then its your fault. you cant tell me that someone just hacked your account with some random way
then just setup timed one time password easy fix
Do they have a time limit until the code expires?
Seems dangerous⌠Whats the point of a 2FA/Phone number if someone has access to your email now?
What is that? What do you mean? Do you mean 2FA with authenticator? Of course, I said that it does not bypass it so itâs more secure.
But it doesnât take away from the fact that itâs an unnecessary feature that opens the door to more ways for scammers to steal accounts.
1 Like
Dang. Ppl really paranoid as hell. It is a ONE TIME CODE. It says so in the title. You all are repackaging simple updates into some bad chaotic update. Stop farming clout.
If you donât like this feature, donât use it. If roblox dosenât make this optional, you shall ask for that feature. As simple as that.
1 Like
You shouldnât show your email to people anyway. You can also just delete that mail anyway.
1 Like
but for real, people that want your accounts are mass messaging everyone and how are they supposed to know your email address. and the email that you are using for your important accounts shouldnt be really public either
2FA with authenticator is time-based one-time password, itâs what I said, why do you show me that?
Nobody is saying itâs dangerous to have a code lying around in your emails, itâs not even necessary to remove it as itâs a one-time code.
Have you received a lot of messages from people showing you screenshots of you scamming other people? I have received like 30 of them, itâs a very popular method of social engineering to scam people, and they ask you to share your screen, idk what happens next, but I imagine that now they can ask for your email address to send you something, and the second you open it while screen sharing you are screwed up, it doesnât matter if itâs a one-time code, I bet with this is now easier than before.
You should never show your email to anybody, but people donât know that, as far as I know, you wonât get compromised just by showing your email, if people were that careful these scam methods would not exist.
I donât want to be discussing it here, so I will leave it there.
You just proved my point? And also, If people donât know that, well its the time to learn the hard way then.
stupid update, it should be common sense this isnât great news.
1 Like
Where? I said it doesnât matter itâs a one-time code.
Or maybe I didnât explain me well, I said âas far as I know, you wonât get compromised just by showing your emailâ, what I meant is that people donât know that they shouldnât show their emails, because that used to be the case, but now itâs different.
And they should thanks Roblox for that. No matter how you look at it, it IS facilitating scammers.
Next time, we will talk on private.
This doesnât bypass 2FA. There are no new security risks from this feature. I am unsure of why people would believe it is a security risk. You can already change someoneâs password if youâre logged into their email, so a one time log in code is no different security wise and is purely for user convince.
Itâs optional. You can turn it on or off in Settings.
Is it not easier to have a shorter password and login normally? I donât see how sending a code to my email makes that process unique. Considering that 2FA sends you an email w/ a code.
1 Like
âThey are difficult to rememberâ I swear did the Roblox Staff ever heard of a Password Manager?
This is basically like 1FA but two step verification in a nutshell but way less secure I would rather stick to 2FA because it is simply just better.
@commitblue We are not hating the entire update the reason why we are criticizing is because of the security is basically like two step verification but on steroids.
1 Like
Is the code smart enough to NOT send a one time code if the user does not have 2FA enabled? Please tell me it is or else you just enabled scammers to easily social engineer every user under 13 for their passwords. I donât see how this is any safer than a memorized or password managed password. Trusting children with not showing their emails is a bad idea and does not make the platform any safer.
1 Like
Yes it does. The mail with the code might include âdo not shareâ, apart from being clearly obvious that âLogin with a one time codeâ is exactly to log in, not the typical phishing of password to verify, etc. This is pretty obvious.