I recently got an idea regarding Google Authentificator and I wanted to share it here,
As some of you may know, 2FA email verification can sometimes be bypassed by hackers if they manage to know your account password. Some people (like Roblox advises in Security tab Settings) enabled Google Auth 2FA instead of Google Auth AND 2FA Email Verification.
However when you only enable Google Auth, you will no longer receive emails about login unlike 2FA Email.
My idea was maybe to add a login attempt email warning such as “Someone tried to log into your account”
Or maybe it could be a SMS or something you can select between SMS or Email message warning.
Also thought about shared devices on the account like several websites are doing (such as instagram for example) maybe adding the ability to log a device off the account after entering the account password would be a good idea? However I do not think the IP should be shown for security reasons
You can share your opinions via replies I’d gladly read them
Here we can check from which devices the account was logged, and close it for each one. In addition, it gives us other information, such as the time of last connection and location.
Yes! exactly what I was thinking about, I forgot to mention Devforum’s one maybe if we get a password request to log devices off it should be helpful and we also would be certain nobody is on our account by looking at the connected devices if Roblox did it here, I am certain they can do it for the main website.
It is still a concern that someone could know your password without you having any idea, and it would only be a matter of time until they guess the 2FA code and gain access to your account, especially if there are multiple people who know the password, all guessing at the code. While you do get notified via email upon a successful login, it may be at night or at a time when you are unable to get on Roblox to kick the person out of your account.
Attempted login notifications would ensure that there is sufficient warning so that the password can be changed, in order to ensure the security of the account.