As a Roblox developer who works with a large team, it is too hard to enforce effective security policy (i.e. verified email, 2FA, and PIN) across the entire company.
There’s currently no way to require certain security settings to be enabled. Other applications like Discord solve this kind of issue by restricting a mod’s permissions to the base level until they change their security settings to an acceptable level.
If Roblox is able to address this issue, we would be able to reduce the likelihood of having a developer’s account compromised.
As a Roblox developer, it’s currently too hard to know if someone has logged into my account from a different device.
Most services have two ways of providing this information: a session log that shows all previous sessions with info like timestamps and IP addresses/locations, and email notifications when a new device is used for the first time. Bonus points for implementing both, but I’d definitely prefer email notifications.
If Roblox is able to address this issu…
As a Roblox developer who works with a large team, it is currently too hard to identify bad game changes and their authors.
In the event where a game seems to have been compromised (i.e. teleporting players to other games, prompting 3rd-party purchases) there’s no way to immediately identify what the change was or who caused it. Even once the issue is hunted down and resolved, the compromised user is still unknown, leaving the door wide open for another intrusion.
We should be able to easily s…
As a Roblox developer who works with a large team, it is currently too hard to manage permissions without major holes in our security. Permissions provided by groups are too limited:
That last option is essentially a switch between not being able to work on any games at all and having unlimited permissions to do anything. For a team comprised of members with specific roles, there are dozens of entry points for a bad actor to wreak havoc on the group’s games.
Essentially, as anybody wh…