Suspicious login attempts to your account will now be challenged with 2-step verification with a second device.
If Roblox detects something suspicious about your login attempts, you will be challenged with a new login attempt prompt even if you don’t have a 2-step verification method explicitly enabled on your account.
You will be asked to use a mobile or tablet device that is already logged into your Roblox account to approve or reject the login. The prompt will also provide details about the login attempt like device type, regional location, IP address, date and time. This prompt serves as an extra layer to help secure your account.
If for any reason, you are unable to access your already logged in device, then you will have backup options to approve the login attempt. To successfully leverage the backup options, we recommend that you add a verified email address to your Roblox account and generate backup codes.
For more information on 2-step verification with a second device, please refer to this Help Article.
We will continue to iterate on this feature going forward to make Roblox a more secure place for our community. If you have any feedback or suggestions, please let us know.
Like the added security! I’ve had a number of friends recently have their account’s stolen, so I really hope this can stop some of those situations from happening in the future.
This should be based off of HWID and IP. If the IP isn’t the same internet as previously recognized internets then it will check the HWID. If the HWID is not recognized then it prompts this security feature. This is a good update.
Yeah same here, unfortunately some sort of new support method to take over accounts has occurred. Thus causing a sudden surge in accounts being hijacked, luckily some friends did get their accounts back.
This update, will surely help and make the community accounts more secure. It is indeed a W update and we should all certainly appreciate this W update. : )
When I immediately saw it asks to verify with the app on mobile. What if the user does not have a smartphone or tablet? Are they effectively locked out from their own account?
It seems like it will only activate if your account is already connected to a mobile or tablet, which means if the user doesn’t have a mobile or tablet they wont be locked out of their account since it will not activate
Hi all! Eggman@ is correct. Our challenge heuristics ensure a high rate of success, but in the off-chance we get it wrong you can still reach out to support for help.
It’s probably better if they just force people to use two-step, people are gonna get hacked and then complain to roblox customer service asking for their items and robux to be restored even though the only person to blame is themselves for not securing their account.
Currently I have 2FA on my account which means that I have to use the google authenticator app to log in, regardless of the device. Is this now overwritten by this update, so instead i’ll have to go on the Roblox app?
Not a problem if this is the case but it is interesting to know. Other than being ever so slightly easier I don’t see any huge difference between the two.
They’ve already done a pretty good job on this, not gonna lie. Proper TOTP 2FA, email notifications, increased security checks… it feels like there’s an actual effort being done there