Introducing Updates to Our Safety Protections and Parental Controls

I don’t exactly get your point… do you mean switching accounts should require 2FA? Because that wouldn’t make much sense since the account sessions are stored in LocalStorage under the “RBXASBlob” key (which means it’s entirely local)

5 Likes

What if you share accounts and/or a PC? Wouldn’t really want siblings logging in as you.

3 Likes

what other 2FA prompts? the problem is that right now there aren’t any. if they go ahead and add some before doing previously pin-required actions that’d be great.

7 Likes

Yippee, more safety features for parents and younger users!

Oh.

I actually really liked that feature and prefer it over 2-fac-auth.

Why not keep pins? It’s a perfectly functional feature.

Look, I don’t always carry a phone or mobile device with me and sometimes I’d like to log-in elsewhere on a different PC.

Using 2-factor-auth in this case really works AGAINST my favor unless I always keep an device in my pocket for the whole 2-auth thing (you may be surprised but I do not always carry my phone).

Having a PIN at least still gives some basic extra security so in the case of account hijacking, the intruder at least won’t be able to mess with PIN-protected things.

12 Likes

I’d say both are out of scope. Sharing accounts requires you to know the risks already and to trust the person with your account, and with the second, you can always just lock your PC with a password when you’re away from it

There are… though? Try changing your email, password, birthdate or any of the other 2FA options and you will definitely run into one. Though, maybe there are a couple of spots where there isn’t a prompt yet (trades, large purchases and buying robux/premium with a saved payment method are the only spots I could think of, although I can’t confirm either because 1. I’m not into trading and 2. I don’t have enough disposable income for tests like this)

3 Likes

Doesn’t warrant not having the option :wink:

also:

You might wanna move here for stuff about the pin/2fa gate

8 Likes

These are also some of the most important points and are probably the reasons the majority of people are upset about this - it’s not unreasonable to expect extra measures to be put in place before the existing one is removed. (Thankfully we already have staff acknowledgement on the feature request)

6 Likes

Hey folks, we have been listening carefully to your feedback on the deprecation of parent PIN since the original pre-launch announcement in October.

We understand that PINs were (1) many Roblox users’ primary form of protection from unwanted settings changes and even (2) an additional line of defense for creators and other power users on the platform.

While we can’t promise any specific replacements for this feature, we are very committed to addressing both of these use cases, whether as part of new and improved product offerings or our behind-the-scenes security intelligence and mitigation (which is constantly evolving).

In the meantime, we do strongly encourage folks without 2SV (especially Authenticator 2SV) coverage to set that feature up, since it overlaps PIN quite extensively on covering sensitive settings changes and is much harder to steal permanently. We’re also aware that folks want 2SV to protect certain additional surfaces, and we’re auditing our coverage continuously with this feedback in mind.

We will definitely keep you all updated as we have more to share. While we know this deprecation has been frustrating and we can’t necessarily share everything we’re working on from a security perspective, we appreciate the candid feedback!

16 Likes

So what that exactly means?? I’m not really sure.

2 Likes

In short it means they can’t promise any replacements for the PIN features but are working on addressing both problems which people have mentioned with PINS being gone and that they will keep us updated.

1 Like

this does not solve the problem from it is roots , you just locked every communication method for users under the age of 13 rather than moderating these methods , this is a good disition if you are working to fix your moderation and it needs time so you lock these communication methods until you finish fixing you moderation , if you are not then this is not a fix you did not fix any thing you just locked them , Roblox please fix your moderation rather than locking things , locking things may be effective but it is not the right solution.

4 Likes

The parent PIN was not intended as a security feature and can be bypassed by people who have the means to access your account. The only person who this PIN would stop is your friend who logged into your Roblox account while you weren’t in the room. Token loggers can break the PIN.

Roblox asks for your 2factor authentication when attempting to change things like your password or email. Turn 2factor on to protect your account.

3 Likes

When will blocking of specific experiences be a feature? There are certain experiences with undertones of which are rated for Everyone that I do not want any of my siblings accessing at all.

1 Like

It cannot. They would need your Email for this; this is the same as telling support you lost your phone for 2FA.

If they had the 2FA to login to your account in the first place, they would probably be able to use the same code before it expires to steal your limited. As I’m saying, extra security through a PIN-like system isn’t required, but it is beneficial.

3 Likes

I guess my feature request just got ignored then. Revert this. Now.

3 Likes

There are a lot of misconceptions here.

  1. Stealing your login token does not bypass any other instances where your 2FA is requested, like when attempting to change your password. They don’t have the answer to your 2FA if they have bypassed login entirely.
  2. You do not need an email to bypass a PIN, they are not connected at all. The pin had infinite retries, which made it possible to bypass with botted password guessing.
  3. In order for someone to have your 2FA log in they either have to have your phone in their hand (for authenticator app) or already have broken into your email (for email codes) OR have swapped your SIM card to run on their phone instead (if you only use text codes). I strongly recommend only using authenticator app, because that random person who stole your login key on discord, doesn’t have your phone.
1 Like

Never said it did.

True, but it’s still an added security layer and can COEXIST with 2FA

see:

https://devforum.roblox.com/t/how-do-you-feel-about-the-parent-pin-being-removed/3264227/15?u=timefrenzied

LFG! IVE HAD THIS PROBLEM ITH MY PARENTAL CONTROLS WHILE BEING 18 where i couldnt play games for ages 13+ because of my defunct email still receiving 2FA codes! Tysm roblox! I cant believe i can play my fav scp games that i wasted robux on again!

1 Like

It is not and never was added security. Anyone who has the means to access your account without permission, except for maybe your siblings/friends irl, can and will break it to get what they want off your account. Side note, 2FA also already shows up when trading limiteds as well.

It is added security on top of 2fa, I really don’t know what to tell you. Also FYI I suggested a PIN-like system coming back as an improvement as a security feature. Where you could use patterns, questions, and add a lockout in a certain amount of tries (thought of this one on the spot so like, don’t question me if you don’t see it)

2 Likes