Pin lock setting for purchase and sale of limiteds

I’m not sure if you read my reply but that’s what I’m saying, TOTP app for 2FA codes or prompts on the Roblox mobile app.

If you’re saying you want SMS 2FA, no, that is not as secure as TOTP / app prompts because of SIM swapping being a thing (among other SMS deficits). I highly recommend unlinking your phone number from platforms where you use it just for 2FA and use TOTP instead if the platform provides that option.

3 Likes

When so many people are complaining about their accounts being lost, something has to be done to secure accounts better. You talk like Roblox is set up the best it possibly can when that obviously is not the case. As a developer, I don’t care about losing my hats as much as losing my rent payment for the month. There needs to be more security steps for those who want it.

A PIN to purchase items, sell items and trade items may not be 100% full-proof but would definitely lower the amount of people who get their assets compromised. I know it is currently being used in a limited aspect to protect settings and in-app purchases. I am arguing to expand this PIN system even more to protect other things. They added a PIN to transfer groups, they can do it for currency and limiteds as well.

2 Likes

Not sure what points in my post you’re arguing against, all I’m saying is TOTP/app prompts are more appropriate than using the PIN for this. I’m not saying there shouldn’t be better 2FA/3FA. Feels like we’re talking around each other.

Roblox already is working on TOTP support: https://twostepverification.roblox.com/docs#/ (see the Authenticator section). So it’s only a matter of time before they allow us to use this as 2FA and enforce it on login and other sensitive actions.

4 Likes

I’d like to apologise for bumping this, however I do believe this needs to be in discussion a lot more regularly.

As a user who is still actively involved in the trading economy, it’s been disgusting to see the amount of compromises that have taken place in the last 30 days, it’s worrying how accounts with so many items are vulnerable enough to have it all taken away in moments.

Take nutcase123 for example - this user was (I believe) the 9th richest user on the site at the time he got compromised (with around 40,000,000 in Value, and although most of his items were transferred and taken by the compromisers, a majority of his items were all what traders call “LPP’ed” - which essentially is selling an item for the lowest possible amount, (which is 1, although recently I’ve noticed items manage to be sold for minus values)
image

I’ve also been made aware that a lot of people who are being compromised are at risk of being compromised again after their rollback, in a method where account stealers are social engineering Roblox’s payment system handler (xsolla) where if they have any sort of email address that links someone to a Roblox account, they can request a request a receipt of purchases linked to the account (I’m not 100% confident in saying that, it’s just essentially what i’ve been told.)

The account pin method is one of many ways trading could be more secure, I know things are so bad right now that traders are going out and getting gift cards for premium as their scared to use the Roblox payment system due to the issue I mentioned - and I really think something needs to be done now considering people are scared to use purchase methods available on the website.

18 Likes