Reconsider removing self-assigned account PINs

I’d only be happy with this change if they then go and add a more secure feature like 2FA for unlocking settings. The whole new “parental controls” thing doesn’t seem to add a replacement; this seems more like a security flaw than anything. Mind you, I don’t think it should ever have been under parental controls, I doubt Roblox didn’t know that more people used it for security.

3 Likes

Please do not change this. Adding 2FA into a similar feature would be functional, but there isn’t full parity. There are reasons, such as account sharing, that someone may need your 2FA code one or more times. Though ill-advised, it’s a real scenario that does happen. There is never a scenario where someone will need your parental PIN unless they are attempting to change your account settings. Thus, changing this feature would not be 1:1 and in a lot of the cases people self-set parental PINs, you’d be provided much worse security and control over your account.

2 Likes

You can share the 2FA QR code with the other person, there is no limit to how many authenticator apps you can store it in.

1 Like

I use the pin for this exact reason, if anyone ever steals my cookies they cant just waltz in and change anything in settings without putting in a PIN.

3 Likes

I don’t think that parental PINs should be considered a security feature, the only reason we use them is because they are there and better than nothing.

Instead of advocating for restoring parental PINs, I’d much rather see support for configurable 2FA/Passkey (or even password) prompts on important parts of the platform such as account settings, like the existing parental pin, but also things like Robux purchases and group settings (such as payouts), trading (especially limiteds), etc.

I think it’d be a lot more worthwhile to support a feature like (Prompt 2FA Authenticator on more website features) instead of relying on a non-security feature as security.

(but it would be ideal if Roblox preserved account pins until such a feature exists)

5 Likes

Such an awful security feature to remove.

1 Like

Hey @metatablecatmaid! Appreciate you sharing your feedback! :slight_smile:

For years, Roblox has provided a number of 2-step verification methods for users to add an extra layer of security to their account. Once enabled, 2-step verification will be required before performing sensitive actions on your account, such as certain settings changes and group payouts.

Next month, we are replacing parent PIN with updated parental controls, as described in the email you received.

We acknowledge that many community members may have been leveraging parent PIN to require additional verification before settings changes can be made. Before this update next month, we recommend adding a 2-step verification method as a higher-security alternative to your PIN.

That said, please continue to provide feedback as we will continue to iterate on our features to make them even more secure and easy to use!

3 Likes

I honestly believe the best approach if you strictly want to forego account pins for better parental controls is to instead still provide the ability to lock account settings, but maybe with 2FA, since thats infinitely more secure than a 4 digit PIN code.

So, if you try to change an account setting, it asks for a 2FA code to unlock the account for 5 minutes or something, and it can be locked at any point.

EDIT: I also recently found that having an account pin locks your email address from being changed, was trying to test if that asks for a 2FA check, it does appear like most of the important settings are protected by 2SV, but this isn’t the entire settings list, for example, a malicious script can still change my display name without me knowing.

6 Likes

You’re right that 2SV already covers the important settings—anything affecting how you access your account is already protected by 2SV. The Account PIN, if enabled, is required for every single change on your account.

I have two questions:

  1. You mentioned that a script could easily change your display name without a PIN. Are there any other settings changes you feel wouldn’t be sufficiently protected without a PIN?
  2. I appreciate your feedback around “provide the ability to lock account settings, but maybe with 2FA, since that’s infinitely more secure than a 4 digit PIN code.” After we remove the PIN feature, would it be helpful to have a settings configuration that triggers 2SV for every single change on your account?
5 Likes

the account pin is completely useless lol; if you know anything about pass guessing you would know a macro could guess one of the combos in just a few seconds

If you knew anything about web security you might know there is a limit of how many guesses you have. Out of 10k combinations, having 3 tries before its locked isnt very helpful

2 Likes

Im confused, what will happen to accounts that already have pins?

1 Like

haha good one, there’s plenty of ways to get around that

No, there really isnt since its not client sided but you can wait it out and take multiple months to keep guessing the pin.

3 Likes

For me, the display name is the only important thing here that isn’t protected for some reason. Since this is treated as a secondary username on Roblox nowadays, it seems weird that it isn’t

The approach I was hoping for is similar to the current system where if you try to make a change, it asks for the account pin then unlocks the account setting page for 5 minutes.

It would basically be this but instead of a pin, it would ask you for your authenticator code (or email), then unlock the page for 5 minutes.

1 Like

I have an old account of mine that I made when I was really young, and being influenced by Roblox YTers of that time to set an account pin, I entered some random numbers without any extra thought that I might need to write them down or even remember it for later. Now, almost a decade later, I found my old password thanks to my parents, but I can’t actually reset anything or even change my bio because of this mysterious pin lock.

I support the removal of self assigned account PINs. Situations like these can’t really be solved otherwise, unless I’m wrong

1 Like

removing the pin is a terrible idea when schemes such as cookie logging are rampant and can bypass 2FA without issue…

3 Likes

Players are using parental pins to protect their accounts from bad actors.

If a cookie is stolen, or they have a system virus, or whatever it may be, two factor won’t work in it’s current state. I don’t appreciate you ignoring 99% of the post.

Players want to lock down changing any account settings behind an additional prompt, this protects the player from even session token stealing.

Introduce this new system: When a player wishes to change their account settings, it first requests a second factor, such as a code from email, or a code from an authenticator app, or a security key. Once approved, the player may change settings as they desire. Additional security: If the action fails numerous times, log the user out and send an email.

1 Like

I’m kinda confused, is this not the case already? I tried to change my email just now and got prompted to enter a 2FA code, same with the password. Although it is kinda confusing how it doesn’t prompt it immediately

1 Like

I think one of the best ways you could repurpose the pin rather than remove it altogether, is instead of locking people from doing things such as changing settings, lock them from purchasing items, because lets imagine a situation where a high value profile gets hacked, and the hacker, although not able to completely steal the account due to 2fa, theyre able to steal robux from it by forcing the account to buy assets that takes all of its robux, like if the account had 2 million robux, the hacker could create a gamepass costing 2 million, and make the victim buy the asset, allowing the hacker to steal the robux easily, but this could be completely stopped by a system where when you want to purchase an item, no matter what it is, even if its free, it requires pin authentication, and once authenticated, unlock the pin for 5 minutes like the system it is now.

(I say to include even when its free, because i can imagine a situation where the hacker might want to completely sabotage the account, so they might, for example, publish an NSFW asset to the marketplace, force the victims account to buy it and republish it under their account, and falsely get them terminated for it, which ive seen happen before with “crosswoods” games)

Thats all just my opinion though because I’ve seen various posts on social media where people got hacked and the hackers stole their robux by making their accounts purchase items made by the hackers with the intent to steal the robux.

1 Like