More safety features involving your security PIN

Recently, there has been a surge of compromised accounts that lead to the loss of many things. One of my biggest fears as a developer is someone getting access to my games without my consent. Since ROBLOX has a safety pin feature in place, I feel like it should be used for more reasons.

There main three places that I believe adding a safety pin should be an option are:

• Editing Games -
  Say if somebody magically got access to my account, the most important thing to me that I would not like for them to have access to is editing my games. They could steal LITERALLY everything, and then next thing you know, my personal games are being spread around and being picked apart for buildings, scripts, ui, etc. This also includes group games that are worked on with other people.

• Configuring Groups -
  Say, once again, someone magically got access to my account, they could simply pay themselves out all of the robux in the group without any security, AND they could steal any games that were made in the group. If there was any security on just simply configuring the group, they would not be able to pay themselves out, edit games, or promote people to a high enough rank to have access to edit games.

• Purchases -
  Many developers have bunches of ROBUX sitting in their account, just waiting for their next cash out date. If some how, somebody gained access to their account, they could simply buy a shirt with all of the developers robux, leaving them with simply 0. I wish there would be some way to add optional security to completing any purchase. This could also help parents monitor what their child is spending ROBUX on.

If implemented, Roblox would become an example of how not to do security from a UX standpoint.

It would be detrimental to my workflow as a developer and player to have to go to settings and type in my pin, which only leaves it unlocked for 4 minutes, just to edit my game, make a purchase, make a payout, or change a group rank.

Account pins are meant to make rare and sometimes irreversable changes (such as group ownership transfering or changing crucial account settings). They are not a substitute for basic account security.

If implemented, there would be no specific point as to when each of these would happen. Plus, a hijacker would be able to find this information about as easily as a regular account pin. It’s just a big slowdown, and a massive halt to my workflow, as Studio already bugs and crashes every other second,

In my opinion, they should implement TOTP (i.e. methodology behind Google Authenticator) and have the option to enable this, and prompt for codes for sensitive account/game/group actions if you haven’t been prompted for one in a while.

There should be options in the settings page to choose for what actions you want to enter your PIN.

On this way, you can choose for what actions you want to be asked for your PIN. A small group owner wouldn’t like to enter their PIN for a change of their groups, for example.