’re not sure, complete this quiz from Yubico (the company behind Yubikey)

YubiKey 5 NFC or YubiKey 5C NFC are a general good first option depending on if you want USB A or USB C connectors.