I did not saw this before this update. Is it also part of it?
4 Likes
The content maturity part is new, it can be set in settings if you are the required age. But the feature itself is not new as it was introduced as the age requirement a few months back.
3 Likes
tl;dr please stop saying that PIN is a good security measure and please validate your claims (although I’m sure most here won’t even try because it’s easy clout and they need something to boost their ego)
Sure, you can get around login 2FA with the auth cookie (because you skip the login process entirely) but you can’t get around any other 2FA prompts with just the cookie (at least, not as far as I know)
As rude as this will sound, I advise to try and confirm whatever you’re saying before saying it (this also goes for like, the 300 other people who have said the same thing). 2FA is already required for critical account actions and simply trying to change your email with 2FA on already invalidates your claim
From the looks of it, this requires the account to be under 13. And if you have 2FA enabled (or are ID-verified), they won’t be able to change the account’s birthdate
There is only a finite amount of pin combinations you can have (yes, it’ll take a while due to the ratelimit but still) and, because humans are humans, most will set it to a number they can remember (the day + month of their birthday, their year of birth, etc…), which makes it even easier to get around it
4 Likes
Stuff like switching accounts etc. not stuff it’s already enabled for.
1 Like
Nice job. Can’t wait for 2027 when they’re gonna reintroduce the pin and call it a new feature.
Please bring the PIN back imediately, because it was used by developers and traders MORE than it was used by parents using parental controls.
The PIN was keeping everybody’s account safer and now everybody who is over 18 and doesn’t need to care about this change because we don’t yet have kids, is just left with 1 less security layer, congratulations.
This is very poorly executed and I’m expecting this soon to backfire on Roblox.
The PIN shouldn’t be necessarily linked in any way with the Parental controls, because people over 13 were also using it.
“Just don’t install extensions, don’t click links etc.” This is a very lazy response to this entire situation. Roblox support has a very poor service of recovering accounts and if somebody uses Social Engineering skills on the customer support, they could probably breach into a few accounts.
PIN is and will be needed for the future of Roblox. Please bring it back and never remove it again. There’s abolutely 0 reason to remove the PIN safety feature just because you rebranded and re-released an already existing feature and called it new.
12 Likes
Someone already created future request… or something like that: Some sensitive actions can be done without additional verification (2fa gate or "pin")
1 Like
Great update! However, can you make it that filing out the questionnaire, if you get marked as Social Hangout, it gives your game the Social Genre as well?
Since every game that is marked as Social Hangout would surely be primarily a Social Game, so the Social Genre would be fitting.
1 Like
I don’t exactly get your point… do you mean switching accounts should require 2FA? Because that wouldn’t make much sense since the account sessions are stored in LocalStorage under the “RBXASBlob” key (which means it’s entirely local)
3 Likes
What if you share accounts and/or a PC? Wouldn’t really want siblings logging in as you.
1 Like
what other 2FA prompts? the problem is that right now there aren’t any. if they go ahead and add some before doing previously pin-required actions that’d be great.
5 Likes
Yippee, more safety features for parents and younger users!
Oh.
I actually really liked that feature and prefer it over 2-fac-auth.
Why not keep pins? It’s a perfectly functional feature.
Look, I don’t always carry a phone or mobile device with me and sometimes I’d like to log-in elsewhere on a different PC.
Using 2-factor-auth in this case really works AGAINST my favor unless I always keep an device in my pocket for the whole 2-auth thing (you may be surprised but I do not always carry my phone).
Having a PIN at least still gives some basic extra security so in the case of account hijacking, the intruder at least won’t be able to mess with PIN-protected things.
9 Likes
I’d say both are out of scope. Sharing accounts requires you to know the risks already and to trust the person with your account, and with the second, you can always just lock your PC with a password when you’re away from it
There are… though? Try changing your email, password, birthdate or any of the other 2FA options and you will definitely run into one. Though, maybe there are a couple of spots where there isn’t a prompt yet (trades, large purchases and buying robux/premium with a saved payment method are the only spots I could think of, although I can’t confirm either because 1. I’m not into trading and 2. I don’t have enough disposable income for tests like this)
1 Like
Doesn’t warrant not having the option 
also:
You might wanna move here for stuff about the pin/2fa gate
6 Likes
These are also some of the most important points and are probably the reasons the majority of people are upset about this - it’s not unreasonable to expect extra measures to be put in place before the existing one is removed. (Thankfully we already have staff acknowledgement on the feature request)
4 Likes
Hey folks, we have been listening carefully to your feedback on the deprecation of parent PIN since the original pre-launch announcement in October.
We understand that PINs were (1) many Roblox users’ primary form of protection from unwanted settings changes and even (2) an additional line of defense for creators and other power users on the platform.
While we can’t promise any specific replacements for this feature, we are very committed to addressing both of these use cases, whether as part of new and improved product offerings or our behind-the-scenes security intelligence and mitigation (which is constantly evolving).
In the meantime, we do strongly encourage folks without 2SV (especially Authenticator 2SV) coverage to set that feature up, since it overlaps PIN quite extensively on covering sensitive settings changes and is much harder to steal permanently. We’re also aware that folks want 2SV to protect certain additional surfaces, and we’re auditing our coverage continuously with this feedback in mind.
We will definitely keep you all updated as we have more to share. While we know this deprecation has been frustrating and we can’t necessarily share everything we’re working on from a security perspective, we appreciate the candid feedback!
14 Likes
So what that exactly means?? I’m not really sure.
1 Like
In short it means they can’t promise any replacements for the PIN features but are working on addressing both problems which people have mentioned with PINS being gone and that they will keep us updated.
this does not solve the problem from it is roots , you just locked every communication method for users under the age of 13 rather than moderating these methods , this is a good disition if you are working to fix your moderation and it needs time so you lock these communication methods until you finish fixing you moderation , if you are not then this is not a fix you did not fix any thing you just locked them , Roblox please fix your moderation rather than locking things , locking things may be effective but it is not the right solution.
3 Likes
The parent PIN was not intended as a security feature and can be bypassed by people who have the means to access your account. The only person who this PIN would stop is your friend who logged into your Roblox account while you weren’t in the room. Token loggers can break the PIN.
Roblox asks for your 2factor authentication when attempting to change things like your password or email. Turn 2factor on to protect your account.
2 Likes
When will blocking of specific experiences be a feature? There are certain experiences with undertones of which are rated for Everyone that I do not want any of my siblings accessing at all.