The beginning of our passwordless journey: passkeys login

Updates Announcements
#1

[Update] February 29, 2024

[Update] December 7, 2023

Hi Creators,

We all recognize the pitfalls of passwords: phishing, credential stuffing, social engineering, and data breaches, to name just a few. Plus, who hasn’t struggled to remember their complex password? That’s why Roblox believes in a passwordless future for our community.

We’re excited to share that our journey towards passwordless begins today with passkeys! Starting today, we are rolling out passkeys to some of our users.

What is a passkey?

Passkeys are an easier and more secure alternative to passwords. Instead of remembering complicated passwords, you can log in using the same method that you already use to unlock your device, like a numeric PIN or biometrics such as a fingerprint or face scan. This biometric data is kept only on your device and is not shared with Roblox.

Behind the scenes, passkeys use public-key cryptography to generate cryptographic key pairs that are unique to your account and specific to Roblox.

Once created, passkeys synchronize across your devices under the same Apple, Google, or Windows platform accounts or the password manager you use, ensuring your digital keys are always at hand. For more information about passkeys, refer to resources provided by Google, Apple, and Microsoft.

Implemented using FIDO2 protocols, passkeys offer strong protections against phishing, credential stuffing, social engineering, data breaches, and device thefts. We encourage everyone to set up passkeys for reduced friction and strong security.

Add a passkey

Adding a passkey is a simple three-step process:

  1. Navigate to Settings on your iOS app (Note: Android support is coming soon) or web browser. Log in if prompted.

  2. Under Account Info > Login Methods > Passkeys, press the Add Passkey button.

    Note: You may need to re-authenticate with your password or a one-time code sent to your email.

  3. Your device will prompt you to use your device’s unlock method, such as your device-local biometrics or your screen lock PIN, to complete adding the passkey.

    Note: For your security, only add passkeys from devices you own.

Use your passkey to login

Once you’ve added a passkey, you can log into Roblox using the same method you use to unlock your device, such as Face ID, Touch ID, or a numeric screen lock.

1999×1415 970 KB

For information about device compatibility, passkeys management, and more FAQs, please visit the help article.

For Users with 2-Step verification enabled

If you have 2-Step Verification enabled on your account and choose to log in with a passkey, you will not be asked to pass a 2-Step Verification challenge. This is because having a successful login from a passkey verifies that you are in possession of your physical device. You can rest assured that the security of your account is not being compromised.

Please note that if you log in with a method that is not passkey, then you will be asked to pass a 2-Step Verification challenge as usual.

What’s next?

Looking ahead, we plan to roll out passkeys login to all Web and iOS users soon, with Android support not too far behind! Plus, we’re focused on improving the ease of adding passkeys, ensuring a broader adoption among Roblox users for a secure and streamlined account access experience.

Passkeys login is a huge leap forward in enhancing both user experience and security for Roblox accounts. Please let us know your feedback or questions!

Thank you.

192 Likes
#2

This topic was automatically opened after 11 minutes.

#3

I need a bit of help understanding, cause I’m a little bit confused. soo if the user accepts screen lock as their passkey, does that mean anyone could log into my accounts with the correct passkey from the random device, or does it just work with one specific device or two?

19 Likes
#5

I’m genuinely thrilled to see Roblox finally upping its security and finding ways to make our accounts more secure.

I will say, will it send a notification to our phones if we try to use Touch/Face ID to login to our PCs?

17 Likes
#7

I think so, it asks to use your phone for Authenticator

11 Likes
#8

For your security, only add passkeys from devices you own.

For the devices that you set it up with, that’s why this statement is there.

16 Likes
#9

The screenlock passkey is only specific to the device that you enabled the setting with. But if you choose a phyiscal security key as your passkey on the desktop version, for example, that phyiscal security key can be used on any device and not just the device you enabled the setting with.

12 Likes
#10

I turned this on a few weeks ago, this makes my life so much easier instead of having to carry my security keys everywhere I go!

11 Likes
#11

Huge supporter of Passkeys! They add 2FA and remove insecure passwords while making the user experience more optimal than checking an Authenticator every time.

Big W for Roblox for jumping on the Passkeys train

13 Likes
#12

I am begging people to use password managers.

36 Likes
#13

w from roblox once again. Pls keep this up :slight_smile:

11 Likes
#14

people who use chrome password saving be like:
people who write their passwords in their sticky notes be like:
people who put their passwords in their computer be like:

Are you sure about that?

Just set it up using my iPad a few days ago, also why did you announce it late? This is a really cool feature, I heard that Apple made passkeys a while ago (idk where) but at least Roblox is doing so, what a great feature

9 Likes
#15

It would be great if I could rename my passkeys.

9 Likes
#16

I’d rather use passwords. Will this replace passwords, or will this be a setting that can be turned on / off? All of my passwords are very long strings of characters that are generated using cryptographically secure random numbers, and that are all stored on an encrypted USB flash drive, and all I ever have to do is copy, and paste the password from a text file that is stored on that drive, which makes remembering passwords not a problem.

9 Likes
#17

This is a setting that you can turn on/off. In fact, you can register a passkey and still use your password to login if you wish. You don’t have to choose one or the other.

14 Likes
#18

The wording of that title is worrying. My long, complex passwords stored in an encrypted offline password manager are significantly more secure than FaceID or a fingerprint. Password-based login should be a permanent fixture.

Edit: I did some research and apparently passkeys can also be stored offline in something like a Yubikey. I was under the impression that this feature was essentially just biometrics. My bad. I still want the retain the ability to use a password, though.

15 Likes
#19

Great feature!

However I have one concern, will having active passkeys restrict the account from creator-facing features in a similar way that having a PIN connected to your account does?

Also will passkeys be for all ages or 17+ only?

5 Likes
#20

I am glad the Roblox is taking the direction for more account protection and better security for Roblox accounts. My one concern is that I don’t want this to fully replace passwords and that this will be Optional. Otherwise I am fine with this.

9 Likes
#21

I’ve been attempting to add a passkey using 1Password on Safari for Mac (macOS Sonoma), and whilst the passkey is added and functions successfully, it is not labelled correctly.

It automatically sets the name to “iCloud Keychain” with no way to change it nor any prompt, unlike when setting a Hardware Security Key.

Screenshot 2023-11-16 at 21.24.43

7 Likes
#22

This is a security feature, therefore, no, it will not be restricted to any age, and it will not restrict your account by any means. PIN was originally designed as parental control feature to protect important settings from being changed by a child, but due to lack of security improvements in the past, people misused the feature to protect their accounts by making it harder to change account details.

6 Likes