More security when sending password reset email

For the past week, some person has been rapidly sending password reset emails. Now, before, I occasionally got them every once and a while, but now I’ve been getting 5-10 every other day at the same time. It’s spam and abuse of a feature that’s made to help someone.

There’s some easy fixes to this and I’m hoping ROBLOX would consider adding them.

  1. Require the user to input the verified email of the account:
    I know many websites do this. It won’t send an email unless you verify that you know what email it’s going to. Makes sense.

  2. Allow us to set security questions:
    I’ve heard this idea in the past. This will add more security to someone’s account. When setting a password, the person must answer a few questions in order to prove they are the owner or the account. This will prevent people from being able to send a bunch of emails since they don’t know the answers to the questions associated to the account.

Please consider adding these ideas… The amount of password reset emails I’m getting is becoming ridiculous. The last set I got was 10 emails at 11:30 at night… Someone is obviously abusing this to spam me.

If you have any other ideas on how ROBLOX can improve this security, please post below.

Bad advice dog: don’t set a recovery email! Problem solved!

On a serious note, it should also make the link to reset a hyperlink. If someone is still using AOL or another outdated email that can’t parse hyperlinks, that’s their fault in 2015. Or let’s add SMS 2-step verification.

I had my account stolen for a short while because someone saw I was streaming, sent a password reset, went onto the stream, and (I thought I paused the stream before I went to my email) owned the reset email. The person screenshotted the URL and bam.

[quote] Bad advice dog: don’t set a recovery email! Problem solved!

On a serious note, it should also make the link to reset a hyperlink. If someone is still using AOL or another outdated email that can’t parse hyperlinks, that’s their fault in 2015. Or let’s add SMS 2-step verification.

I had my account stolen for a short while because someone saw I was streaming, sent a password reset, went onto the stream, and (I thought I paused the stream before I went to my email) owned the reset email. The person screenshotted the URL and bam. [/quote]

That’s a clever way to steal an account.

On topic: I agree, I had to make a new email for password recoveries because i would get about 10 a day.

Setup a rule for your mailbox that automatically puts them in a different folder or changes the priority so that you aren’t notified of them. At the end of the day if you need one then you’ll know when you should be receiving them as well as where to find them.
You could even add them to spam because at the end of the day most spam inboxes don’t clear for a few days which would allow you to receive them if they’re needed still.

[quote] Setup a rule for your mailbox that automatically puts them in a different folder or changes the priority so that you aren’t notified of them. At the end of the day if you need one then you’ll know when you should be receiving them as well as where to find them.
You could even add them to spam because at the end of the day most spam inboxes don’t clear for a few days which would allow you to receive them if they’re needed still. [/quote]

The point of my post is that we shouldn’t have to do this. There should be more security and it should confirm that you are the owner of the account who’s getting the email. People are abusing the fact that they can just click a link to spam the owner of an account.

Why hasn’t Roblox just done this all along? It’s pretty much the standard.

[quote]

Why hasn’t Roblox just done this all along? It’s pretty much the standard. [/quote]

Because half of the time, little kids forget what email they signed up with; they then use this to go through all their known email accounts and see if there is a password reset somewhere. I’ve been there.

Then at least an choice in the options menu would be great.

How do you want to recover your password in the future?
-Provide my username
-Provide my email