The beginning of our passwordless journey: passkeys login

By default, you can always use your normal password or reset your password/passkey with your E-Mail.

It’s an option, not mandatory; No worries you can still continue using no security, 2step via E-Mail, Phone, USB or Authenticator or anything you wish. - Roblox is just expanding the spectrum of security measurements and opportunities.

Great feature, I will add my device-based passkeys soon!

I want to restrict logins to my passkeys only, is disabling the password login method altogether planned for the future?

I can see that this might not work when you for example want to login on consoles, but I am not one of those people and would like to make my authentication passkey-only.

Someone correct me if I’m wrong here, but I don’t think this is inherently any more secure than a normal password.

Assuming the password you use for Roblox isn’t easy to guess (either by a human or a computer using bruteforcing or dictionary/rainbow table attacks) and isn’t used anywhere else (including modified passwords ie “pass4rbx”, “pass4google” etc) then anything that the password is vulnerable to also means the passkey is vulnerable as well (shady exes that dump all of your browsers saved data for example, or even plain old kids being gullible on the internet when a stranger tells them to turn off their passkey for free robux)

While it’s a lot more convenient when logging in (uses faceid/touchid/similar tech opposed to typing in or even going and copying a password from a password manager) I don’t think anyone is going to be using that more than once or twice a year assuming they don’t logout every single time they play.

And on top of all that, if we can still use our normal password alongside the passkey, it’s not going to be any more secure. Weakest link and all that.

That depends on a lot of factors. Like anything it’s not an 100% shield because if you are still making ignorant decisions such as clicking random links (cookie logging) then ofc the security won’t be there 100%. Also if you know you aren’t the only person using your device then you should be signing out every single time. In most cases this is more secure than passwords and of course that can be debated a little but it’s totally more convenient. Nobody can guess your password, no need to write down complex passwords, or use a password manager as some have suggested; only someone with access to your device AND your Face ID or Touch ID can login. Honestly I think it’s honestly like a hardware key. Much more secure. Also with having a google account or iCloud if you get a new device it’ll transfer which is why it could be potentially better if something were to happen to your old device and you were storing passwords on it. But to each their own.

It was released a while ago for android.

Omg, a Roblox W??! Lets goo keep this up plz!

please do not force this nonsense

Cool, but ‘the beginning of our passwordless journey’?

I know they’re ‘outdated’, but please don’t remove passwords. Passkeys are great as an extra option, not as our only option.

My opinion about this.

It doesnt look so secure for me. What if someone stole my phone? Same thing just like with 2fa’s if they somehow root my phone or break into my phone via recovery or somehow removes screen lock then all of my accounts are stolen.

I never had my phone stolen so this kinda wont even work in my case. (still that might happen in the future if for example someone pickpockets me)

Many people use Chrome Password Manager on their phones, and it doesn’t require authentication to fill passwords in. Furthermore, you cannot root your phone without wiping it. Besides data is encrypted with your screen lock on Android. While you should be worried about a physical threat, it is not Roblox’s problem to protect you on the street.

When is Windows support going to arrive?

This is way less secure than a password. I must have missed something. Also, face id and fingerprint scanning are not possible on computer… so this update doesn’t mean much for me.

Everybody uses a password manager like LastPass or the browser itself…

This might be a stupid question but what if your phone breaks or is thrown in a lake. You can have both a password and a passkey right

I use a physical security key. Easy to use. I highly recommend. They are fairly inexpensive and you can use it for multiple devices.

How is this nonsense? It’s safer than passwords and resistant to phishing attacks.

Well, what happens if you lose data on your phone in the same situation? This is why it is recommended to back up important data. Similarly, you can also back up passkeys. Also, passkeys aren’t a phone specific thing, you can make passkeys and store them on computers too.

Fingerprint and face id are possible on computer, its just that your computer doesn’t have a fingerprint scanner and doesn’t support face id.

I tried setting up passkeys but it keeps throwing me this error:

I attempted to set it up with my phone, and Windows appears to recognize it now as my device name, and even sends the notification to confirm it, but after that “Windows Security” will always give me this error. I also tried a physical security key, and as I tapped it, it leads to the same error. I have access to it I believe, and even if it doesn’t work with Android yet, that doesn’t explain why it won’t work with my security key.

image817×130 13.5 KB

Have you tried setting up passkeys on other websites, such as Google and Github? Since the error comes from Windows Security, the issue may come from your device being unable to set up passkeys. Let us know if you can successfully create passkeys on other websites and you are only having this problem on roblox. Thank you!