As a Roblox Developer it is currently a risk for any account to hold ownership over a group. If that account, holding ownership of the group, was to become compromised they could leave that group. There is no requirement for verification to leave a group, and no captcha either. So a bot could instantly claim that group, leaving everything up to the attacker.
My suggestion is for Roblox to add a setting, inside your individual user settings that if turned on requires the user to verify before they can leave any group. This prevents accidentally clicks, and compromised accounts from causing any harm to that group. This setting of course would also require verification to turn both off and on.
It’s worth mentioning, that groups should be role based on who can claim the group once there is no owner. If a role is empty it should go down the line until there’s people inside the role.
I think Roblox should use account PIN more often across the site for sensitive actions like this, if the user has it enabled, or maybe force the user to refresh their login cookie first so they need to re-enter their password / a new 2SV code. It definitely makes a lot of sense to me to put more friction on these rarely performed actions that have serious consequences.
I really like this idea, and there should definitely be two alternatives where if the user doesn’t want an account pin but wants the particular setting on. With my own testing there isn’t even a warning screen when leaving groups, regardless if you are the owner. So this makes my original point of misclicks serious, especially with it being so close to the group admin button.
These would be super helpful and a great addition! I’d really like to see the addition of 2-step pin for trades (like a 30m timer before reentering or something like that). Trading right now is where the majority of account thief’s take items from and without the account pin they would be in big trouble and not able to steal any of the users items.