Pin lock setting for purchase and sale of limiteds

I didn’t think your post covered it enough.

You can add a reply to their thread with more details / more use cases / etc, instead of starting a new one about the same topic.

3 Likes

Sorry to bump this but, how do you get the trade pin thing?

Its not a direct feature; but go into Settings > Privacy and add an account pin. Then turn off trading in settings and nobody can send trades/receive trades on your account unless they have the pin.

3 Likes

When gained unauthorized access to an account, malicious users have complete, unrestricted access to selling/trading away limited accessories (if the original owner bought them on their account) to another account, usually the hacker’s account. This is an issue because there is a lack of security on trading/selling limited items.

For example, User A’s account gets compromised and User B, who has complete access to User A, trades away all of their items to one of User B’s alternate accounts.

While you could argue that User A can rollback the trade by contacting support, however, you can only rollback a trade only once, and User A may be out of luck if they already rolled back once.

A required Account PIN to confirm limited selling/trading would prevent this from happening since User A only knows the PIN, thus, User B cannot trade/sell away all of their items unless they know the PIN themselves.

If this were to be implemented, it would reduce incidents from happening and overall improving account security.

26 Likes

I totally agree. For now, the only solution is to have a really good password which contains:

  • Symbols
  • Capital letters
  • Small letters
  • Numbers

You shouldn’t use:

  • Numbers in order (for example, 1234567)
  • Words that can be found on dictionaries (for example, bag)
  • Passwords you use in other services
  • Personal Data (for example, your birth date)

You should have also turned on 2SV. This is the only solution for now. Hopefully, Roblox will address this issue.

By the way, the PIN is one more security step, but it can be revealed if there’s a keylogger virus installed in your device.

8 Likes

It is recommended to have 2 factor authentication on. This way even if they get your password, they will need the 6 digit pin to log in.

6 Likes

As a Roblox developer/Player, it is currently too hard to trade without people using exploits to steal your items. Adding a pin to trading can help with the exploiting problem. My friend DarkHoodYT was holding on to my limiteds at the time he got cookie logged and all of the items he has were stolen even the ones he was holding on for me. He was holding it on because I needed a program to help fix one of my laptops and the program was sketchy. So I asked him to hold on to them when I was using it. After he got cookie logged I lost my Blue Wink and my Universal Fedora. He lost a Green Bandit Top Hat and Black Iron Horns. If we had a account pin for uploading creations and trading this will fix the problem. People won’t be able to cookie log your account and steal your expensive limiteds.

If Roblox is able to address this issue, it would improve trading by making it safer! Roblox should add this to the settings page to help with these issues. Thank you for reading.

From,
Brian

2 Likes

Gonna bump this up and say we need the following done involving account pin:

  • Trading Limiteds on a account
  • Deleting and Selling Limiteds on a account
  • Any sort of file upload and deletion (sound, decal etc.)

With ROBLOX adding account pin to group transfer, it has prevented a lot of people from stealing groups. But limiteds are still up in the air and they need to be locked down too.

7 Likes

Not really a bump, but I would like to touch on

As a developer who often needs to upload decals for UI and Textures for building, I can tell you straight up that would be extremely annoying having to type in my PIN. Even if you had the 5 minute unlocked cooldown it would be obnoxious.

1 Like

Fair enough. A better way of handling that would be either extend the cooldown or let us set the cooldown to however long we need it to be, such as an hour for example. That’s if they actually go through with account pinning file uploads.

2 Likes

As a Roblox player that happens to have quite a bit of Limited U item’s I’ve been lately been concerned with a big flaw of roblox’s security.

Lately a lot of players with items worth hundred thousands , sometimes even MILLIONS worth of robux in items have been getting compromised way more frequently than normal. Some people that get into these accounts will have their trades off with a pin; so if someone happens to break into their account, they can’t turn their trades on to send the items onto an alt account.

You know what these people do instead? they sell the items, often BIG items for way below the average price. This is a pretty big deal because even if the person that got compromised gets a rollback, they still deal with the items that may not be doing as well due to them selling extremely below than what it normally sells for. I feel like adding a feature to add a pin when selling Limited items will also not only help the economy of the site but make others feel slightly more safe.
I’ll send some screenshots of big items selling abnormally low and a video about this suggestion and sums up what been going on.

