We should have to provide our email address for changing our password, and our previous email if we want to change that.
If not, it kind of defeats the purpose of doing this:
But you have to verify the change request by logging into your email and clicking a link don’t you?
It changes immediately to my knowledge. I believe they just send an email to revert the change, giving a hacker enough time to do everything they need to do.
I think they should make an option to enable two step verification where an email with a verification code is sent whenever you try to log in from a new computer.
I used to think extra security for ROBLOX was useless.
But now that ROBLOX is an actual source of income, and now that it is possible for ROBLOX to be a person’s livelihood, I am strongly for it.
I’m all for some form of two-factor verification, but I really think we’re beyond emailing verification codes. Let’s face it - if somebody knows your username/password combo, chances are they have credentials for your email as well. I don’t really feel any more secure using outdated technology.
If the admins are going to consider beefing up security, I’d personally really love to see some OTP authentication put in place.
I’m all for some form of two-factor verification, but I really think we’re beyond emailing verification codes. Let’s face it - if somebody knows your username/password combo, chances are they have credentials for your email as well. I don’t really feel any more secure using outdated technology.
If the admins are going to consider beefing up security, I’d personally really love to see some OTP authentication put in place.[/quote]
I like to own things, so having something like the authenticators used for battle.net would be awesome. I assume this is what you mean by OTP authentication?
I’m all for some form of two-factor verification, but I really think we’re beyond emailing verification codes. Let’s face it - if somebody knows your username/password combo, chances are they have credentials for your email as well. I don’t really feel any more secure using outdated technology.
If the admins are going to consider beefing up security, I’d personally really love to see some OTP authentication put in place.[/quote]
If you get my Roblox log-in information, it’ll take you years to crack my email password, they are on different planes of existence. 20 char or so difference. Though I really should beef up my Roblox password since I’m planning on some DevEx withdraws in the near future.
Edit: And now they’re not so far off, if nothing else this thread will remind RBXDev users to increase their password strength now that their accounts are handling real money now.
I’m all for some form of two-factor verification, but I really think we’re beyond emailing verification codes. Let’s face it - if somebody knows your username/password combo, chances are they have credentials for your email as well. I don’t really feel any more secure using outdated technology.
If the admins are going to consider beefing up security, I’d personally really love to see some OTP authentication put in place.[/quote]
I think two factor verification with your email is perfectly fine because I have two factor verification for that too which is linked to my phone. Unless someone mugs me IRL to steal my Roblox account they wouldn’t get anywhere.
[quote] I like to own things, so having something like the authenticators used for battle.net would be awesome. I assume this is what you mean by OTP authentication?
image removed [/quote]
That’s an example of exactly what I mean, although I’d much prefer using something like Google Authenticator where pretty much any device (most notably smartphones) can be used rather than purchasing a device built specifically for that purpose.
[quote] If you get my Roblox log-in information, it’ll take you years to crack my email password, they are on different planes of existence. 20 char or so difference. Though I really should beef up my Roblox password since I’m planning on some DevEx withdraws in the near future.
Edit: And now they’re not so far off, if nothing else this thread will remind RBXDev users to increase their password strength now that their accounts are handling real money now. [/quote]
I congratulate you, you’re both clearly a step ahead of most in your security. I just question why we would want to include a middle-man here (your email) when there’s a better option that can be used.
Get Sorcus involved in this discussion.
How do we get Sorcus from under his bridge? 