I disagree, this security change is a step in the right direction as @NINJAMASTR999 stated above and this would stop the stealing of Roblox accounts, which is great.
Sometimes users don’t know how to secure their accounts correctly and having this would save thousands of accounts.
At least this helps somewhat.
My account was breached in the past even with 2SV + Account PIN though. Someone somehow bypassed both without sending me any email or indication of a sign in, and changed my settings despite there being an Account PIN enabled.
It’s nice to know that roblox is aware about the security problems and is trying to fix them. But it would be nice if instead of gmail 2FA if it used Google Auth instead.
QR code already has issues on Discord with people scanning QR codes that other people send with malicious intent. That’s probably not a good idea.
What confuses me is the ‘Trust this device for 30 days’ option.
If we get these ‘at times’ 30 days before the last time we entered a code, there really isn’t any point in that right? However, this is a good start.
I hope Roblox will continue to make more efforts in improving account security.
Don’t mind me, just waiting here until I see more movement from Roblox’s end beyond adding the endpoint nearly 3 months ago…
I don’t see why 2SV is even optional, to be honest. This is a step in the right direction at least, but something like 2SV is pretty much the bare minimum for protecting your account. I’m surprised there are people here that don’t have it on.
That’s why I specified I would like it if it was a toggle, I already use 2SV and keep my passwords safe. I wouldn’t want to be inconvenienced by something that seems unnecessary, I’d understand if it prompted 2SV if suspicious activity was detected (such as a login that would be too far away from where you usually login from) but this says it happens occasionally which I dislike.
This is a great start! But what we really need is support for physical security keys, also known as U2F. So for example, the YubiKey, Google Titan, etc.
I’d like for the 2 step random verification checks to have a different interface if it’s not a 2 step prompt.
Like saying instead of “2-step verification”, try to clarify more that it’s a random check.
I got this earlier on mobile and I thought I accidentally enabled 2-step.
Besides that, this is a great feature! I’ve heard countless stories of accounts being breached without 2 step. This should help a lot!
Awesome way to protect users at all times!
Like I said thousands of accounts are being breached and adding this system, though it may be a hassle, is better than losing thousands of more Roblox accounts.
Because people don’t know better, they don’t secure their accounts, which leads to breaches and accounts getting compromised.
I slightly agree with this, if 2SV was required upon sign up it would probably be better for everyone, especially if they forgot the password and can no longer get into their account (from experience).
This would most likely also reduce the creation of bots if Roblox required to add and verify an email upon signing up.
That’s a step in the right direction, however, it does feel like it’s still just applying a paper band-aid on a really nasty cut. I am more eager to see other 2FA methods such as Google Auth or support for Titan Keys in the near future.
Given the fact that 2FA is an option that is opt-in, and out of the way, and given the fact that Roblox has an audience that would typically be under the age requirement to sign up for an email, it’s understandable (though not excusable) that it isn’t enabled by default. Asking your parents to check their emails every 30 days (at the least) to play Roblox may not be optimal for the user experience.
Although I’d argue that 2FA should be required for accounts that are 13+. And authentication apps could reduce the friction that I mentioned above.
This is a step in the right direction, as many players are under the age of 13, and don’t know how to activate and operate 2FA… I doubt this change is going to make a major difference in the security of the website, but it’ll at least prevent some accounts from being hijacked, which is of course, better than nothing.
I’m not sure what “at times” is supposed to mean… How would the filter trigger this action, and when would it decide if it’s necessary or not? If anyone’s able to clarify, I’d greatly appreciate it.
These is an amazing feature to prevent hacks. Good on Roblox to do this. There have many been hacking incidents and stuff. Nice update!
Now you should add SMS 2SV or maybe integrate Google Authenticator
This is great! Any new ways to prevent compromised roblox accounts is always a good change, but I am concerned about one thing. As someone who regularly visits the website and knows my email and its password, this change will affect me positively, but what about more casual players who have forgotten their sign-up emails and the password to those emails? Will they be locked from their accounts?
I definitely agree with this. 2FA on trades and such would help prevent users from losing their assets due to that extra wall but there definitely needs to be more account security. I’ve had 3 friends within the past month get their accounts compromised despite having 2FA.
Also, has anyone ever mentioned incorporating an authentication section within the app? Blizzard does this and is extremely helpful when it comes to preventing unwanted access into your account.