If someone gets their account “hacked” or loses access to their account, there are going to be bigger problems for the user than access to your game. I wouldn’t worry about that problem, just trust that the player playing is the person playing. I feel like adding a secondary account step could be annoying to the player and then having to remember ANOTHER password to access their stuff. This is as well the issue with TOS and what if they use their real password. Also are these passwords going to be hashed or encrypted somehow if you do this? I don’t know if lua has any library functions to do this.
Though some games like Runescape for an example allows players to set up a PIN for their bank account in case their account gets breached. This is a fair thing to do in my opinion since it’s optional and only a 4 digit number. I would highly suggest not doing what you plan.
But there is no point. The use case doesn’t seem reasonable enough. The disadvantages outweigh the advantages.
On the ledge of being, if not against the ToS – this alone should discourage you
Accounts can be hacked leading to worse problems
Users are gonna have to remember the password (how do you implement a “I forgot my password” system? You can’t email them or have a bot DM them on Roblox.)
Also the username field while it may not seem obvious, can be used to input a password
The idea of a PIN is not bad at all. I would encourage it over a long password.
I done this topic and it arleady is the biggest topic made by me. I done the decizion the password will be a random generated one and i will still work at the sistem so hackers can’t steal in-game accounts.
My question is, what happens if the player forgets the password? How do you recover it? Along with that, will there be any measure to prevent bruteforce attacks? How long would these passwords be?
the lenght of a password will be between 7 and 10 characters. As I don’t speak much english i don’t know what “bruteforce attacks” means. I will still be thinking about what if a user forgets his password. Dm his/her on Gmail isn’t a solution since it is against ToS and COPPA.
I said don’t make new posts like: “Users may input they’re real password blah, blah, blah.” so there will not appear any of these posts. (90% of these topics are about this. I get it, don’t repeat 10 times.)
I think some hackers might do some hacks to input every character but it may crash they’re computer because a password will be 7-10 characters (Including punctuation, numbers and more).
I feel like you will hit a snag with trying to establish a recovery method because there’s not really a way to do it that doesn’t just allow the “hacker” to be able to recover it. Also I quote “hacker” just because in my experience, most accounts are breached because they entered their account info into phishing websites. The other way for an account to be breached is a breach on Roblox’s end which would be a bigger deal and not as likely to happen as phishing.
The proper way to go about addressing this is to not make an account system in the first place. You have your Roblox account, which is already a unique identifier – what more do you need?
Perhaps more use cases would become legitimate if the topic was fully discussed instead of dismissed immediately because its too close and scary.
A hacker themed game where accounts are created and meant to be hacked by others is just one idea. Banking systems. Persistent worlds with houses or chests owned and locked.
You can create systems that allow account creation without personal info. Best methods should be the idea being discussed. If someone fails to implement it properly that is their failing.
Roblox could truly use some more complex interactions for the growing population of mature players.
Phishing websites target people to enter their information through deception. The website may look like the official Roblox website or a website that offers “free” Robux. The user enters their account information and then a bot can swoop into the account and change the password / hijack the account.
Also @Pharyx_Styx , this isn’t in the means of content, he wants to make this to “secure” his game. If it was content related, this would be a totally different story.
@Pharyx_Styx that is a good idea. But OP doesn’t seem to plan to execute it this way.
@TheTurtleMaster_2 that is highly unlikely. Some false positives have come up when uploading images etc for development, but I don’t believe you’ll get terminated. Again – this is too niche of a scenario to even be worth accounting for.
I have an idea if you lost your password. You need to put some information like account creation day (Day, Months, Year), a username and something like that.