Forced 2FA on account with no email

LordMerc · April 29, 2021, 11:50pm

Page URL: Roblox
Impact: Very High
Frequency: Constantly
Date First Experienced: 2021-04-29 19:04:00 (-04:00)
Date Last Experienced:

Reproduction Steps:
Attempt to login to account with a different IP, you will then be brought to the 2fa page even if there is no email associated with the account thus creating lockout.

Expected Behavior:
Expected to not happen on accounts without an email associated

Actual Behavior:
System proceeds to force 2fa without email associated

Workaround:

cpguy5089 · April 30, 2021, 12:48am

This bug has been happening for a long time, sometimes accounts will get a forced 2fa login even if 2fa isn’t enabled. I’ve had this happen across multiple accounts of mine. The first time it happened I didn’t even get the 2fa emails and I assumed it was hacked (thankfully a quick login code and checking the settings confirmed that wasn’t the case)

I’m not entirely sure why this happens but I imagine it’s because roblox might be trying to fight password guessing of older accounts?

blitzahon · April 30, 2021, 5:05am

I encounter this bug when I try logging in through mobile with mobile data. I also encounter this in incognito tabs.

Auto_matics · May 1, 2021, 12:16am

At first I thought this might be Roblox’s attempt to prevent hackers gaining access to accounts as @cpguy5089 has mentioned. However, if it’s occurring with account’s without emails it’s most likely a glitch.

sjr04 · May 1, 2021, 4:17pm

This is intentional:

Doesn’t seem like a bug to me, it should be the standard for people to enable 2SV/2FA/whatever other sites call it on platforms they sign up for anyway

LordMerc · May 1, 2021, 4:36pm

you did an oopsies sir, check the title

sjr04 · May 1, 2021, 4:37pm

Yeah I somehow missed that

I still think it’s related though

LordMerc · May 1, 2021, 4:38pm

More than likely they thought they gave a good amount of time to place an email before they rolled out this push on everyone.

gigagiele · May 7, 2021, 4:27pm

Thanks for the report! We’ve filed a ticket to our internal database and we’ll follow up when we have an update for you.

gigagiele · July 5, 2021, 4:24pm

Hey, can you provide the account on wich you saw the behaviour?

blitzahon · July 5, 2021, 7:27pm

This occurs when I go onto a device I’ve never logged in, and also while using mobile data. It occurs sometimes on my account, sometimes doesn’t.

LordMerc · July 6, 2021, 12:19pm

It was Automated_Systems, but the issue seems to be gone now.

gigagiele · July 7, 2021, 6:59pm

Understood, thanks for checking back. I’ll set a time for the thread to close so if you encounter this issue again feel free to create anothe topic. Have a great day!

gigagiele · July 11, 2021, 8:07am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.