As a Roblox Developer & Player, it is currently hard to make your account 100% secure.
New things such as account pin required when transferring group are being added, which is very good! Roblox tries to improve their user security all the time and that is – hats down – very great!
So let’s see, you can have long password, 2FA and then the pin. The sad thing is that the pin can be only 4 digits long. Why is there this cap? Why not making it longer?
Making Account Pin up to for example 25 numbers would be much better. It would make accounts much safer. Because 4 digit pins are easier to guess/crack than 25 ones.
This could tackle some account-thefts and overall make Roblox users just again a bit more safe.
Nobody is going to remember 25-character PINs. At that point it would be a password and not even a PIN anymore. The convention for PINs is four characters.
Accounts are already secure with passwords, and 2FA only makes them more secure since you need to get a code from the email of the account.
Longer PINs are impractical because the standard is 4 characters and there is no reason for the limit to go higher. PINs aren’t meant to be passwords; just an extra layer of security when making account changes.
the whole point and base of pins is to be 4 characters.
beside the fact that there’s 2FA and regularly changing your password, there’s not much you can do to keep your account secure besides adding all contact information.
I believe a 6 character pin is more realistically useful,
If you have a 0-9 pin and 4 digits that gives you a 1/10000 chance of correctly guessing and while it sounds low that is a mathematically breakable pin.
If we went up to 6 digits that would make it 1/1,000,000 which is literally 100x more secure.
Why do phones companies offer 6 digit pins? As I stated, 4 digits are pretty easy to crack.
6 digit pins are hard, as LuaBearyGood stated.
This can be bypassed with appropriate software.
As I said as well, it would be optional. You could have 4-digit pin. But you could have way longer pin, up to you.
There are lots of people who rely on Roblox as their job. They need to be sure that their money on their accounts are 100% safe.
It is not meant to be total security or an alternative to passwords. It is kind of like script obfuscation; it is not used alone as “security” but just as a layer of one to make a script harder to reverse-engineer. Same logic applies here.
Okay, can you remember a 25-digit sequence of numbers.
Because they were either tricked into giving their password, or they were PGed.
PINs are not passwords though, stop treating them as if they were. You just need to fill it in when making a change to your account settings.
Can it really? Can you DM me a source? I highly doubt this is possible. Roblox would have patched any vulnerabilities with their security.
but the whole point of pins is to be 4 characters nothing exceeding.
else it would’ve been called another password, not a pin.
these types of situations are extremely unlikely and rare, you’d have to have access to the email of the person and unless you have very poor information, it’s unlikely.
Look, I didn’t want to bring up any argument. It just might be better to have at least 6 digit pin. Some people would like to have even more. It would be fully optional and on user’s preferences.
I think accounts are already secure; no need to secure something further if we are already have 2 extra layers of security. Passwords are a must so it can’t really count. 2FA is one layer, and PINs another.
