There’s a balance between safety and annoying users, which I’m sure you already know, it’s important to note. I personally would prefer a code per sensitive action. However, it seems like most people here want the less secure and more ease-of-use thing (a one-time code/PIN to be able to change settings).
The one-time code here does have drawbacks, as you mention here:
That said, I think some don’t understand the difference or like the idea of the PIN more. Maybe it’s a familiarity thing, not entirely sure. Having both 2FA and a one-time code/PIN would likely solve the issue, but that could be bloat/unnecessary or lead to confusion.
That’s how I’m reading this; apologies if I misunderstood.
Another point where a 2FA would be useful for is large transactions.
A setting where you could set a price in which you’d have to enter a 2FA for.
For example: All purchases above ((amount you set in settings)) will require a 2FA.
This could stop the problem of scammers clearing your account from robux in one go but would create the next problem where scammers would most likely just make you re-buy a smaller priced item over and over to clear your robux.
^ In this case the smartest thing which I can think of, but maybe you and your team or someone here whos reading my messages can think of better ways, would be to have a option where you could limit the amount of robux spent in a day before itll require you to enter 2FA
For example: You can only spent ((amount you set in settings)) robux a day before it’ll require you to enter the 2FA option.
And/or if 2fa/pin should trigger in the first place. It was annoying entering a pin just to update my account description, but I wanted it for other things, such as joining games. Now imagine going on your phone → to a website/app → getting the code → entering that code every time you want to play a game. This is why I’m against the 2FA gates and want them to coexist so you can choose at minimum
Asides from 2FA, having an account-level protection is definitely required. 2FA might protect you from account breach, but does not protect the account in itself if already logged in. Here’s an example, a shared device. Your mischievous little brother could use your computer, go in Roblox and mess your settings. Parent PIN used to protect that.
That was a vague example, but it clearely shows what its purpose was.
No. 2FA is safe, correct, and I understand that you’d prefer implementing 2FA instead of a PIN. If we’re talking about settings, which most Roblox users touch once in a while, sure. It’s just that a PIN is simply more convenient in that you don’t have to open up your phone, or get your physical key, each time you’d want to update a setting/edit bio/buy something.
Compromising a PIN would require either knowing it somehow, or brute forcing it. If you clearly know your PIN, you wouldn’t be spam entering numbers. Can’t we just block further attempts, like how your phone does? I don’t think there’s any problem in that, given 2FA “supposedly” protects your account from being accessed.
It’s definitely useful to have an account-level security for sensitive actions, as mentioned by many other developers.
They plan to expand it to do so, as evidenced from previous replies, but I don’t agree with doing that alone. I have a draft in progress that should address everyone’s concerns as some of my previous replies are rushed, I was talking to multiple people at the same time, and, as pointed out, have flawed ideals.
Starting this huge reply off, I believe both of these features can coexist. Both features have saved a large number of time and limiteds, and even games before. 2FA is safer, which you might be asking why I contradicted myself, but on some concerns, players will want to choose to sacrifice some of their security for convenience.
(keep in mind CrazedBrick–and POSSIBLY fedora sorry!–were trolling when they voted on this.)
The parent PIN was useful for all users, whether it be for the young ones supervised by their parents or the developers that want a little more protection. (Thank you, @Mogolovoniobrah)
But now… this can be improved and implemented as an alternative security measure. Or… in his words:
IN SHORT, I AGREE, 2FA IS MORE SECURE THAN PINS
This being said, however…
The benefits of PINs over 2FA.
It's like unlocking a phone! Imagine going to a website and solving a captcha every
time you want to do this.
Think of a PIN as a second password on your account that you use to access features. It can be brute-forced, as the primary counter-argument against this feature is (but only after they’re in you’re account!), however, it’s convenient in certain places, and some people may want to use it over 2FA for various reasons. You may even want to add this on top of 2FA as an added security measure!
For an example, there is currently no security for joining games. This is not ideal to some users as they may play games involving heavy rarities or permadeath, and a hacker may be inclined to steal or remove progress from these games when the person inevitably gets their account back. And yes people do this, someone I know almost got cookie-logged over a Mera in GPO years ago.
If we added a 2FA gate to this, the process would be as follows:
Press Play → Go on phone → Go on authenticator app → Get/Copy code → Type/Paste code → Click Confirm Button.
