We’ve already stated in this previous longstanding thread that we will be implementing a 2-Step Verification feature soonTM, and that the first version will deliver codes via email.
The question is, if more than one option was available for how to authenticate, which one would you choose? This question is about you, personally. How would you prefer to get your authentication codes with these 3 options?
Prefer codes by email
Prefer codes via SMS to my mobile phone
Prefer code generator app (TOTP)
Assume that we will support International SMS delivery, and would use Google Authenticator for TOTP.
I expect some people will reply about what they think is the best solution. That’s not what I’m asking. I want to know what this community prefers to use. I also know there are other options than these 3, but those are not on the list right now.
google authentication is definitely the best way, if you haven’t heard much about the youtuber “hacking”, basically SMS is insecure because a group of so called “Hackers” called up the youtubers phone companies and somehow convinced them to get their SIM card, and therefore, getting access to their account.
I like the sms’s best, because that way i don’t have to re install the app and lose the authentication code, that is put inside, yet the sms would always send to the correct phone number, even if i change phone.
Yet i do use google authentication to, but that’s more for less security places.
Also what happends if you lose the google auth app.
Does the roblox staff have to authenticate the customer some how?
I like email because email has 2-factor itself. This means attackers have to get past (4?)-factor authentication to get into my ROBLOX account, and even if you don’t think email 2-factor is secure enough, you can 2-factor your email to something more secure.
It depends on how the 2FA is set up, but there are many options, such as one time codes that can be written down to use at a later time. Also there is an option to use a USB stick as an authenticator. Typically websites will use your email like a password reset if you lose your authentication method.
I would not go for the “one time code” because if you lose that, you got 0 ways in…
Discord has this, and i’ve lost my account until they eater adds e-mail or some other way to get it back
I even tried support.
I think Google Authenticator is great for people that dont have a phone plan. Otherwise SMS I think is a good way to go. Email is a bit wary, but I have 2 factor auth on my gmail account anyway so I guess that would work too. Email doesn’t satisfy the “something you have” vs “something you know” requirement I think.
Google Authenticator / Authy are fantastic TOTP tools and I think that they’d be much more convenient and secure compared to using SMS. Not to mention that those without a data plan would be able to use them as well.