Reconsider removing self-assigned account PINs

I just received a spooky email about how Roblox wants to move towards a system where a parent can create their own account, and then get parental controls on linked child accounts. The parental control stuff that was sent in this email is fine and I support it fully, except for the removal of self-set account PINs.

Its been well reported here that multiple accounts use the PIN feature to protect their account settings from being unexpectedly changed. Its a line of security that, while not its intended purpose, is still useful for protecting accounts from common attack vectors.

2FA through Authenticator stops most vectors, but it does not protect from attacks once the vulnerable session is authenticated, unless the API requires reauthentication. Account pins prevent an authenticated session from simply changing account settings.

Please reconsider your implementation of this feature before removing the ability to self-set an account PIN on your account.

71 Likes

Do you have any screenshots of this? Maybe you’re just misinterpreting it.

I doubt they’d remove important security features - especially if it’s one of the most used and most important ones considering how poor Roblox security is otherwise.

2 Likes

Full message:

3 Likes

I think a better solution would be to add a toggle that activates extra layer of protection by requiring 2FA to change and fully reveal sensitive information.

12 Likes

Who actually uses the parent pin because their parent forced it on? We all put it on ourselves to protect our own accounts…

23 Likes

It’s weird that you got it but not me (and presumably not many others)
I’m wondering if maybe a parent pin is different from the lock pin? Or if there’s some weird thing about my account in particular (wouldn’t surprise me)

3 Likes

Though the “Parent PIN” does prevent settings from being changed, it’s designed as a parental control feature and not a security feature. If someone already has access to your account with your password, they can just as easily change your password and lock you out. It’s becoming more difficult to access accounts via traditional theft methods such as cookie grabbing, because cookies are automatically invalidated when an account is logged into through a different IP address. Multi-factor authentication with an app and a physical key are the best ways to protect your account. Most people have misinterpreted this feature for a long time, and I did for a long time too, but countless admins have told me that it’s not intended to be a security feature despite a lot of people using it as such.

I do agree however that there should be a second step of authentication required before changing account settings, such as having to re-enter a 2FA code before attempting these actions. These security measures are already in place in other parts of the website, such as with group payouts, so I’m actually surprised they haven’t already added this extra measure to account setting changes.

5 Likes

No actually, parental pin stopped that

Anyway I heavily disagree with this change since forced 2FA is bad. I mostly use a computer so having to go and fetch my phone off the charger every 5 seconds is obnoxious.

10 Likes

Unfortunately, parental pin isn’t bullet-proof either; it wasn’t made as a security feature but rather for younger children to not be able to edit their parent’s set settings. As such, there are only a limited number of combinations that can be brute-forced and support will even remove the pin if requested. If the parental pin feature is to stay, it needs to change to be made more secure because looking at the replies, it seems people are under the impression that it is; when it is in-fact not.

5 Likes

I do not agree with this change @Roblox. Removing the parental PIN lets us protect our account from people changing our passwords, emails or stuff. Removing it makes our account be in more danger then before.

Reconsider about this decision, @Roblox.

8 Likes

I personally feel that the pin is needed. Even though it’s called a “parental pin”, its still used in certain cases such as changing group ownership and group payouts.


Also, @c1rcuitbent, Roblox does support Windows security keys where you only have to enter your computer pin to login.

3 Likes

2FA is also required for both of these actions afaik.

3 Likes

This is a terrible change. I use Account Pin to keep people from changing my settings.

I once gave my friend account access (with PIN enabled so i could overwrite) so he could buy me some robux, without account pin, this will no longer be possible.

3 Likes

Parental pin can only be reset by emailing roblox support with your original email, brute forcing pin will be pretty slow because it has a rate limit.

Even if you only see it as a parental limiting setting, it’s still a great security measure and gives you enough time to react before bad actor can brute force it.

5 Likes

I’ve had to bruteforce my pin with educated guesses before, the rate limit is PAINFUL, which means its doing its job, but I did get it eventually.

yeah i probably should’ve just emailed Roblox.

2 Likes

Keep in mind that since Roblox seemingly sees the purpose of this feature as parental controls and not security, it is possible that it’s more likely for a malicious actor to be able to social engineer support by proving they are not a child or something similar. If this was seen as a security feature (which Roblox seemingly doesn’t, given stuff like this), restrictions on removing PINs would probably be more strict. This is just a guess, though, and I’m unsure how strict policies are on removing PINs.

I may be misunderstanding the feature given that I’ve had it disabled since iirc the PIN prompt doesn’t exist in all places and hence some features aren’t usable with a PIN enabled plus Roblox restricts parental control enabled accounts on the Talent Hub. However afaik there isn’t an external warning for incorrect PIN attempts? If a user has bypassed 2FA and account session protection, you also won’t get a warning of that either giving you little, if any, time to notice.

To make it clear, I’m not against parental PIN being a security feature, but I’d also rather see it become actually secure before it’s marketed as one. Right now, the community sees this as a security feature, while Roblox seemingly does not, that conflict in the vision of the feature is a risky thing to have, especially since it relates to security.

One thing I think would be better moving forward would the account settings be locked behind a more secure auth method such as authenticator 2FA. I cant imagine it would be much of a workload to do this since the pin system is already there.

Authenticator 2FA is 99.9% secure, the only way it can be broken if someone gets hold of your current TOTP/backup code, or the keys used to generate said code, but removing the existing system is not the right decision.

6 Likes

i dont understand why roblox is removing this too i remember the account pin saved me once when i got hacked on an old account

5 Likes

I utilize the account pin on both my personal and work accounts to protect the settings from malicious modification. I came here to write exactly the same things as this thread.

Please do not remove the pins. I don’t use them for parental reasons; I use them as a security measure.

6 Likes

i’m not sure which genius at the roblox headquarters thought this was a good idea, but please do NOT remove this feature without adding a replacement

3 Likes