As a Roblox developer, it is currently too hard to guarantee the account’s safety,
I don’t exactly know how to say it right, despite being the largest issue in the platform,
but as of right now, it’s unavoidable, if someone happens to be in the account ; it’s over, email has been changed, phone number was been cleansed in mere seconds, people can hide then delete messages on mails if they get through support, and i will end up not knowing how i was compromised and repeats each years until i truly have no worth the effort to be even sold in the market.
It’s a fairly spammy resume, but let’s just say i know i will be attacked, how can i truly be safe from it ?
What i recommand is a delay of exchanges very similar to Steam, the problem is that alot of people will be annoyed from large delay, even a 24h one, so it should be a option you can toggle, and, to turn it off, you’ll need to disable it and wait [INSERT DELAY]until it’s been entirely disabled, Non-delay users trading with one that have the delay will have to comply to the user who have the largest delay.
The delay can be set from 1 day to 14 days(Steam is 7d, 14d if non-confirmed)
delay installation would require the PIN only
delay deinstallation would be atleast the PIN + delay installed
delay would affect the following :
Trading items
Purchases above X sum
Limits purchases to X
Group funds transfer to whitelisted users only !
To whitelist a user eligible for the group’s funds, it takes the delay you installed.
It could be seen as a achievement or a shame, but i currently entirely live from making Roblox games, i’m happy with the outcome of my projects and seek to provide more… but it would just leave a bad taste to be ruined by events entirely unrelated to development.
You can use an account PIN in your settings, so that if you try to make a change, you’d need to input the PIN which is only known by you externally (not connected to your email). This means that if a person tries to change everything they’ll first need to get though your PIN. Sure it only has 4 digits, but it’ll be an added security measure for now.
Not entirely sure if PIN is what you recommend me, but it doesn’t matter…
they can transfer all your possessions, to sum it up that i had no alternaltive is that ;
I have PIN, Including my trading entirely off (Trade set to : No One)
And in no way this disability set my items safe and they sold them all for -50% their values to transfer all of them afterward.
Let’s not forget selling a item is a direct robux transfer just like group funds,
so the difficulty is non-existing to steal. (but somehow, you actually have a 3day delay for clothes)
I support this! In light of recent events, Roblox should definitely follow the model of Steam for account security.
A brief history behind Steam’s mobile authenticator:
One of Valve’s most successful games, Counter-Strike: Global Offensive, has virtual items tied to it. You can unbox these items, ranging from anywhere between a few cents to thousands of dollars, from cases using keys that are purchased with real currency. Like always, with good comes bad. Eventually, bad actors thought of ways to scam people out of these items whether it’s through phishing or social engineering. It got to the point where this was going on with other games that offered virtual items as well. Later, Steam stepped in with mobile authentication where you would need to confirm actions for listing items on the community marketplace or when sending/accepting trade offers.
Why Roblox should move towards a mobile authenticator similar to Steam:
What’s going on with Roblox now is exactly what happened with items on Steam over 10 years ago. Items as well as Robux are being stolen from compromised user accounts due to lack of account security.
The PIN system should be ditched for a more secure method such like Steam Guard. Steam Guard generates a unique, 5-character code on the mobile app that is time sensitive expiring every 30 seconds. This unique code should be required to log into an account or to change any highly sensitive account information such as security, billing or privacy settings.
As for transactions on Roblox, making a new purchase of an item should lock the item behind a time window making the item untradeable or marketable. 7 days for an account linked to a mobile authenticator and 14 days for an account not linked. This would also prevent bad actors from racking up charges on a compromised account and sending the items over to an alternate account
Sending or accepting trade offers and listing items on the Roblox market should all require an additional confirmation via a mobile app to verify an action before an item can be posted.
When Steam first implemented their mobile authenticator, there was backlash at first since it was big change to how things were handled on Steam. Overall security upgrade to user accounts, in my opinion, was greatly worth it. It reduced the amount of account hijacking and stolen valuables from users.