As a member and a developer of the Roblox community, it is currently too hard to create a strong password using the current password signup.
Currently, Roblox doesn’t have any minimum requirements when creating a password, such as numbers, one low and one capital letter, etc. This is very poor security when creating a password.
Many websites have small requirements when creating a password for their account, such as;
1 small character.
1 capital character.
At least 1 number.
If this get implemented, not only will it improve account security, but it will also help others from not getting their account stolen (if the hacker guesses the password).
Here is a screenshot of the current password signup:
And here is a screenshot with this feature (source: HiddenDevelopers):
If Roblox is able to address this issue, it would improve my experience within Roblox, because it will improve security and will also help a lot of people with securing their account. It will also make security on Roblox better.
I don’t necessarily agree with this. In line with the National Cyber Security Centre guidelines, websites should only really be enforcing a minimum length for passwords.
Users should be recommended to use the “three random words” technique to generate their passwords (or use a password manager, such as Google Passwords).
Ultimately, it is down to Roblox to ensure passwords are securely stored, and implement a two factor authentication system. The current system can be expanded by allowing single use codes to be received via SMS or authenticator apps (such as Google Authenticator). It may be useful to ask users who don’t currently have it enabled to enable 2FA via a prompt the next time they visit, in addition to new users.
Additional methods can be added, such as the use of security keys, or even OAuth2-based logins, allowing users to login with their existing accounts (Google, Microsoft, Twitter, etc.) – this is my preferred method of authentication when designing web apps.
The main problem with this is that Roblox is for kids as we all know. Kids don’t really care to memorize their Roblox password. They may just put their real name and when they see it has to have special characters, they may not know what it means or they could just do something like ‘Jo#hn^ $mi(th}’ and forget their password. It’d be more of a hassle to people. Finally, it eliminates the possibility of a password guesser from thinking of something common like ‘password’.
