As a Roblox user, I risk losing my inventory when I am hacked.
I propose that as users, we should be allowed to designate items in our inventory as “trade locked”.
Trade locking an item would mean that the item cannot be traded, sold or deleted until it is “unlocked” by the (original) owner of the account.
Unlocking an item would require the pin/password, and then the item would unlock only after 7 days have passed (or 48 hours, this can be discussed). An email would be sent to the account email notifying that items are being unlocked (and will be unlocked in 7 days).
The unlocking process should be cancel-able at any stage, and would reset the timer to 7 days.
This feature would greatly improve the security of our inventories by giving us a “response window” to successful hacking attacks.
Roblox currently offers acceptable security measures (email 2FA, PIN codes). It is important to remember that while strong, these security measures do not constitute full protection. With the right user mistakes, a Roblox account can be hacked, and thus the items lost permanently to theft or deletion.
My proposition would add “post penetration” defense; when an account is hacked, damage is minimized, or prevented entirely; the real owner of the account has a window of time in which they can “regain” control of their account, or at least notify support to freeze the account, before their items are lost.
The reason this should be voluntary is that some users enjoy trading their items frequently. This change would damage their play style (and perhaps, lifestyle) if it was forced upon all items.
However; I do not trade, but I own several items that I do not want to lose. I want to be able to lock these items, so that if I am hacked*, they cannot be stolen unless I am inactive for an extended period of time.
*this is a possibility for everyone; 2fa does not constitute total protection. Some phishing mails are extremely crafty; like the one I fell for. Thankfully, email 2FA saved me; but what if that was compromised too?
Specifics:
-
Optimally, users should be able to choose to lock only specific items, so traders can protect their “valuables”, while still trading other items.
-
At minimum, we should be able to lock our whole inventory (or categories of it) to protect ourselves .
-
the lock out period should be at least 48 hours, preferably at least 72. This would let people who were away for a day - or a weekend - to be protected, while still being reasonably short enough for people who change their mind about locked items.
-
Upon locking an item, we should be shown a preview email of the notification we would receive when an item is unlocked. This email should only be a notification; it should not present any action prompts to the user (to defend from phishing attempts). It should just say “Item being unlocked will unlock on [date]. If you did not request this, cancel it. If you did not, you should change your password on the roblox website” or something of the likes.
-
Unlocking an item should be exceedingly obvious; emails, un-hidable website notifications visible at all pages (“system warning” notifications in the top right?) for the duration of the process so items can’t be stolen from right under our nose.
-
Bonus feature: Users can decide how long the “unlocking” procedure takes (e.g 30 days+ for people who REALLY dont want to trade their item).
USE CASES:
-
I am fully hacked, despite using 2FA. Having my items trade locked gives me 3-7 days to regain my account before the items are stolen. I manage to secure my account and a crisis is averted.
-
I am a trader. I have some items I never want to trade. I lock the item, and thus don’t risk accidentally trading it, or it being traded by someone who accesses my computer.
Thank you for reading and considering my proposition.
P.S.: Non-premium accounts need to be able to adjust their trade settings too. Currently, I cannot lock myself from trading altogether (by changing “who can trade with me”) because I am not premium, or so it seems.