Account Security

Account security is becoming a more and more pressing matter on ROBLOX.

Why? We, as developers, are now earning ROBUX, which is essentially REAL MONEY. If our password were to be compromised(whether it’s our own fault or other); we have no other means of protection.

I’d like to suggest adding a few more authentication options.

SMS Protect - Text message is sent to your phone with a unique code which expires in X minutes every time your account logs in from a new location, or, if you set it to be so, every time you log in.

E-Mail Protect - When your account logs in from a new location(somewhere far away from your usual location) an email is sent to you, locking your account until the verification link generated in that e-mail is clicked.

Secret Questions - A set of secret questions and answers defined by you, required to answer two at random every time you log in.

Don’t get me wrong, I am not suggesting all of these options to be added to the account by default. I am saying to make these options, so if a developer chooses to do so, they can add extra layers of security to their account. I winged most of these examples, but I am sure they gave you a general gist of what I am talking about.

Thanks for reading.

I believed they worked on a Two factor system. But I can’t agree more with it. We are making money out of the ROBUX, and our account security should be bulletproof

Not only this but our account may hold important things like groups (e.g. RBX Dev group) and other private data such as messaging.

And things you don’t want anyone else to have like models

Since this is on the topic of security…

One thing that annoyed me since I joined was how easy it was to change the email on your account. All you need to change it is your password and a new email: 2 things a hacker would have. If a hacker would change this, it makes it harder for the original owner to re-obtain the account.

Maybe when you change your email, it sends a confirmation email to the old address. That way, if someone compromises your account, you will know right away and can easily recover it.

[size=2]This may cause some problems if the person loses access to an old email. I’m not sure how often that happens. [/size]