Account PIN now required for transferring group

But stopping users from disliking games if they have not stayed in it for long enough would become a problem if the game kicks the player and making them unable to dislike the game.


This feature will go a long way in mitigating attacks on groups, excellent addition! Now we just need the option to also enable this for things like payouts and kicking in large quantities.

1 Like

Can you also add this whenever players are about to buy sth or delete sth, it requires account PIN? It would be helpful for players who didn’t add Two-step verification.


Thank you, this will help with the issues with bots or people watching groups to try and grab them.


Amazing! Great work. This will stop group theft I hope.

and maybe being able to set that amount yourself in settings, but by default sat to 250 :thinking:

Thanks for adding this feature! Now, transferring a group is more secure.
However, speaking about Account PINs, there should be a failsafe method to recover your PIN if you lose it. When you get prompted to enter your PIN, there would be a “Enter Master PIN” option which is a 8-digit number that can only be generated by Roblox Support. As of now, if you lose your PIN, you have to brute-force it until you find the correct one. And that is very hard to do as there can be 10000 combinations and after trying like 5, entering your PIN gets locked for 15 minutes.

If Roblox supports TOTP, things like Touch ID and extra passcodes are possible on the authentication app’s end.

As for requiring pins for other potentially destructive actions, you should make a feature request!

No. If you want the extra security; go ahead. However, making account pins mandatory will not improve security and will likely maker CS’ job harder since a bunch of kids will inevitably forget their PIN.


Awesome! Can’t steal my groups haha.

I have my Yubikey configured to anything that will happily take it. I don’t think this would be overboard, especially now that Roblox is becoming peoples primary source of income.


This is perfect & takes away a lot of the anxiety of being a large-group owner, because even if someone were to steal your cookies or access your account another way, they’d still be unable to take the group. A similar thing would be great for group payouts too.

Thumbs up!

Thanks Roblox! It’s never too late to make things more secure :grin:

On top of this, Roblox should use a new location detection system and require account PIN for the first time using Robux in the new location.


I personally this is an amazing addition to Roblox security and enviroment! This will reduce all of those scams and false account logins. People are now more accurate with transfering their groups. I guess, that any update releated to player’s and Roblox’s security is important really needed to improve positive experience. I am now thinking, that it will probably reduce workload on Roblox’s staff, because they have one problem less to deal with!

1 Like

Awesome! I think this is really needed for if a group owners account get’s compromised. Extremely good security feature and I agree with your decision to do this. Thanks Roblox! I’m excited to see what other features you have in store for us.

Using location seems to be a bit intrusive. Maybe we should have that be a separate feature that will be a toggle-able setting in order to permit a users location to be tracked for whoever is on the account.

1 Like

I am definitely on board for the pin-lock game idea. That is a very great idea.

Is the purpose of the PIN for parental controls, or for account security? If a parent wants to lock down the account settings and uses a PIN for it, then as the PIN is required for more things (such as group transfer, but other things in the future) then the child isn’t able to do these things without the parent. Particularly if PIN gets added to something like trades, this could be a bigger issue. Settings lockdown for parental control reasons may need to be on a separate system.


SUCH A GREAT IDEA! Omg, way better than the Viewable Code.

1 Like

I think they moreso mean via IP address, which is likely already logged by Roblox. It’s quite a common system on a lot of sites to require new authentication when a new IP address is used to log in.