So what would happen if we dont have a second device? Are we just 
or do we contact support and Ģ¶gĢ¶eĢ¶tĢ¶ Ģ¶nĢ¶oĢ¶ Ģ¶hĢ¶eĢ¶lĢ¶pĢ¶ Ģ¶aĢ¶tĢ¶ Ģ¶aĢ¶lĢ¶lĢ¶ wait until we get a response?
Other than that concern Iām really happy. Better account security is something we needed the most and yall delivered.
How, or how does Roblox detect when a suspicious Login attempt(s) is made on your account. What is accounted for when deciding whether it was a suspicious Login attempt that was made or not?
They might detect a suspicious login by the location of the device being different from yours.
Iāll have to send the following post again to make sure that @poggodoggodude sees it:
What if I choose to not explicitly enable twenty-two-step authentication because itās so inconvenient?
I want there to be an option to enforce exactly one step at all times (at the risk of my accountās safety.
Please refer here for additional context:
pretty nice! just a question, is this going to be used on VR? this seems like a better solution than trying to retype the code symbol-by-symbol.
If you donāt like doing things the hard way with discord, they provide a convenient easy way (the mobile app). You may not appreciate the security, but it also helps protect everybody you interact with that might click a link from you, and everybody they interact with, etc.
Roblox is a little different since itās likely harder to pivot through accounts with all the filtering of things like links, but the general idea holds that security protects more than your individual account.
Iāll have to send the following post a third time to make sure that @poggodoggodude sees it:
What if I choose to not explicitly enable two-step authentication because itās so inconvenient?
I want there to be an option to enforce exactly one step at all times (at the risk of my accountās safety.
Please refer here for additional context:
What if I choose to not explicitly enable two-step authentication because itās so inconvenient?
I want there to be an option to enforce exactly one step at all times (at the risk of my accountās safety.
Hi! We hear the frustration with forced 2SV, and weāre working on improving our targeting and calibrating our levels of friction. Unfortunately, as extrarius@ mentioned earlier, user-level settings that can loosen security make the rest of the community less secure by opening up more attack surfaces for bad actors.
This is amazing update, but do you plan on adding Hardware Security Keys support for mobile devices? Phones can already use them without an issue both on Android and iPhone devices, thru NFC or USB-C (or even Bluetooth).
Apps like Discord allow this, which is certainly amazing as on Discord I can have only my hardware keys and disable TOTP entirely. With this change (and the login using code) thereās no reason that I can see for not allowing just hardware keys and disabling TOTP entirely.
We actually do support hardware keys on iOS now! Please see this post. Android is a known hole that we havenāt quite got to yet; we ask for your patience as we work through our backlog.
Currently I have 2FA on my account which means that I have to use the google authenticator app to log in, regardless of the device. Is this now overwritten by this update, so instead iāll have to go on the Roblox app?
Not a problem if this is the case but it is interesting to know. Other than being ever so slightly easier I donāt see any huge difference between the two.
This update does not overwrite explicitly enabled methods. If we think your login is suspicious and you have authenticator enabled, we will still challenge you with authenticator! This update is purely to cover users that may not know about 2SV or donāt have it enabled for convenience but do get attacked by bad actors.
And in response to the general sentiment in this thread:
We also hear the pain that users are feeling from our support and recovery flow. While I canāt reveal any details or promise any dates here, I can say that we are constantly monitoring user sentiment here in Devforum, and other public spaces and have plans to address this feedback.
Thank you all for the valuable feedback!
Iāve been awaiting this response for some time. I appreciate the follow-up!
I never properly understood how allowing certain accounts to be compromised has any effect on the safety of people in the community other than those who got their accounts beamed. Perhaps I could ask him to clarify this point.
Accounts that have been compromised mean all of the adjacent features a user has access to become a risk. That risk may not directly be a hole (eg. a compromised account cannot login directly to another account), but the identity of a potentially trusted entity can now be used freely. As an example, we know that social engineering, in combination with other methods of attack are a source of account takeovers on Roblox. If your social network becomes compromised and you regularly interact with your network, your risk of being convinced to behave in ways that arenāt secure could increase.
Obviously I canāt speak to your own behavior and whether or not you could be convinced by a bad actor, but when we design security systems here at Roblox we always try to be as inclusive as possible, including those whom may be easily convinced or coerced.
Hope that makes sense!
There is good thing I like and 2 bad things that I am highly concerned/worried about this feature.
The Good:
The Bad:
This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.