However, probably you can introduce the Support Team and its purpose more to users, because you can verify an email, and delete it for personal reasons. When you delete your verified email and try to login on Roblox, obviously you’d be stuck in the 2SV. This once happened to me and I was freaked out, not knowing what to do until I found that the Roblox Support Team is a thing.
So if you could introduce the Support Team more to users, those kind of situations would most likely not freak out any users. Thank you.
I’m actually suprised to see roblox doing something that is mostly related to security. I once got hacked, but got my account back, and since then i have been using 2SV.I really like hearing this from roblox since security is really important.
I like that Roblox is looking more into security, this could just be a first step into improving there security system entirely and I am excited to see what the next security improvements are going to be.
You’re telling me, you’re going to ask for a random verification alert when I’m logged in 5hrs later?
How is this gonna stop people stealing stuff fast?
Looks like a pity solution to a huge problem on your website.
Hire some real engineers and make your website actually safe.
I first thought I was hacked, I checked my transactions. I didn’t check my items because I have no Limited’s. So I checked my transactions and no robux was stolen but this might relate to this whole 2FA update? If anyone else has experienced this who doesn’t have 2FA on, can you tell me so I know that it’s not just me?
Thanks.
Very great idea! I think that ROBLOX should make it, so that if an account hasn’t logged on in 2 months, then you need to get a 6 digit code, just like in 2fa, to protect email secured pged accounts
I never thought of this idea, but I love it. Since many younger players may not have email, you could just scan a QR code through another device logged in to the same account.
A great idea, but there is a problem. Some people have phones linked instead of emails and I’d rather get my codes via phone rather than email due to less people being able to access it.
You could make it a 2SV check every hour, it still wouldn’t stop account hijackers. Please instead of adding onto security (that’s proven not to work), fix the real issue at hand which is cookie grabbing.
Edit: From reading some of the replies, taking ~3 minutes to log in is 1000x better than getting your account stolen then waiting 3 weeks for Roblox to rollback compromised limiteds, Robux, groups, etc.
Have you considered how many old accounts people will get locked out of?
I didn’t enable two-step verification because I never intended to go back to that email account. Now it’s a requirement.
I have no idea what account these codes are being sent to, and I’m locked out of my account. What can I do?
I think I remember a phone verification for 13+ users on the site, can Roblox send SMS messages for verification if users have this enabled? Also, I got locked out of my email address that’s currently linked on my account, I’m trying to change it to my current address, but roblox is saying that it’s invalid and when I go to support, roblox asks me for banking details and I’m not giving my dad’s info. If I got this upon login, how would I be able to login to my account?
It’s not jeopardising my account. If a player felt like they needed it they could turn it on. I do not feel like I need it so I should have the option to turn it off. It is not a minor inconvenience either. It is a big inconvenience that will affect game time, money earned, and overall user experience.
I think you could solve this by having “recovery codes”. These recovery codes should be longer and 12 letters. But this would only bypass 2FA not the password.
I think Roblox should address these issues. I think Roblox should use TOPT for 2FA instead of email. It is more secure and easier. And besides everyone has their phone with them. And it is much easier use an app like (Authy, andotp etc.) than logging in to your email.
Roblox should also implement recovery codes so account recovery when you lose 2FA (email or TOPT) is possible. Also Roblox should FORCE users to download the recovery codes with a message that says "If you don’t download or write down on paper the recovery codes you will lose access to your account
