With Roblox’s new update, we now have the ability to login with our e-mail address or our phone number rather than using our username.
If we were to add the ability to block a certain login method, not only would we be limiting the possible entry points to our account, we could disable username login to prevent targeted brute-force login attacks to our accounts.
Honestly don’t know why they chose phone number, seems like a massive security risk.
I don’t see the problem-- they still need a password, right? And brute-forcing a Roblox login is virtually impossible (network latency, captchas, etc.).
Having an extra security step never hurts. It’s a relatively simple change in comparison to the security benefits it brings.
How? everybody already knows your username and there’s no security risk, the phone number or email address is an alternative to use in place of your username and nothing else.
How so? It’s only become a risk when you disclose your phone number. Same can be said for email.
If you take appropriate security precautions, the risk becomes very low in my opinion. I would love to see something like this occur.
That doesn’t make sense.
As @ColdSmoke said, your username is public knowledge. Why would anyone trying to access your account use your email address or phone number instead of your public username? Even if they had either of those things, they still wouldn’t be able to get into your account without your password. The only thing this update does is allow us multiple ways to get into our accounts - there is no difference in safety between using your username, email address, or phone number.
Edit:
It seems I’ve partially misread, but even if you disabled username logins, I can’t imagine it’s worth the effort of implementing the feature. In fact, if a malicious person is trying to break into my account, I would rather them not even attempt to find my email address/phone number and just use my username.
Imagine the Roblox login as a two-key switch. Traditionally, the first key has always been the username, and the second key remains the password. If someone is specifically targeting you, it logically follows that they always have the first key, and need only search for the second.
If you have added your email and phone number, and choose only to allow login using the phone number as the first key, then the person attempting to access your account would have to find two different keys, instead of one. If you have not posted your phone number publicly, you should feel safe in using this mechanism to further secure your account.
I figured out how to disable logging in with email
there should probably be a built in solution though 