Securing your Account PSA

I rather be annoyed to put my 2 factor authentication code than wait 14 days which doesn’t provide any real protection. I am glad that you agree.

Also I think security keys should be a login option as well because Google Chrome supports it.

I think that’s quite unnecessary and unreliable

Its ironic to see a couple people saying that the post is bad when DevRel is literally going out of there way to remind us to keep our account secure.

Really? I have never heard that something like this is unreliable.

Good thread to help people.

For anyone wondering, here are the only official Roblox links:

Maybe there should be an option for users to privatize the limiteds they have if they turn trading off or something like that. It’ll deincentive scammers from targeting specific accounts.

When you’re logging onto your Personal Computer sure, a physical key is useful as your door, but remember not everyone understands how a physical key works (nor everyone could plug a USB on your iPad), and as you know, people tend to lose stuff

You’re logging into Roblox, not your PC.

I would also like to add that you can check the domain owner and see if it’s roblox. For example just insert the domain in the search bar of https://domains.google.com then click “find domain owner” and see the “Registrant organization” field, it should be “Roblox corporation”

As someone who has had my account accessed without my authorization 2ce due to the value of items on it over the years (and in part due to lack of security features which caused me to lose tons of items and get a small portion of the Robux as compensation) accoutn security on Roblox still has a long way to go.

The inclusion of PINs for changing settings was a great step, but I don’t see why I can’t have a 2FA required before trades or item listings… These are THEE most common ways users are robbed if their account is accessed. Limited items are sold in bulk for dirt cheap and trades are sent off for other items.

Requiring 2FA for listings AS WELL AS simple common sense limiters (such as items being sold very rapidly, dirt cheap, or BOTH) are easy to automatically block. If an item is attempted to be listed very cheap 2FA should be asked REGUARDLESS OF ACCOUNT SETTINGS if it has not recently been asked for the exact reason. All listings should have a small pending period (even if only a minute) so as mass listings can easily be stopped and 2FA asked for.

I still have a spreadsheet full of items I lost and what I was given to get them back… which was 75% of their value then… and not even 20% now. Hurts my heart to know that it happens to anyone, especially when Roblox can limit the impact with common sense security checks.

On that note, I do want to thank the teams at Roblox who have added additional security settings since I joined way back when. Huge shout-out as well to work on internal tools to recover users items when they have had their accounts compromised because the second time my account got accessed I thought it was going to be the point I gave up on the site but instead new tools allowed you to get everything back to me. More work to be done, but please don’t take it as thinking you haven’t worked hard!

I don’t mean it should be forced on you to rollback or so.
But for people who spend a lot of time and maybe money on there game like badimo it could mean a big financial loss.

I appreciate the effort put into the post in order to keep user accounts safe and avoid compromising accounts. But you might have reached the wrong audience, unfortunately. The problem is not the content in the post itself, but the individuals you are targeting. All, if not most, users who can access this forum, have already taken minimal to maximal precautions to avoid their accounts being stolen. It would be a lot more efficient if you instead target a younger audience, who tend to be less knowledgeable about the matter. Other than that, excellent and concise post.

Note that anyone can view this announcement, even when not logged in. So technically they’re targeting all audiences. Its not like they can announce this anywhere else.

But most people will not look here daily or even know that this forum exists.

An 8-year-old will not be of interest in going to the DevForum to check the announcements thread. They will go to the Roblox front page, browse the games page, or the catalog. They will not bother checking the forum, let alone they acknowledge its existence. Unless someone prompts them here, the chances of viewing the topic are very small.

Where else would Roblox be able to post it where all audiences can view it?

The only way people would be able to see it would be by sharing this post to others.

Where else could they post it where all audiences would see it? Twitter?

If you remember so, about a year ago, Roblox had made a game about securing your account, and you could earn virtual goods by completing the game/trivia/hunt. It’s an effective way of achieving the desired result, as both parties can profit off of it.

Yeah but it seems like they’re more focused on sponsored events lately.

As of now sharing the post is more effective.

For example, a moderator of the unofficial Roblox Discord Server already made an announcement on it

image960×2079 388 KB

Our recommendation is that if your email is more secure than your phone number (ie. you have 2FA set up for your email), you should generally use email over phone.

Great feedback! We are thinking about this within our security team right now. Stay tuned for more in the coming months.