On roblox you can disable trading and lock it with a 4 character pin in your player settings, which is great in preventing your account from being hacked and trading away the items when you are not online. However I would like to see this expanded.
The same thing should be enabled for use in purchasing items with robux, and selling your limiteds in the catalog, so even if someone did manage to break into your account if you had these enabled they wouldn’t be able to sell your limiteds or make any purchases.
Its not a direct feature; but go into Settings > Privacy and add an account pin. Then turn off trading in settings and nobody can send trades/receive trades on your account unless they have the pin.
When gained unauthorized access to an account, malicious users have complete, unrestricted access to selling/trading away limited accessories (if the original owner bought them on their account) to another account, usually the hacker’s account. This is an issue because there is a lack of security on trading/selling limited items.
For example, User A’s account gets compromised and User B, who has complete access to User A, trades away all of their items to one of User B’s alternate accounts.
While you could argue that User A can rollback the trade by contacting support, however, you can only rollback a trade only once, and User A may be out of luck if they already rolled back once.
A required Account PIN to confirm limited selling/trading would prevent this from happening since User A only knows the PIN, thus, User B cannot trade/sell away all of their items unless they know the PIN themselves.
If this were to be implemented, it would reduce incidents from happening and overall improving account security.
As a Roblox developer/Player, it is currently too hard to trade without people using exploits to steal your items. Adding a pin to trading can help with the exploiting problem. My friend DarkHoodYT was holding on to my limiteds at the time he got cookie logged and all of the items he has were stolen even the ones he was holding on for me. He was holding it on because I needed a program to help fix one of my laptops and the program was sketchy. So I asked him to hold on to them when I was using it. After he got cookie logged I lost my Blue Wink and my Universal Fedora. He lost a Green Bandit Top Hat and Black Iron Horns. If we had a account pin for uploading creations and trading this will fix the problem. People won’t be able to cookie log your account and steal your expensive limiteds.
If Roblox is able to address this issue, it would improve trading by making it safer! Roblox should add this to the settings page to help with these issues. Thank you for reading.
Gonna bump this up and say we need the following done involving account pin:
Trading Limiteds on a account
Deleting and Selling Limiteds on a account
Any sort of file upload and deletion (sound, decal etc.)
With ROBLOX adding account pin to group transfer, it has prevented a lot of people from stealing groups. But limiteds are still up in the air and they need to be locked down too.
As a developer who often needs to upload decals for UI and Textures for building, I can tell you straight up that would be extremely annoying having to type in my PIN. Even if you had the 5 minute unlocked cooldown it would be obnoxious.
Fair enough. A better way of handling that would be either extend the cooldown or let us set the cooldown to however long we need it to be, such as an hour for example. That’s if they actually go through with account pinning file uploads.
As a Roblox player that happens to have quite a bit of Limited U item’s I’ve been lately been concerned with a big flaw of roblox’s security.
Lately a lot of players with items worth hundred thousands , sometimes even MILLIONS worth of robux in items have been getting compromised way more frequently than normal. Some people that get into these accounts will have their trades off with a pin; so if someone happens to break into their account, they can’t turn their trades on to send the items onto an alt account.
You know what these people do instead? they sell the items, often BIG items for way below the average price. This is a pretty big deal because even if the person that got compromised gets a rollback, they still deal with the items that may not be doing as well due to them selling extremely below than what it normally sells for. I feel like adding a feature to add a pin when selling Limited items will also not only help the economy of the site but make others feel slightly more safe. I’ll send some screenshots of big items selling abnormally low and a video about this suggestion and sums up what been going on.
Video by Doublebox, suggesting to add a pin when selling limited items
After getting my account compromised for the first time in my 12 year career, I’ve been thinking of all the other people who have problems with their robux/limiteds/etc being botted away from their account.
One thing I’ve been thinking is why not allow players to enable a PIN system for buying/selling/trading their items. It’d be just like using a debit card at a store, if you don’t know the PIN then there would be no way of compromising the items.
If Roblox is able to address this issue, it would drastically decrease the amount of people who have to complain about losing all their items and initiating a rollback. There may be a problem with people forgetting their pins, but overall I think this would be an easy solution to protect user’s hard earned items.
Upsetting to see this happen to so many developers still without something as simple as a pin being implemented. I suggested this way back in March 2017 when there wasn’t much of a need, but because of the rampant number of new breaches, I think it’s only necessary.
A pin is not secure for this because it is a static secret, also the parent pin is meant to block in-app purchases and setting changes, not meant for any other features. It would be better as a TOTP code prompt or a 2FA prompt on a mobile app that you need to acknowledge.
What about letting me use my phone as two step verification when someone tries to log into my account? I have always felt my accounts are most safe with that security measure.
