Happy to confirm that this does not bypass 2FA, you can use the email code as a replacement for logging in with your username and password, but you still need a 2FA code from whatever device you use to provide that.
This should be added to FAQ, lots of people concerned about this detail.
Arguably this method could be even more prone to social engineering attacks. One could invite a player to a call where they share the screen, where the attacker gets the player to open their email for some reason (for example, âhey, Iâm sending you a free robux code through email but Iâm going to need to watch your screen to verify your identity â attempt a login attempt on the victim right before they open their email, snatch the code from the email preview.)
[edit: Iâm aware this method would only give a one time access to a players account, but thatâs all thatâs needed to do serious damage like stealing place files, trading away limiteds, stealing robux, etc. Worse still an unsuspecting player could have someone with an active session into their account for an extended amount of time, if the player doesnât realize theyâve been compromised and clear their sessions.]
idk, i find it simpler to remember my password rather then checking my email for a code, log in, then check my email again for another code for 2 factorâŠ
ikr? these days you need a email thats as secure as your credit card, its the key to verifying basically everything, if your email isnât secure, thatâs your problem lol.
Happy just a good times does have login with one time code ? but supposedly about support with authenticator codes, i am not sure to using it login with 2FA we donât think anyone about to be able get phone number first though gonna be smart enough to giving random people (probably not) and issues for details does not by pass based 2FA, that was confirmed with another still need to login before devices to provide that more details.
Maybe just a good updated, honestly concerned about details in the next time.
if your email is hijacked, hackers can access your account easily and steal your robux, limiteds (not all are tradeable) or buy premium to do these stuff above??? Thatâs far worse than Rektwayâs inappropriate thumbnails and the Turkish ıI Ä°i not making sense, and not everyone have a verified email, and some people have the same email on different accounts, making it harder to use (I donât put emails on burner accounts I make for testing stuff)
What are you talking about?
The traditional way to log in wonât go away, you wonât be forced to use an email.
And if your email is âhijackedâ, there will be absolutely no difference, passwords can be changed using your email.
however, you donât need a password for this type of logging in
You need the code that is sent to your email, being pretty much the same thing as resetting a password
Password reset requires 2FA. Like what? This also makes beaming easier.
This is nothing new nor exciting.
Itâs close to the authenticator of logging, and itâs just weird. Not sure what the hype around this is. This is just another option to beam accounts, absolute garbage.
Please make sure this is OPTIONAL/CAN BE DISABLED.
Eh, not bad to be honest, i kinda like more ways to login to Roblox
And then made me think, why not add âlogin with Guildedâ, just like when âlogin with Facebookâ existed.
Iâm looking forward to passkeys! 
please rethink your comment again and test the feature before saying that logging into alts gets harder. if you do want to get your email hijacked and your roblox account not then setup totp.
if you arent trolling: use your brain
not roblox fault if people give there accounts away lol
I do agree that this opens the door to new vulnerabilities/social engineering tricks due to the fewer amounts of steps. However, I must remind you all something: If someone hijacks your email, they can just reset the account password and log in anyway
So this doesnât open that door specifically.
If you share your screen with somebody and just open your email, you are already compromised, no extra steps.
This is a lot worse than resetting my password, since with that the email doesnât show the link and you have to open it and click a button.
This would require the scammer to know your email though, but I donât think thatâs itâs hard.
As some said this is basically 1FA since it just skips the step of entering your password to receive the code.
Luckily it does not bypass 2FA with authenticator, thatâs good since I canât find how to disable this.
I donât understand how is this useful at all, if you forgot your password, you can reset it, you would have to access your email, so how is this different?
So your account got compromised because someone had access to your email?
How exactly is this update the fault? They couldâve accessed your account by resetting the password either way.
