Securing your Account PSA

oh god not that server

Roblox should definitely let more players know how to protect their account (again), a post on DevForum is not enough

1 Like

Having an account that isnā€™t a baconhair would make this post feel significantly more credible.

1 Like

When you realize youā€™re complaining over something roblox went out of their way to do to help us:

My point is that its better to have this not have a reminder at all. In my opinion, there shouldnā€™t be complaints in the thread that this post isnā€™t enough. At least give suggestions to improve security rather than just complaining about their efforts to help usā€¦

I said ā€œjust on DevForum is not enoughā€, does it look like that every Roblox user knows and uses DevForum?

Well no. A more logical way to promote account security is over somewhere like Twitter, as more users are there. Not counting the amount of people who reply on their posts saying their accounts get compromised over scams.

Like I said, the best way right now is to spread the word.

1 Like

Sure, how about ways to prevent cookies from getting stolen? Encrypt it? Put it on a safer jar? Come on, a file can do that (steal the cookies) in three steps, there should be a way to stop it

1 Like

We recognize the concern and are actively working on things to address this. Stay tuned for more!

8 Likes

Already taken care of.

(Its an intentional feature)

Just a quick question, Iā€™ve never had the option to get 2FA codes via SMS, so I feel like itā€™s useless? Is it a US only thing?


2 Likes

Are you using an authenticator app?

1 Like

Yes, Iā€™m using both email and auth app, take a closer look at the screenshots. Even when I had email only, there was nothing for SMS 2FA codes

2FA via SMS is not an option, since SIM cards are more prone to getting locked than your email address

Moreover, if your carrier is locked youā€™d have to change the number when you change the phone (not going through unlock process) and if you have a prepaid SIM, you can lose it

Easier to change your email password than your SIM PIN

3 Likes

i meant something else.

Nevermindā€¦

1 Like

However, 2FA via SMS could actually be an option, as you can only have one phone number anywhere in the world, unlike an email address, thatā€™d be another way instead of using an authenticator app (in case you accidentally uninstall it and you did not save your security codes)

2 Likes

Donā€™t forget about Simswapping

3 Likes

This is incorrect, Roblox links always start with roblox.com, however the ā€˜wwwā€™ is not on every page, for example Roblox uses users.roblox.com, web.roblox.com and create.roblox.com and many more! Also, share-links donā€™t even use Roblox links at all! They use their own website altogetherā€¦

NO! SMS was not built with security in-mind and your calls and messages can easily be tapped into.

4 Likes

What about Roblox perhaps using modern security standards like RCS only? e.g.

1 Like

Yes. Thereā€™s also events.rbx.com as well.

1 Like

Worth noting that as far as Iā€™m aware this is only built into Android so if you donā€™t have an Android device you could no longer log-in. But anyway, we are drifting a bit off topic nowā€¦

2 Likes

What about mobile links and stuff? Donā€™t those have weird URLs?

1 Like