Now this may seem fine, but think about the users, if this was a toggle, most users would disable this, and wait for a more convenient option. Some users would rather sacrifice for convenience and use a static account PIN. Now if we used a PIN-like system, the process would look more like this:
Press Play → Type PIN/Answer Question/Enter Pattern/String → Click Confirm Button
(you should ideally be able to add multiple pins/questions/patterns)
This cuts the process by MORE than half. Now I know there wasn’t any confirmation that this would be a thing when joining games, but it’s just an example. I know people would not go on Authenticator when joining a game, but they would be fine with entering a code they already know. Keep in mind, that users will still have the option to use an authenticator for everything they can use a PIN for. It would also be useful if you had THE OPTION to use both a PIN and Authenticator for security-heavy things like trading.
What about the Customizability of this option?
Ideally (feature requests are not really for solutions), as I’ve stated before, this should have settings such as:
This long repetitive list...
Require Unlocked PIN to trade?
Enter PIN every time to trade? (subquestion)
Require Unlocked PIN to use Robux/a certain amount of Robux?
Enter PIN every time to use Robux/a certain amount of Robux? (subquestion)
Unlock PIN to join experiences?
Enter PIN every time to join experiences? (subquestion)
How long is my PIN unlocked for?
Enter PIN To Transfer Group Ownership. (Or force to auth)
Switching accounts Requires a PIN to be entered? (This will use the PIN of the account being switched to, and also be enabled on it, for obvious reasons, useful for people with siblings or shared systems)
Require Pin to be unlocked to Create/Archive/Edit/Publish games? (and everytime, you get the deal)
Require PIN to change Settings?
Require PIN to add/remove Friends?
A way to set how many attempts will Lock the PIN.
And similar options of this nature. These will be user-set and will let you change the method of each of these between the authenticator and PINs, and authenticators will have similar options for them too.
These settings would just be the default it prompts with for each category, for example, you can have trading set to 2FA and Joining Games set to PIN, but you’ll be able to use both by a swap that appears in the prompt.
How can we prevent players misunderstanding these features?
With something such as this, mistakes are obviously inevitable. You should urge people towards 2FA and tell them it’s the safest option, as is already being done.
On top of this, for items being traded with alot of RAP, groups with a large community being transferred, they should force 2FA on for stuff like this. After all, an earning game isn’t gonna randomly archive purposefully. This PIN will probably be able to be disabled through Customer Support or 2FA, as someone may forget it or take a break.
Please inform me if you have any concerns or improvements regarding this post as I will be updating it.
Would this solve the part of accessor having access to account if “cookie logged” or other various means, having settings to check of on specific ones to enable/disable would be amazing to have also.
I had the pin feature as a deterrent incase account was gotten into even with 2fa enable which would leave the attacker not able to check account details in settings etc.
Entering a PIN just to play a 2 minute session would be a pain and not worth it. That is just a stupid idea and should not even be considered in the first place.
These will all be user-set options. You would choose if these are enabled yourself, rather than be forced. I know a lot of people who would like extra security when doing things like joining games.
The alternative is 2fa, and I don’t think most people would like that If someone got on your account they can just remove all the friends they want
also these can be disabled anyway, so it doesn’t really warrant not having the option
And who would even bother to set a password to play a game?
Neither options are a good idea. Besides, friends are like games, you add/remove them frequently (not eveyone, but a majority of the platform), even though these are options, I don’t see a purposeful use in them. It’s really Roblox’s job to enforce account protection so these events cannot happen in the first place.
I don’t think that just because I wouldn’t use an option, all users shouldn’t have it. I don’t see why you would complain about something optional, even if you don’t see a use-case for it. There are people who are targeted by these attacks more than others and would LOVE this option. Do you think they’d like using 2FA to join games? You’re entering a one-time static, nonchanging PIN that you set to join a game, and if you’re playing 2 minute sessions you might as-well not use it.
Here, we’re talking about if a hacker somehow got into an account, which is why people loved the PIN option. This is more likely to happen to verified people, rich people, or people with a lot of good in-game items who may be targeted by some member in their community. In this third case, users are most likely to want to use game security.
Roblox gives us the tools to exercise account security, we have to use them. This can be in the form of more 2FA options, which I’m fine with, I’m just expressing why I feel like PINs should be available too. My answer is not absolute and will not resonate with everyone, and I’m fine with that.
The PIN was great because it served as another roadblock for a hacker, giving enough time for the original owner to uncompromise their account as they’re the only one who know their PIN. 2FA is good but it isn’t a replacement
If someone got on your account they can just remove all the friends they want