Passwords are a common security measure. However, passwords aren't foolproof. This is why the shift toward passkeys and other security methods, such as biometrics on Android phones, is gaining traction. Roku's security challenges highlight this issue, even on the best Roku streaming devices. First, 15,000 accounts were hacked and sold. Then, 576,000 additional accounts were compromised. Roku has since enforced two-factor authentication on all accounts. Here's a guide on how to get it set up.

What is two-step verification for Roku, and how does it work?

Two-step verification, which is also called two-factor authentication or multifactor authentication, is a security method that protects your account by requiring a one-time verification code to sign in.

Before you log in to your Roku account, you'll receive a six-digit code sent to the email address linked to your account or your phone number. Use this code to complete your two-step verification. If unsure which email you used, check under Settings > System > About on your Roku device. If you forgot your email or password, go to Roku to reset them.

How to activate 2FA for your Roku account

You're asked to activate two-factor or two-step verification when setting up a new account or logging in to the Roku Smart Home app. If you're not sure whether it's on, here's how to verify:

Download the Roku Smart Home app from the Google Play Store or Apple App Store. Tap Account. Navigate to Security, then select Two-step verification. Toggle on Two-step verification.

You're asked to enter or update your phone number. After sorting that out, you're good to go for the next time you log in. It's also good practice to set a new, strong password that's unique from your other accounts after your Roku account is verified.

What to do when two-step verification fails on Roku

Check your spam or junk folder if the verification email doesn't appear. If it's not there, request another email. If you own a Roku TV or another Roku streaming device, you have another option. Enter the last five characters of any device ID linked to your Roku account to complete the two-factor challenge. Here's how to find your device ID:

Press the Home button on your Roku remote. Scroll and select Settings. Select System. Select About.

If neither the verification email nor the streaming device ID is an option, contact Roku Customer Support. They'll help you change your email address and send a Forgot Password email to the new one. You'll confirm your account details with them to make this change happen. Alternatively, factory reset your device and start over with a new account.

How to switch phone numbers in Roku's two-step verification

If you change your phone number, you must first turn off two-step verification. When that's done, toggle it on again with your new number. Follow these steps to turn off the verification while logged in to the app:

Open the Roku Smart Home app. Tap Account. Access Security. Choose Two-step verification. Select Turn off two-step verification, then tap Continue. If you can't access your verified phone number, select Send a code to my email. Enter the verification code you received via text or email. Tap Turn off two-step verification to finalize the process.

After that, you'll get a prompt to add a new phone number to set up two-step verification.

Password managers can help you secure your Roku account

Activating two-factor authentication is a great step, but your password is still the backbone of your account security. A password manager can safely store all your passwords, relieving you of the need to remember them and letting you generate unique, strong ones for your accounts. While no system is perfect, and Roku's servers could be compromised, it protects you from many common attacks.