For the love of God please stop trying to be hip and cool with the kids! EVERYONE and I mean EVERYONE has a password manager!
That being said I welcome this change and hope that the security on Roblox continues to grow as long as you never remove passwords.
I think that this is a great option for those that want their Roblox accounts to be immensely secured. However, I strongly disagree with replacing passwords with this system. This system has its own drawbacks, and I, personally, do not want to do a retina scan just get into my Roblox account.
Phrases like âpasswordless journeyâ and âRoblox believes in a passwordless future for our communityâ imply that one day the ONLY option to log onto a Roblox account will be passkeys. Which is a terrible idea. Not everybody has access to a fingerprint reader or webcam or even a 2nd device to enter a passcode onto. Not to mention this level of protection is ridiculously excessive for most roblox accounts. In most cases, a normal password works just fine.
One thing to note is that password usage still opens you up to phishing. A malicious Roblox lookalike website could fool a user into giving away their password. Weâre also seeing password managers introduce passkey support, and youâll be able to keep your current set up and still use a passkey in the near future if you wish.
This is an excellent addition towards a passwordless and (potentially*) phishless future for Roblox. it is quite surprising that Roblox allows for higher security features than most financial/banking websites.
I just hope that there are no arkose labs captchas for passwordless login attempts since a physical device/separate account is required to log in. If this is the case it would be an added reason for users to adopt passwordless logins.
Or have them written down in a notebook at your desk or in your bedroom.
In my opinion, this is a huge mistake. 2FA/MFA needs to be supported by all login methods. Yes, hardware keys are more secure than passwords, but a password + a hardware key is more secure than a hardware key by itself.
I will not be enabling this feature as it would make my account less secure than my current password + hardware key, and hope that it never becomes mandatory like phone numbers did at one point.
No, it removes 2FA from your account, because you can sign in with ONLY the passkey (a single factor)
This statement is not entirely true. If you have a complex and secure password stored on an encrypted offline password manager, your account is sufficiently secured. But stating that passwords is significantly more secure than passkeys, means that an attacker would easily:
Passkeys are actually both a first and a second factor for authentication if configured properly.
For FIDO2 Security Keys (if configured with a password) it is something you have (the physical key) and something you know (the FIDO2 Password).
For iCloud Keychain its something you have (your phone) and something you are (your FaceID or TouchID).
For Password Managers (Bitwarden or any other passkey supporting PM) its something you know (your PMâs password) and a second factor (if its enabled).
This is correct. A passkey itself is one factor of authentication (something you possess). In order to enable the passkey for sign-in (as opposed to being used as a secondary authentication factor), it needs to be protected by a FIDO2 password or a biometric credential.
This article explains it pretty well:
Passkeys are 2FA because they require two factors to authenticate a user:
- Something you are OR something you know: In order to use a passkey for authentication, users must first provide their local device biometrics (FaceID, TouchID, Windows Hello) or their local device PIN. This proves the âinherenceâ factor.
- Something you own: Once the user passes their inherence factor, the passkey on the userâs device authenticates the user with asymmetric cryptography and proves that they own the passkey. This fulfills the âpossessionâ factor.
please make a passkey that you make a question and answer and next time you sign in then it a prompt shows the question and a typable box comes to type the answer since getting gmails and using authenticator app to login is pretty hard and annoying
I have that too for the important ones but Iâll be honest, manually entering 30+ characters is too much work for me unless itâs critically necessary.
While I obviously applaud every attempt to keep up with the latest security trends and love that Roblox has our account safety in mind, Iâm also not eager to be forced into passkeys in the future. Will passwords be an option for logging in for the foreseeable future?
For context, I donât currently use passkeys at all. I prefer to keep biometric data offline so I donât have any fingerprints or face ID saved on my phone, so a passkey is basically just a hardware key to me so I just use one of those instead when itâs available. I donât want to be forced into passkeys.
Where did you get this from? You do realise passkeys have been favoured over passwords for years due to their security?
Face ID is a better option. Nobody else besides YOU can access something with it. If you use an on-device passcode itâs still more secure. The only way your account could get hacked is if youâre using passcodes & your phone is stolen.
This exactly. Appleâs Face/Touch ID mechanisms are sophisticated, and even other Android phones are doing the same thing now. You canât just hold up a picture of a face to gain access like this guy thinks.
Can we get a QR Code scan login? I want to log in fast, im tired using my authenticator. Im an Android user btw
They said that passkey support will be released on android soon so you could fast login ig
This probably should have been the first sentence of the OP.
Donât know. To me those methods feel less secure and less reliable.
What if I lose the device? Can I just login normally and revoke the passkey?
And many devices, to this day, do not offer any kind of fingerprint and face id (mostly in less developed countries) so hopefully it does not become mandatory but opt-in.
interesting to see, ill try it soon