Pin number required for purchases

GollyGreg · March 6, 2017, 6:53pm

They should make a new password…
If someone is able to steal another person’s password, then they’ll be able to steal the pin as well.

I’m not sure if this is the problem worth solving. I’d look at the bigger picture

younite · March 6, 2017, 6:55pm

If they are able to steal the password, then surely there should be backup alternatives?

GollyGreg · March 6, 2017, 6:59pm

Let’s try an exercise

How come no one has ever logged into my account vs LilJohnnyRockstars account when I’ve had my account for 9 years and Johnny has had his account for 5 months before someone took over his account? We both have BC and someone would benefit from stealing our passwords. What’s the difference between our accounts that enables his to be taken? Solve that and you’ll be closer to the root of the problem

What you’re proposing is another layer of 2 auth tokens that we already have enabled

J_J · March 6, 2017, 7:03pm

No parent cares about their kids virtual money. Just sayin’.

younite · March 6, 2017, 7:05pm

I meant it as in for us as developers or people with money, not in the parents terms

AbstractAlex · March 6, 2017, 7:08pm

What? If I pay money for my kid to get robux I don’t want to hear that they got it stolen.

Regarding a parent pin for devs; we have 2FA. No matter how many additional (opt-in) security steps we have people will always have their stuff stolen because they don’t care about security. They’ll leave 2FA off and use the same passwords.

If you want to secure your stuff then simply turn on 2FA and use a different password for roblox and your email.

J_J · March 6, 2017, 7:25pm

Obvious exception if they bought ROBUX. I just think the ratio of paying parents vs non paying is in favor of the latter.

AbstractAlex · March 6, 2017, 7:28pm

The only people who have virtual money (aka robux) are developers who earned it or players who bought it with real money. 99.99% of users are not profiting developers so I’m not sure I’d call this an exception.

rbx_lua · March 6, 2017, 7:33pm

I completely disagree with this idea. If this started, some parents would either

Question their children as to the usefulness of any purchase, which in the eyes of a parent, is practically none. The purchase rate of all children would plummet downwards, and that’s not good for Roblox nor developers.
Be unwilling or unavailable to enter the pin for purchases, some or all of the time, and effectively prevent the child from ever spending Robux.

Also if you’re a developer who wants to protect your account use two-factor authentication. Once they are in your account it really doesn’t matter what they are buying, they are able to do an array of other things to it as it is.

younite · March 6, 2017, 7:36pm

The main query for this idea was if the person was hacked, as in, having a person have full control of their account. 2SV is still not 100% secure.

rbx_lua · March 6, 2017, 7:39pm

That’s not what the parent pin is designed for. It has absolutely nothing to do with account security. I think this suggestion would do far more harm through the actions of parents than help in the very few cases where someone who gets hacked has purchases disabled without parent pin.

Just imagine playing games, and imagine having to go ask your parent every time you want to make a micro-purchase, or buy a new clothing asset, or game pass. Or to send a trade for that matter. I think this would have major negative ramifications on the economy and would have very little positive impact.

ConnorVIII · March 6, 2017, 8:41pm

lol well thats -50% revenue right there

younite · March 6, 2017, 8:43pm

I didn’t mean it in a parent pin, I meant it as a passcode that only you know, could be your password, could be a pin number.

younite · March 6, 2017, 8:43pm

Fixed title

Seranok · March 6, 2017, 9:24pm

Maybe we could add an account setting that requires you to re-enter your password when you make a purchase. Or have a maximum amount of Robux you can spend per day and to spend over that amount you have to enter your password.

This gets really complicated when you take into account all the ways you can transfer monetary value (in-game, group payouts, trades) so I’m not sure it’s even worth implementing.

wravager · March 7, 2017, 2:39pm

in game wouldn’t work unless UIS is turned off otherwise you could just keylog their password and send it off to a discord channel or whatever

Tomarty · March 7, 2017, 2:41pm

Similar post from ages ago: Transaction PIN

Holly_Daze · March 7, 2017, 5:28pm

I think this is partly covered by 2FA. If you have a different password for both your Roblox account and your Email you should be pretty safe. Purchasing assets could always just trigger another 2FA email code, who knows.

FearMeIAmLag · March 8, 2017, 2:56am

A great alternative to this would just be requiring 2FA and a verified email in order to allow purchases and trades.

Tomarty · March 8, 2017, 7:29am

I would be much more likely to give my younger relatives robux if I could control what they spend it on. Giving the paying customer control over what they buy shouldn’t negatively affect revenue. Last week I saw my 3 year old niece trying to press the buy dev product button on a cheap tycoon game. Less younger kids would accidentally spend robux on crappy games, but that’s hardly a problem