Introducing 2-step verification with a second device

Hi Creators,

Suspicious login attempts to your account will now be challenged with 2-step verification with a second device.

If Roblox detects something suspicious about your login attempts, you will be challenged with a new login attempt prompt even if you don’t have a 2-step verification method explicitly enabled on your account.

Device that you’re trying to log into

You will be asked to use a mobile or tablet device that is already logged into your Roblox account to approve or reject the login. The prompt will also provide details about the login attempt like device type, regional location, IP address, date and time. This prompt serves as an extra layer to help secure your account.

Device that you are already logged into

If for any reason, you are unable to access your already logged in device, then you will have backup options to approve the login attempt. To successfully leverage the backup options, we recommend that you add a verified email address to your Roblox account and generate backup codes.

For more information on 2-step verification with a second device, please refer to this Help Article.

We will continue to iterate on this feature going forward to make Roblox a more secure place for our community. If you have any feedback or suggestions, please let us know.

Thank you!

The Safety Team


This topic was automatically opened after 10 minutes.

Okay. How do I use TOTP instead? Let me use TOTP.

Oh, it looks like TOTP is already a thing now.

I’ll have to set that up.


Like the added security! I’ve had a number of friends recently have their account’s stolen, so I really hope this can stop some of those situations from happening in the future.


Thank you for this awesome feature! Account security should be taken more seriously in my opinion.


This should be based off of HWID and IP. If the IP isn’t the same internet as previously recognized internets then it will check the HWID. If the HWID is not recognized then it prompts this security feature. This is a good update.


Yeah same here, unfortunately some sort of new support method to take over accounts has occurred. Thus causing a sudden surge in accounts being hijacked, luckily some friends did get their accounts back.


Unfortunately you can’t check “HWID” from a web browser. Roblox does do IP with this feature though.


What if I choose to not explicitly enable twenty-two-step authentication because it’s so inconvenient?

I want there to be an option to enforce exactly one step at all times (at the risk of my account’s safety).


This update, will surely help and make the community accounts more secure. It is indeed a W update and we should all certainly appreciate this W update. : )


Excellent new update! This will help bump up the safety of users who are more gullible.


When I immediately saw it asks to verify with the app on mobile. What if the user does not have a smartphone or tablet? Are they effectively locked out from their own account?


I might be wrong but

It seems like it will only activate if your account is already connected to a mobile or tablet, which means if the user doesn’t have a mobile or tablet they wont be locked out of their account since it will not activate


Hi all! Eggman@ is correct. Our challenge heuristics ensure a high rate of success, but in the off-chance we get it wrong you can still reach out to support for help.


SICK UPDATE, thanks for the feature. im using it now literally

also Since there’s too many scammers, please use this…


It’s probably better if they just force people to use two-step, people are gonna get hacked and then complain to roblox customer service asking for their items and robux to be restored even though the only person to blame is themselves for not securing their account.


I’m sceptical about Support’s usefulness. They don’t have a good record.


Really good feature that will prevent from potential hackers! :+1:


Currently I have 2FA on my account which means that I have to use the google authenticator app to log in, regardless of the device. Is this now overwritten by this update, so instead i’ll have to go on the Roblox app?

Not a problem if this is the case but it is interesting to know. Other than being ever so slightly easier I don’t see any huge difference between the two.


They’ve already done a pretty good job on this, not gonna lie. Proper TOTP 2FA, email notifications, increased security checks… it feels like there’s an actual effort being done there