E-Mail account verification to access user account on new machines

For many of you Steam users, you know that whenever you login to your steam account on a different computer, you must verify that it is indeed you accessing it, by inputting a code email to you automatically by steam into your Steam instance, this would unlock the computers identity (IP or other) and allow the user to use that Steam account on the computer listed.

For ROBLOX, there has always been the trouble of users getting scammed, tricked, or even hacked out of their accounts. Inputting a system similar to what Steam has in place could help prevent a lot of users running into these undesirable mistakes.

Upon logging into ROBLOX it could send a verification email to the email address associated with the account. If the user does not have a verified email, then this system won’t take place for that user, giving people more incentive to register their accounts to a valid email address.

Upon entering the code, or clicking a link sent in the email, this would allow the user attempting to log in access to the account via the website, where as before entering the code/link, only options to public users or guests would be available.

And, it could also be made to be a feature that can be disabled by the user (with verification, ofcourse) to prevent some people from wanting to deal with the hassle of advanced security procedure. This could especially be beneficial if the system revolves on IP addresses - as dynamic IP’s change often.

I posted this on the S&I forum a couple years back and got a lot of support.

What do you think?

  • This is useful and beneficial
  • This is pointless and destructive

0 voters

2 Likes

Isn’t that just 2 factor authentication which ROBLOX is already working on?

1 Like

Pretty much.

I haven’t actually seen any news about them working this, though. Could you link or point me in the direction?

Eh, then the scammers will start asking them to log into their email as well.

Well that’s why you’re supposed to give the user multiple options. For instance with Google: I set it up so that if I use a new machine then I have to enter a code that comes from an app on my phone (Google Authenticater). That’s the only way I have it set up to work. A scammer would somehow have to get me to give over a code from that app (which cycles new codes like every minute) …or I guess they could find me and mug me for my phone lol

2 Likes

Asking people for their passwords is an extreme minority of account theft. The majority of the people who have had their accounts taken (at least here) fall victim to seemingly harmless links that appear to be roblox.com, but lead to robIox(with a capital i).com/etc and ask them to log in, or use the same password on multiple sites and the account thief figures out their account’s password by looking at leaked database of passwords from breached sites. Two-factor authentication will help significantly with account breaches.

I agree with what crazyman32 said we need to be given multiple options because now days people are going as far as hijacking into email accounts to get to your ROBLOX account. The best option would be the google authenticator method because obviously the only way they could get into your account is by actually stealing the mobile device from you in real life and they would still need to get past your phone pass-code.

Basically like ConvexHero said in past threads. Google Authenticator+Password = Best option :wink:

I also agree we need multiple options, but I think email is a good first option. Why? My ROBLOX account would be email 2-factored. My email is SMS 2-factored. If someone wanted to break into my ROBLOX account, they’d have to break into both my email and my phone since 2-factoring to something which provides 2-factor for itself means multiple layers of security.

2 Likes

EchoReaper If I was you I would make sure your email uses the google authenticator instead because currently people have been able to trick mobile companies into transferring mobile numbers over to other phones. Basically they can easily take over your phone number and log on into your email using the sms. Best most secure option currently is the Google Authenticator + Password.

They would have to know my phone number first and not many people do – certainly no one who has the gall to social engineer a phone number transfer.

1 Like

Over the past week, a popular youtuber Boogie2988 was breached by his phone, a person called his carrier (virgin) claiming to be him, and got the number assigned to a new phone without proper authentication.

He used that for two-factor identification, and his account was deleted by the breacher and he also attempted to steal money from paypal.

All of his stuff was later put back up for him when it was resolved.

It’s worth noting.