As a Roblox user, it is currently too hard to protect yourself from being compromised. The only real protection right now is the PIN code which is only available for changing settings and transferring groups (and that’s why such things do not take place so often). Your account is vulnerable to breaches via Facebook / email / telephone number and when it happens PIN is the last and most crucial protection layer.
So could we please have PIN code requirement extended to other features?
It is important to patch methods that let people access others’ accounts without authorization, but a complete fix won’t ever be possible. People will always face social engineering attempts which might succeed, therefore it is more important to mitigate issues after the account is already compromised.
The PIN is a perfect tool for that as it is nothing login-related. If the user forgets it, its change is possible but requires few days to be processed by support.
Those could be:
- purchasing and selling limiteds (!!!) - limiteds system is outdated and severely flawed. It is currently the only way of transferring funds if the account is breached and has restricted trades (along with PIN protection). It doesn’t require much effort as transactions done with this method are instantly processed and don’t require any authorization.
Another flaw related to limiteds
Making this change would make reverting unauthorized transactions much easier. Account comps wouldn’t be as harmful as they are now.
payouts - adding PIN requirement to payouts would prevent unauthorized group payouts. I don’t think that would make processing payouts less comfortable but would help a lot. The person who broke into the account wouldn’t be able to payout themselves money. Currently they can just payout money to the breached account (group owner) and then transfer using other methods.
purchasing items - could be a good long-term plan to have it as an additional requirement. This is not as important as other elements as those transactions already have 7 days pending time.
NOTE: Might require additional consideration as people can still fall for in-game scam guis which ask for PIN and look like purchase modals.
In long-term this chance could be replaced with planned 2SV update mentioned by @buildthomas in posts below.