All I have to do is navigate to https://discord.com. It is saved in my link history, so there is no need to type all of it out on my …
Surface Duo’s multimodal keyboard.
Storage also isn’t an issue for me. My phone holds 128 GiB of space. Browser apps are easier to debug (especially if you’re using Kiwi Browser).
oh my sigma! this is such an AMAZING UPDATE!
Okay, this is a really cool update, thank you. Also: SurfaceAppearance.Color when?
2SV really is a bad idea for…. Well any company due to outlook banning emails for not using the account and Roblox is refusing to remove the email from my account making EVERYTHING impossible to do on Roblox. Can’t do group payouts. Login. Or even appeal! Microsoft even refused to regen the email.
dose this well need it i know some games get hack but what if hacker use that person email? then how do guy or her get Roblox acc back?
Thank you for doing more to protect the security of our accounts. We need more of this haha.
Oh right, unless its using the apps.
This is amazing update, but do you plan on adding Hardware Security Keys support for mobile devices? Phones can already use them without an issue both on Android and iPhone devices, thru NFC or USB-C (or even Bluetooth).
Apps like Discord allow this, which is certainly amazing as on Discord I can have only my hardware keys and disable TOTP entirely. With this change (and the login using code) there’s no reason that I can see for not allowing just hardware keys and disabling TOTP entirely.
So what would happen if we dont have a second device? Are we just 
or do we contact support and ̶g̶e̶t̶ ̶n̶o̶ ̶h̶e̶l̶p̶ ̶a̶t̶ ̶a̶l̶l̶ wait until we get a response?
Other than that concern I’m really happy. Better account security is something we needed the most and yall delivered.
How, or how does Roblox detect when a suspicious Login attempt(s) is made on your account. What is accounted for when deciding whether it was a suspicious Login attempt that was made or not?
They might detect a suspicious login by the location of the device being different from yours.
I’ll have to send the following post again to make sure that @poggodoggodude sees it:
What if I choose to not explicitly enable twenty-two-step authentication because it’s so inconvenient?
I want there to be an option to enforce exactly one step at all times (at the risk of my account’s safety.
Please refer here for additional context:
pretty nice! just a question, is this going to be used on VR? this seems like a better solution than trying to retype the code symbol-by-symbol.
If you don’t like doing things the hard way with discord, they provide a convenient easy way (the mobile app). You may not appreciate the security, but it also helps protect everybody you interact with that might click a link from you, and everybody they interact with, etc.
Roblox is a little different since it’s likely harder to pivot through accounts with all the filtering of things like links, but the general idea holds that security protects more than your individual account.
I’ll have to send the following post a third time to make sure that @poggodoggodude sees it:
What if I choose to not explicitly enable two-step authentication because it’s so inconvenient?
I want there to be an option to enforce exactly one step at all times (at the risk of my account’s safety.
Please refer here for additional context:
What if I choose to not explicitly enable two-step authentication because it’s so inconvenient?
I want there to be an option to enforce exactly one step at all times (at the risk of my account’s safety.
Hi! We hear the frustration with forced 2SV, and we’re working on improving our targeting and calibrating our levels of friction. Unfortunately, as extrarius@ mentioned earlier, user-level settings that can loosen security make the rest of the community less secure by opening up more attack surfaces for bad actors.
This is amazing update, but do you plan on adding Hardware Security Keys support for mobile devices? Phones can already use them without an issue both on Android and iPhone devices, thru NFC or USB-C (or even Bluetooth).
Apps like Discord allow this, which is certainly amazing as on Discord I can have only my hardware keys and disable TOTP entirely. With this change (and the login using code) there’s no reason that I can see for not allowing just hardware keys and disabling TOTP entirely.
We actually do support hardware keys on iOS now! Please see this post. Android is a known hole that we haven’t quite got to yet; we ask for your patience as we work through our backlog.
Currently I have 2FA on my account which means that I have to use the google authenticator app to log in, regardless of the device. Is this now overwritten by this update, so instead i’ll have to go on the Roblox app?
Not a problem if this is the case but it is interesting to know. Other than being ever so slightly easier I don’t see any huge difference between the two.
This update does not overwrite explicitly enabled methods. If we think your login is suspicious and you have authenticator enabled, we will still challenge you with authenticator! This update is purely to cover users that may not know about 2SV or don’t have it enabled for convenience but do get attacked by bad actors.
And in response to the general sentiment in this thread:
We also hear the pain that users are feeling from our support and recovery flow. While I can’t reveal any details or promise any dates here, I can say that we are constantly monitoring user sentiment here in Devforum, and other public spaces and have plans to address this feedback.
Thank you all for the valuable feedback!
I’ve been awaiting this response for some time. I appreciate the follow-up!
I never properly understood how allowing certain accounts to be compromised has any effect on the safety of people in the community other than those who got their accounts beamed. Perhaps I could ask him to clarify this point.
Accounts that have been compromised mean all of the adjacent features a user has access to become a risk. That risk may not directly be a hole (eg. a compromised account cannot login directly to another account), but the identity of a potentially trusted entity can now be used freely. As an example, we know that social engineering, in combination with other methods of attack are a source of account takeovers on Roblox. If your social network becomes compromised and you regularly interact with your network, your risk of being convinced to behave in ways that aren’t secure could increase.
Obviously I can’t speak to your own behavior and whether or not you could be convinced by a bad actor, but when we design security systems here at Roblox we always try to be as inclusive as possible, including those whom may be easily convinced or coerced.
Hope that makes sense!
There is good thing I like and 2 bad things that I am highly concerned/worried about this feature.
The Good:
The Bad:
This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.