The feature for signing out of other sessions is now live for everyone. Let me know if you guys run into any issues!
@RobloxSai. What about clicking the sign out other sessions, if a exploiter allready has acess to your account, and just keeps clearing it so you canāt get in.
It should ask for password when signing out other sessions (making it one more step safer)
Also clicking reset password should ālockā your account if you click āconfirm password resetā from your mail.
Like this.
- clicks reset password on site (opens to everyone and many will proabebly try to reset famouse peopleās accounts.)
- There comes a āconfirmā link to your E-mail were it says "dissable account until new password is in place.
- After clicking the link, you get a new E-mail that has a temp password.
- After adding the temp password you will be able to create a new password.
- After creating a new password you may log in on the site, and it activates your account again.
It also signs you out as well, so they canāt do that.
A real quick fix would be to introduce a second cookie that works just like ROBLOSECURITY but isnāt based off of it in any way. It will take a considerable amount of time for phishers to figure out the second cookie as long as its name is disguised.
Yes, that is true. If the exploiter has access to your account, then this will be abused.
The verification step you are mentioning is called 2-Step verification which is common across many sites these days. We do have plans on improving our web security to make accounts more secure.
Regarding the locking out step - donāt we already have something similar in place for resetting passwords. Why do you need to lock the account until the password is manually reset. If the user needs to manually click on a link to lock the account, shouldnāt he just go a step further to actually reset the password instead of leaving his account frozen?
[quote] @RobloxSai. What about clicking the sign out other sessions, if a exploiter allready has acess to your account, and just keeps clearing it so you canāt get in.
It should ask for password when signing out other sessions (making it one more step safer)
Also clicking reset password should ālockā your account if you click āconfirm password resetā from your mail.
Like this.
- clicks reset password on site (opens to everyone and many will proabebly try to reset famouse peopleās accounts.)
- There comes a āconfirmā link to your E-mail were it says "dissable account until new password is in place.
- After clicking the link, you get a new E-mail that has a temp password.
- After adding the temp password you will be able to create a new password.
- After creating a new password you may log in on the site, and it activates your account again. [/quote]
Yes, that is true. If the exploiter has access to your account, then this will be abused.
The verification step you are mentioning is called 2-Step verification which is common across many sites these days. We do have plans on improving our web security to make accounts more secure.
Regarding the locking out step - donāt we already have something similar in place for resetting passwords. Why do you need to lock the account until the password is manually reset. If the user needs to manually click on a link to lock the account, shouldnāt he just go a step further to actually reset the password instead of leaving his account frozen?
Allow us to use Google, FaceBook, Twitter, GitHub etc for an additional layer of security?
Like link the ID to our account and when we try to login, we also need to login through the service that we linked to our account.
And also if you get and ID, use it to encrypt and decrypt the cookie?
If your account has been compromised, you should immediately reset your password. But letās say you logged in at the library and forgot to log out. Then you can use the āSign out of all other Sessionsā button.
Could this feature by taken one step āfurtherā. On other websites you can log off each single session out by clicking a ācrossā next to it. That way I donāt get logged out on all my devices. (PC, Tablet (2x) and Phone)
I know Facebook has two step authentication if you log in from a country for the first time. This might not be a perfect fix but could go a long way to adding extra security.
Please tell me your going to finally use my idea of using an authenticator like the game World of Warcraft uses to protect player accounts. This would literally stop people from stealing accounts. Fingers crossed pls say yes :D!!!
Why would anyone log into ROBLOX at a library? Who goes to the library now days! O_o Seranok ur weird if u do go to itā¦
books everywhere = not part of my dreams sorry.