Require Account Pin for Group Actions

As a Roblox user I feel that large groups I am a part of could be at risk if my account, or Roblox session were compromised. Currently there is no way to prevent a user with access to my account from sending payouts, exiling users, etc in groups I am a part of.

If Roblox were able to address this issue it would greatly improve the security of group funds, games, and users, and reduce the number of situations where compromised administrators and developers destroy group progress.

This request is similar to the one here, however I think that all administrator actions (e.g. exiling, editing group games, modifying assets, etc) should require the user’s pin. I have seen countless examples of groups being absolutely ruined by compromised users.

28 Likes

I recently read a post that talked about group security and I thought that it would be a good idea to have this implemented.

The pin system would work very similar to the one that is found on your user settings, and can be set by the group owner only. This would limit the security risks, if only the owner could do it. However, special circumstances such as the group owner being hacked, and a trusted official in the group (e.g. the co owner) may need to set a pin to prevent problems.

We’ve all read several stories about things similar to:

  • Group owner gets hacked and loses group, with funds in it
  • Group owner gets banned and lost all the funds in the group

This isn’t going to prevent all undesirable things happening.
The group is still vulnerable to:

  • A group member changing group settings (if they know the pin and are given permissions to change the group settings, all hope is lost)
  • If you want people to be able to change things in your group (which may be the case), you’ll need to share the group pin.

Despite all this, there are clear reasons why it will be useful if added.

Why is this useful?
As explained above, it would help prevent a lot of unnecessary frustration when it comes to managing groups and it may help to reduce the amount of issues with lost funds, groups alike through using this new protective measure.


I have two ideas regarding this:

  • To access ‘Configure Group’, you need to enter the pin and it expires after ~5 minutes
  • Or when you edit a group setting, you need to enter the pin.

Similar ideas, but they have different effects (pretty self-explanatory what the pros and cons of each are).

11 Likes

I definitely agree with what you’ve said. The post you’re referring to is actually the post that inspired me to make this request (since no other request already existed). Having a group-specific pin that all administrators can use would be great to have. I do think that it makes sense for each user to have a unique pin though. The ability for users to share the pin with others would be risky, and having a unique pin per user would lessen this.

1 Like

Totally agree with this. I think its basically needed at this point when dealing with robux that can be converted to real money

4 Likes

Bumping this as there has been some progress on this, which is a good start. Roblox is going to improve account security over the next few weeks, as said in the post I linked.

1 Like

No, they didn’t specify any timeline (re-read the announcement). It doesn’t mean they are necessarily planning to release anything else in the near future.

2 Likes