Thoughts on 2-Step Verification?

Feature Requests Website Features
#183

soonTM!

3 Likes
#184

Good idea. But for now you can kind of do it.

  1. Enable ROBLOX Email 2-factor
  2. Enable SMS 2-factor on your email
  3. You now have 4-factor authentication on your ROBLOX account

( ▀ ͜͞ʖ▀)

7 Likes
#186

7drHiqr.gif

2 Likes
#187

It’s more that for whatever reason, I trust a text message reaching my phone more than an email reaching my inbox. Whether my inbox was breached or not.

#188

Not to mention the convenience of just looking down at your phone to find the code rather than another tab.

#189

I assume this doesn’t protect against someone stealing your .ROBLOSECURITY? basically ip-based protection

#190

I’d find it far more convenient to simply open another tab than to get out my phone.

#191

YAY! Really happy this was released!

Let’s celebrate Definitely Tuesday :smiley:

#192

When SMS verification comes …

(but hopefully we will get Google Authenticator/Authy support too)

#193

Can I set the 2-step delivery email to something else? (send it to another email instead of my main account email) for increased security.

#194

So does this prevent people from getting into my account if they steal my cookie?

#195

Install pushbullet or something. It syncs all notifications to your computer.

#196

I know this an old thread but I’m digging it up with purpose. I’d like to re-suggest the following, I really want to have the best security on my account. After a few unfortunate security scares and now ROBUX value £ has been increased it’s more important than ever to keep our accounts safe. An important motto I learnt from security experts that have done talks in my college lessons

The best security is annoying but safest

I wouldn’t mind making my account as secure as possible and having the best things in place (max sessions, login attempts, escrow items, etc)

More security or removal of deleting accessories/packages/gears
#197

I think the main part should be using a TOTP system (or push notification) like Duo

I use duo for everything I can - email, accounts, windows login etc.

Right now 2 Step verification isn’t perfect (in fact, I’d go as far as saying it’s nearly useless in its current state) - If you have access to a ROBLOX account, you can probably access that users’ email, or you are just using Cookie hijacking (another issue ROBLOX may need to fix for 2 Step Verification to be a viable security option) you can completely bypass any verification methods.

1 Like
#200

To those (like @EchoReaper) who thought that I have “been sippin’ too much security doom-preacher Kool-Aid”:

#201

Roblox doesn’t support SMS

#202

Which is good. SMS for multi-auth is not considered a good practice anymore.

#203

Definitely, just pointing out that the security concerns in that article don’t apply to Roblox.
I’d love Google Authenticator support.

3 Likes
#204

No, but:

#205

Oh, then that shouldn’t happen.

SMS is less secure than my email because my email uses Authenticator.

1 Like