They should replace pins with TOTP codes from e.g. Google Authenticator app. That’s much more secure than a pin that never changes of any length.
Give login 2FA the same treatment while we’re at it.
15 Likes
It would be optional. You could still have 4 digit pin.
Why is that? Some people want their accounts safe.
Yes, another layer. But doesn’t mean it can be just a layer that can be cracked in few hours / minutes.
And yes, they are harder to remember, yet they are harder to crack. Choose wisely. 
Is that so? Why do I see people getting hacked and their stuff stolen a lot?
2 Likes
Why do phones companies offer 6 digit pins? As I stated, 4 digits are pretty easy to crack.
6 digit pins are hard, as LuaBearyGood stated.
This can be bypassed with appropriate software.
As I said as well, it would be optional. You could have 4-digit pin. But you could have way longer pin, up to you.
There are lots of people who rely on Roblox as their job. They need to be sure that their money on their accounts are 100% safe.
2 Likes
They are already safe with passwords alone.
It is not meant to be total security or an alternative to passwords. It is kind of like script obfuscation; it is not used alone as “security” but just as a layer of one to make a script harder to reverse-engineer. Same logic applies here.
Okay, can you remember a 25-digit sequence of numbers.
Because they were either tricked into giving their password, or they were PGed.
PINs are not passwords though, stop treating them as if they were. You just need to fill it in when making a change to your account settings.
Can it really? Can you DM me a source? I highly doubt this is possible. Roblox would have patched any vulnerabilities with their security.
It’s not made for that, I know. But you use it when changing your password…
Yes, you could. With some training. But you can still write it down.
Not always, I have a friend who has not entered anything anywhere, yet got hacked.
They are the last thing that can save you, if you get your account hacked. They are used when changing password and e-mail.
Yes, read about it here. Or also here.
but the whole point of pins is to be 4 characters nothing exceeding.
else it would’ve been called another password, not a pin.
these types of situations are extremely unlikely and rare, you’d have to have access to the email of the person and unless you have very poor information, it’s unlikely.
Yes because passwords are an account setting. Which is what it’s for.
Writing it down because you can’t remember it is horrible experience.
Then likely PGed. Not Roblox’s fault or anyone else’s that your friend had a very easy password.
But none of them talk about Roblox and I have yet to see a case of 2FA being bypassed on here.
True. But the 2FA is generally pretty same.
Look, I didn’t want to bring up any argument. It just might be better to have at least 6 digit pin. Some people would like to have even more. It would be fully optional and on user’s preferences.
1 Like
I think accounts are already secure; no need to secure something further if we are already have 2 extra layers of security. Passwords are a must so it can’t really count. 2FA is one layer, and PINs another.
Yes. I know.
But why having the 4 digit limit. It could be at least 6 digits.
1 Like
Maybe because that is the standard??
Okay. Majority of people could still have 4 digit pin.
Apple now requires you to have 6 digit pin.
Time is moving.
1 Like
But this is Roblox, not Apple.
… and?
Does it mean that Roblox can have smaller security? No. This is my last reply on the conversation.
3 Likes
Roblox doesn’t need to be like other companies which is the point of that reply. Roblox accounts are already secure, no need for something crazy like 25 digits or just extra in general because it wouldn’t even be a PIN anymore. PINs are always 4 digits, no more, no less. That is pretty secure. There is a 0.0100010001% chance your pin can get guessed.
If your argument is “because that’s the way they are” discounting all of the benefits of having a longer PIN, that’s a pretty terrible argument.
Give users the option to set a longer PIN, leave the minimum at 4 digits. PINs are functionally identical to passwords anyway. It is negligible effort to increase the maximum and make the character requirement a minimum, and improves security for people who worry. Everyone wins, nobody loses.
8 Likes
My point was that accounts are already secure, with passwords by default, and an optional 2FA and PIN. Use them if you’re crazy about security.
That was all 
Agreed, pins should be any length you want, but should be 6+ letters. Though I have all my account info filled out and a secure password with 2FA, I’ve still been password guessed 5 timesno I do not share a computer and no I do not tell anyone my password, which suggests Roblox could use better security.
1 Like
While yes, it would be secure, I don’t think adding Google Authenticator would be a good idea.
The PINs cannot be transferred between phones and if you do a factory reset or if something happens to your phone, you can say “bye-bye” to your Roblox account as there’s no way to get access to the PIN again.
Maybe adding backup codes in case you lose the app would solve that, like Discord does.
1 Like
Yes, recovery codes would be part of the package, obviously. Nobody in their right mind would implement TOTP 2fa integration without backup codes in 2020. This is a moot point.
2 Likes