Video by Doublebox, suggesting to add a pin when selling limited items


Dominus Aureus Selling abnormally low (300k-400k) multiple times


Purple Sparkle Time Fedora selling for 1.5m despite it normally selling twice that amount

8 Likes

After getting my account compromised for the first time in my 12 year career, I’ve been thinking of all the other people who have problems with their robux/limiteds/etc being botted away from their account.

One thing I’ve been thinking is why not allow players to enable a PIN system for buying/selling/trading their items. It’d be just like using a debit card at a store, if you don’t know the PIN then there would be no way of compromising the items.

If Roblox is able to address this issue, it would drastically decrease the amount of people who have to complain about losing all their items and initiating a rollback. There may be a problem with people forgetting their pins, but overall I think this would be an easy solution to protect user’s hard earned items.

Concept a friend made:

64 Likes

Upsetting to see this happen to so many developers still without something as simple as a pin being implemented. I suggested this way back in March 2017 when there wasn’t much of a need, but because of the rampant number of new breaches, I think it’s only necessary.

5 Likes

A pin is not secure for this because it is a static secret, also the parent pin is meant to block in-app purchases and setting changes, not meant for any other features. It would be better as a TOTP code prompt or a 2FA prompt on a mobile app that you need to acknowledge.

6 Likes

What about letting me use my phone as two step verification when someone tries to log into my account? I have always felt my accounts are most safe with that security measure.

I’m not sure if you read my reply but that’s what I’m saying, TOTP app for 2FA codes or prompts on the Roblox mobile app.

If you’re saying you want SMS 2FA, no, that is not as secure as TOTP / app prompts because of SIM swapping being a thing (among other SMS deficits). I highly recommend unlinking your phone number from platforms where you use it just for 2FA and use TOTP instead if the platform provides that option.

3 Likes

When so many people are complaining about their accounts being lost, something has to be done to secure accounts better. You talk like Roblox is set up the best it possibly can when that obviously is not the case. As a developer, I don’t care about losing my hats as much as losing my rent payment for the month. There needs to be more security steps for those who want it.

A PIN to purchase items, sell items and trade items may not be 100% full-proof but would definitely lower the amount of people who get their assets compromised. I know it is currently being used in a limited aspect to protect settings and in-app purchases. I am arguing to expand this PIN system even more to protect other things. They added a PIN to transfer groups, they can do it for currency and limiteds as well.

2 Likes

Not sure what points in my post you’re arguing against, all I’m saying is TOTP/app prompts are more appropriate than using the PIN for this. I’m not saying there shouldn’t be better 2FA/3FA. Feels like we’re talking around each other.

Roblox already is working on TOTP support: https://twostepverification.roblox.com/docs#/ (see the Authenticator section). So it’s only a matter of time before they allow us to use this as 2FA and enforce it on login and other sensitive actions.

4 Likes

I’d like to apologise for bumping this, however I do believe this needs to be in discussion a lot more regularly.

As a user who is still actively involved in the trading economy, it’s been disgusting to see the amount of compromises that have taken place in the last 30 days, it’s worrying how accounts with so many items are vulnerable enough to have it all taken away in moments.

Take nutcase123 for example - this user was (I believe) the 9th richest user on the site at the time he got compromised (with around 40,000,000 in Value, and although most of his items were transferred and taken by the compromisers, a majority of his items were all what traders call “LPP’ed” - which essentially is selling an item for the lowest possible amount, (which is 1, although recently I’ve noticed items manage to be sold for minus values)
image

I’ve also been made aware that a lot of people who are being compromised are at risk of being compromised again after their rollback, in a method where account stealers are social engineering Roblox’s payment system handler (xsolla) where if they have any sort of email address that links someone to a Roblox account, they can request a request a receipt of purchases linked to the account (I’m not 100% confident in saying that, it’s just essentially what i’ve been told.)

The account pin method is one of many ways trading could be more secure, I know things are so bad right now that traders are going out and getting gift cards for premium as their scared to use the Roblox payment system due to the issue I mentioned - and I really think something needs to be done now considering people are scared to use purchase methods available on the website.

18 Likes