Support
a 2 step verification would help
But people aren’t getting into accounts, just mindlessly entering a username for a password reset email.
It seems like staff would be the ones having the biggest problem with this?
e.g. builderman’s email inbox “ROBLOX Password Reset (1853956)”
would think they would have wanted to have that fixed long ago.
or did they just fix it for themselves and leave us with the spam?
Maybe they hired someone who’s only job is to delete them
2 Likes
They probably use the amount of password reset emails he gets as an indicator for concurrent monthly players.
4 Likes
I’m getting spam blasted with these right now, please make this happen…
If anyone wants to tag whoever handles web security (I think TobotRobot), go ahead.
I would recommend having an email filter for these. It’s pretty easy in gmail to set up a filter where they skip the inbox and are all grouped under one label. Then they don’t bother you and you still have them if you need one.
2 Likes
But should we have to do this? Also, how would we know if someone actually did get into our account while we are away (ex: email notifications on phones)?
I’m not saying it shouldn’t be changed, but until it is it is pretty easy to work around. I get so many of these that I would never read them anyway, so they wouldn’t be useful for notifying me of someone getting into my account.
Kinda late but relevant again. I have a mini heart attack every time I see the notification and have to rush onto my account to make sure it’s just the request to reset my password.
who do we have to pay to get this to happen 
Dang HomingBeacon, back at it again with the mini-heart attacks
Seriously, can this happen pleeeeeaassee…
4 Likes
Support 100%
I don’t think it would be a good idea to require email: many users forget which email address they signed up with. But I would like an account setting to control this behavior: that’s what Twitter does and it seems to work:
7 Likes
If they’ve forgotten which email they signed up with, how can they check the email for the password reset?
It’s a matter of convenience. Let’s say the user has a couple of different email accounts open in Gmail. Under the current system he can simply type his username and then check the inbox of each email account to see which one it belonged to. He may even get a desktop or push notification which makes it really easy to figure out which account it was.
Now imagine the new system. He has to type in every { username, email } combination until he gets it right. Alternatively he can use the “Forgot my username” feature but it still requires him to enter every email address he has until he gets it right.
So essentially you’re taking what is currently an O(1) operation and transforming into O(N) operation where N is the number of email addresses the user might have signed up with. This is guaranteed to discourage some users to the point where they either leave ROBLOX permanently or make a new account.
2 Likes
What if it’s done like Google?
Google gives you part of the name and you have to fill it out to prove it’s you:
RandomEmail@provider.com
Ra*******il@provider.com
That would be far worse than the current system as it would mean anyone can figure out parts of my email address. To my knowledge Google only shows partial email addresses when you’re already logged in and don’t remember your backup email
2 Likes