New occasional 2SV checks with verified email

I don’t see why 2SV is even optional, to be honest. This is a step in the right direction at least, but something like 2SV is pretty much the bare minimum for protecting your account. I’m surprised there are people here that don’t have it on.

That’s why I specified I would like it if it was a toggle, I already use 2SV and keep my passwords safe. I wouldn’t want to be inconvenienced by something that seems unnecessary, I’d understand if it prompted 2SV if suspicious activity was detected (such as a login that would be too far away from where you usually login from) but this says it happens occasionally which I dislike.

This is a great start! But what we really need is support for physical security keys, also known as U2F. So for example, the YubiKey, Google Titan, etc.

I’d like for the 2 step random verification checks to have a different interface if it’s not a 2 step prompt.
Like saying instead of “2-step verification”, try to clarify more that it’s a random check.
I got this earlier on mobile and I thought I accidentally enabled 2-step.

Besides that, this is a great feature! I’ve heard countless stories of accounts being breached without 2 step. This should help a lot!

Awesome way to protect users at all times!

Like I said thousands of accounts are being breached and adding this system, though it may be a hassle, is better than losing thousands of more Roblox accounts.
Because people don’t know better, they don’t secure their accounts, which leads to breaches and accounts getting compromised.

I slightly agree with this, if 2SV was required upon sign up it would probably be better for everyone, especially if they forgot the password and can no longer get into their account (from experience).

This would most likely also reduce the creation of bots if Roblox required to add and verify an email upon signing up.

That’s a step in the right direction, however, it does feel like it’s still just applying a paper band-aid on a really nasty cut. I am more eager to see other 2FA methods such as Google Auth or support for Titan Keys in the near future.

Given the fact that 2FA is an option that is opt-in, and out of the way, and given the fact that Roblox has an audience that would typically be under the age requirement to sign up for an email, it’s understandable (though not excusable) that it isn’t enabled by default. Asking your parents to check their emails every 30 days (at the least) to play Roblox may not be optimal for the user experience.

Although I’d argue that 2FA should be required for accounts that are 13+. And authentication apps could reduce the friction that I mentioned above.

This is a step in the right direction, as many players are under the age of 13, and don’t know how to activate and operate 2FA… I doubt this change is going to make a major difference in the security of the website, but it’ll at least prevent some accounts from being hijacked, which is of course, better than nothing.

I’m not sure what “at times” is supposed to mean… How would the filter trigger this action, and when would it decide if it’s necessary or not? If anyone’s able to clarify, I’d greatly appreciate it.

These is an amazing feature to prevent hacks. Good on Roblox to do this. There have many been hacking incidents and stuff. Nice update!

Now you should add SMS 2SV or maybe integrate Google Authenticator

This is great! Any new ways to prevent compromised roblox accounts is always a good change, but I am concerned about one thing. As someone who regularly visits the website and knows my email and its password, this change will affect me positively, but what about more casual players who have forgotten their sign-up emails and the password to those emails? Will they be locked from their accounts?

I definitely agree with this. 2FA on trades and such would help prevent users from losing their assets due to that extra wall but there definitely needs to be more account security. I’ve had 3 friends within the past month get their accounts compromised despite having 2FA.

Also, has anyone ever mentioned incorporating an authentication section within the app? Blizzard does this and is extremely helpful when it comes to preventing unwanted access into your account.

We want U2F keys and Software OTP (the one that changes every 60 seconds)

Email isn’t secure enough for 2021 bro @Roblox

Recently my friend got scam traded by a phishing link, this isn’t enough but good work.

Good idea, now this should be added as step 2

itemlock5_unlock1121×510 52.3 KB

itemlock6 settings1191×676 34 KB

itemlock3 trading1172×864 101 KB

Glad to see more security problem though, how often? If it’s like a every day thing then no support, but like a week or a month is understandable, or do you need to do something for it to activate?
If it’s to frequent then it’ll just get annoying.
Although, what if people can’t get into their old email, sense this is required they can’t do anything?
Either way I’m glad to see buffing on the security, although I don’t see this as very efficient.

I really really hope that soon we’ll have more options!

Like @Krunnie said, it’s like putting a band-aid over a bad cut, but at least it does something, better than nothing.

Suggestions on security. (All would be optional, as it would get kind of annoying.)

• Pin that changes every 60 seconds or a Software OTP.
• Make it so that you can choose what the account pin can be used on, and add things like spending Robux or deleting/reselling/trading items.
• Maybe like you can choose that only certain devices or email accounts can login to your account, like if someone stole you password they can login from their computer, but if a user has it set so the account and only be logged in through their computer then the compromiser can’t do very much.
• Like others have said, an optional UCF key.
• QR code verification maybe? (If it works good)
• 3SV?
• You can make account pin longer, like 6-8.

Thanks Roblox!

Some more protection like this should 100% be added. Honestly, there should be a setting where ANY Robux action or trade action requires your PIN.

This would include buying any items from the Avatar shop, doing any group payouts, buying some model, and it could maybe even be extended to requiring the PIN to upload items. This would be another step to stopping malicious actors, as then they wouldn’t be able to steal Robux, limiteds, or try and get the user banned by uploading something. It’s ridiculous that Roblox does not have more security like this for Robux transactions and various other actions.

It’s already started, I assume today. I got it on mobile data.

Always make sure to credit the original person who created these concepts. The user Lostfully is the one who made these (Lostfully - Roblox)