As a Roblox Developer & Player, it is currently hard to make your account 100% secure.
New things such as account pin required when transferring group are being added, which is very good! Roblox tries to improve their user security all the time and that is – hats down – very great!
So let’s see, you can have long password, 2FA and then the pin. The sad thing is that the pin can be only 4 digits long. Why is there this cap? Why not making it longer?
Making Account Pin up to for example 25 numbers would be much better. It would make accounts much safer. Because 4 digit pins are easier to guess/crack than 25 ones.
This could tackle some account-thefts and overall make Roblox users just again a bit more safe.
Nobody is going to remember 25-character PINs. At that point it would be a password and not even a PIN anymore. The convention for PINs is four characters.
Accounts are already secure with passwords, and 2FA only makes them more secure since you need to get a code from the email of the account.
Longer PINs are impractical because the standard is 4 characters and there is no reason for the limit to go higher. PINs aren’t meant to be passwords; just an extra layer of security when making account changes.
the whole point and base of pins is to be 4 characters.
beside the fact that there’s 2FA and regularly changing your password, there’s not much you can do to keep your account secure besides adding all contact information.
I believe a 6 character pin is more realistically useful,
If you have a 0-9 pin and 4 digits that gives you a 1/10000 chance of correctly guessing and while it sounds low that is a mathematically breakable pin.
If we went up to 6 digits that would make it 1/1,000,000 which is literally 100x more secure.
Speak for yourself - the PIN on my phone is 15 digits
I personally don’t see any problem with allowing people to use more digits in their PIN.
Same here, my PC has a 12-digit PIN. A lot of companies are encouraging at least 6-digit PINs nowadays.
They should replace pins with TOTP codes from e.g. Google Authenticator app. That’s much more secure than a pin that never changes of any length.
Give login 2FA the same treatment while we’re at it.
It would be optional. You could still have 4 digit pin.
Why is that? Some people want their accounts safe.
Yes, another layer. But doesn’t mean it can be just a layer that can be cracked in few hours / minutes.
And yes, they are harder to remember, yet they are harder to crack. Choose wisely.
Is that so? Why do I see people getting hacked and their stuff stolen a lot?
Why do phones companies offer 6 digit pins? As I stated, 4 digits are pretty easy to crack.
6 digit pins are hard, as LuaBearyGood stated.
This can be bypassed with appropriate software.
As I said as well, it would be optional. You could have 4-digit pin. But you could have way longer pin, up to you.
There are lots of people who rely on Roblox as their job. They need to be sure that their money on their accounts are 100% safe.
They are already safe with passwords alone.
It is not meant to be total security or an alternative to passwords. It is kind of like script obfuscation; it is not used alone as “security” but just as a layer of one to make a script harder to reverse-engineer. Same logic applies here.
Okay, can you remember a 25-digit sequence of numbers.
Because they were either tricked into giving their password, or they were PGed.
PINs are not passwords though, stop treating them as if they were. You just need to fill it in when making a change to your account settings.
Can it really? Can you DM me a source? I highly doubt this is possible. Roblox would have patched any vulnerabilities with their security.
It’s not made for that, I know. But you use it when changing your password…
Yes, you could. With some training. But you can still write it down.
Not always, I have a friend who has not entered anything anywhere, yet got hacked.
They are the last thing that can save you, if you get your account hacked. They are used when changing password and e-mail.
Yes, read about it here. Or also here.
but the whole point of pins is to be 4 characters nothing exceeding.
else it would’ve been called another password, not a pin.
these types of situations are extremely unlikely and rare, you’d have to have access to the email of the person and unless you have very poor information, it’s unlikely.
Yes because passwords are an account setting. Which is what it’s for.
Writing it down because you can’t remember it is horrible experience.
Then likely PGed. Not Roblox’s fault or anyone else’s that your friend had a very easy password.
But none of them talk about Roblox and I have yet to see a case of 2FA being bypassed on here.
True. But the 2FA is generally pretty same.
Look, I didn’t want to bring up any argument. It just might be better to have at least 6 digit pin. Some people would like to have even more. It would be fully optional and on user’s preferences.
I think accounts are already secure; no need to secure something further if we are already have 2 extra layers of security. Passwords are a must so it can’t really count. 2FA is one layer, and PINs another.
Yes. I know.
But why having the 4 digit limit. It could be at least 6 digits.
Maybe because that is the standard??
Okay. Majority of people could still have 4 digit pin.
Apple now requires you to have 6 digit pin.
Time is moving.
But this is Roblox, not Apple.
Does it mean that Roblox can have smaller security? No. This is my last reply on the conversation.