Isn’t it just less work to just enter your password, especially if you have 2FA/MFA?
then its your fault. you cant tell me that someone just hacked your account with some random way
then just setup timed one time password easy fix
Do they have a time limit until the code expires?
Seems dangerous… Whats the point of a 2FA/Phone number if someone has access to your email now?
What is that? What do you mean? Do you mean 2FA with authenticator? Of course, I said that it does not bypass it so it’s more secure.
But it doesn’t take away from the fact that it’s an unnecessary feature that opens the door to more ways for scammers to steal accounts.
1 Like
Dang. Ppl really paranoid as hell. It is a ONE TIME CODE. It says so in the title. You all are repackaging simple updates into some bad chaotic update. Stop farming clout.
If you don’t like this feature, don’t use it. If roblox dosen’t make this optional, you shall ask for that feature. As simple as that.
1 Like
You shouldn’t show your email to people anyway. You can also just delete that mail anyway.
1 Like
but for real, people that want your accounts are mass messaging everyone and how are they supposed to know your email address. and the email that you are using for your important accounts shouldnt be really public either
2FA with authenticator is time-based one-time password, it’s what I said, why do you show me that?
Nobody is saying it’s dangerous to have a code lying around in your emails, it’s not even necessary to remove it as it’s a one-time code.
Have you received a lot of messages from people showing you screenshots of you scamming other people? I have received like 30 of them, it’s a very popular method of social engineering to scam people, and they ask you to share your screen, idk what happens next, but I imagine that now they can ask for your email address to send you something, and the second you open it while screen sharing you are screwed up, it doesn’t matter if it’s a one-time code, I bet with this is now easier than before.
You should never show your email to anybody, but people don’t know that, as far as I know, you won’t get compromised just by showing your email, if people were that careful these scam methods would not exist.
I don’t want to be discussing it here, so I will leave it there.
You just proved my point? And also, If people don’t know that, well its the time to learn the hard way then.
stupid update, it should be common sense this isn’t great news.
1 Like
Where? I said it doesn’t matter it’s a one-time code.
Or maybe I didn’t explain me well, I said “as far as I know, you won’t get compromised just by showing your email”, what I meant is that people don’t know that they shouldn’t show their emails, because that used to be the case, but now it’s different.
And they should thanks Roblox for that. No matter how you look at it, it IS facilitating scammers.
Next time, we will talk on private.
This doesn’t bypass 2FA. There are no new security risks from this feature. I am unsure of why people would believe it is a security risk. You can already change someone’s password if you’re logged into their email, so a one time log in code is no different security wise and is purely for user convince.
It’s optional. You can turn it on or off in Settings.
Is it not easier to have a shorter password and login normally? I don’t see how sending a code to my email makes that process unique. Considering that 2FA sends you an email w/ a code.
1 Like
“They are difficult to remember” I swear did the Roblox Staff ever heard of a Password Manager?
This is basically like 1FA but two step verification in a nutshell but way less secure I would rather stick to 2FA because it is simply just better.
@commitblue We are not hating the entire update the reason why we are criticizing is because of the security is basically like two step verification but on steroids.
1 Like
Is the code smart enough to NOT send a one time code if the user does not have 2FA enabled? Please tell me it is or else you just enabled scammers to easily social engineer every user under 13 for their passwords. I don’t see how this is any safer than a memorized or password managed password. Trusting children with not showing their emails is a bad idea and does not make the platform any safer.
1 Like