The item system is very insecure, many users such as myself are afraid of how easily valuable items can be deleted. The ability to lock items or large transactions with a PIN would be incredibly useful. If a PIN was required to delete/sell a rare/valuable item e.g. a Dominus hat, it would provide a great peace of mind. Of course, how this would effect ROBLOX revenue depends entirely on implementation, and I believe it could increase Robux sales due to an added sense of security. It would also remove much of the incentive associated with account stealing and would result in less account appeals to be reviewed. 
11 Likes
A PIN that is required for ANY transaction regarding item trading/deleting is a really, REALLY good idea.
Oh, man. Yes yes yes.
This would be great. Infact, I’d like all items to be locked with a PIN so they can’t be traded with / removed / tampered with without proper authentication besides the frequently-entered account password.
Would be nice to be able to set a seperate PIN for all items as well, for added security.
1 Like
This is actually a really good idea. You would need it for almost everything though.
Edit:
It would be really cool to have this as a toggleable feature.
[quote]
Edit:
It would be really cool to have this as a toggleable feature. [/quote]
Yes - hopefully they’d do that automatically.
[quote] Edit:
It would be really cool to have this as a toggleable feature. [/quote]
Hopefully disabling this feature requires a PIN in itself.
[quote] Edit:
It would be really cool to have this as a toggleable feature. [/quote]
Hopefully disabling this feature requires a PIN in itself.[/quote]
lol PINception
Help me design an interface where the person, who is already in your account, can’t also change your PIN.
I like the PIN idea.
[quote] Help me design an interface where the person, who is already in your account, can’t also change your PIN.
I like the PIN idea. [/quote]
Have an option to change the PIN, just a user would reset a forgotten password. Have a button under the account tab that says “Change PIN”. Once the user presses that, it will show a message saying that an message has been sent to the creation email address. Once the user click that link. (Assumedly the owner of the original email)
You could make it so you can only set the PIN when your account is created, and you have to send an E-Mail containing, say, the number of the card used to purchase ROBLOX upgrades and the old PIN to get it changed.
People wouldn’t give out their card information over emails. It is very insecure. Plus, the “hacker” could change the account’s email to their’s. That’s why I suggested using the creation email.
TwoStep verification will keep most people happy. (Phone+PassWord)
ROBLOX has never asked for a user’s phone number before, except during billing. I don’t think this would go by easily.
ROBLOX has never asked for a user’s phone number before, except during billing. I don’t think this would go by easily.[/quote]
Google authenticator
Here’s some suggestions.
- Make only the creation E-mail work
- Make people only create pin once.
3.Make people create pin once, and they have to E-mail roblox to get the pin reset to the creation E-mail or current E-mail.
[quote] Help me design an interface where the person, who is already in your account, can’t also change your PIN.
I like the PIN idea. [/quote]
Require the current PIN + account password + email verification - that’s a triple security checkpoint.
This should also be in place for changing the owner of a group and leaving a group.
Even if it’s tedious, it’ll solve a lot of problems and reduce the amount of stress CS is under.
[quote] This should also be in place for changing the owner of a group and leaving a group.
Even if it’s tedious, it’ll solve a lot of problems and reduce the amount of stress CS is under. [/quote]
Agreed. Groups currently have no double-check feature for leaving or changing owners.
One click can cause too much of a hassle.
If nothing else, ROBLOX should give them an “Are you sure you want to do this?” window.
This can stop item deletion due to the insanely insecure (ironically named) ROBLOXSECURITY cookie.
The pin can work like this:
Keep it 4 digits, and USE A DIGITAL, RANDOMIZED KEYPAD. This stops keyloggers(most important, as users already use these for passwords, so adding a pin would be useless if they can log that as well) and mouseloggers from figuring out the pin.
To reset it, it is emailed to you. If your email got “hacked” (99.999% of the time you gave info away) then that’s your own fault, not ROBLOX’s.
For email changing, that’s tricky. The way I’d do it, is like this.
Enter new email: ____________
Enter old email _______________(Don’t display their old email on the website)
This way, even if the account holder forgets their email password, their address will still be the same.
and don’t let people use 1234 or 4321 as their pin!