As someone who has had my account accessed without my authorization 2ce due to the value of items on it over the years (and in part due to lack of security features which caused me to lose tons of items and get a small portion of the Robux as compensation) accoutn security on Roblox still has a long way to go.
The inclusion of PINs for changing settings was a great step, but I don’t see why I can’t have a 2FA required before trades or item listings… These are THEE most common ways users are robbed if their account is accessed. Limited items are sold in bulk for dirt cheap and trades are sent off for other items.
Requiring 2FA for listings AS WELL AS simple common sense limiters (such as items being sold very rapidly, dirt cheap, or BOTH) are easy to automatically block. If an item is attempted to be listed very cheap 2FA should be asked REGUARDLESS OF ACCOUNT SETTINGS if it has not recently been asked for the exact reason. All listings should have a small pending period (even if only a minute) so as mass listings can easily be stopped and 2FA asked for.
I still have a spreadsheet full of items I lost and what I was given to get them back… which was 75% of their value then… and not even 20% now. Hurts my heart to know that it happens to anyone, especially when Roblox can limit the impact with common sense security checks.
On that note, I do want to thank the teams at Roblox who have added additional security settings since I joined way back when. Huge shout-out as well to work on internal tools to recover users items when they have had their accounts compromised because the second time my account got accessed I thought it was going to be the point I gave up on the site but instead new tools allowed you to get everything back to me. More work to be done, but please don’t take it as thinking you haven’t worked hard!