|
| 31 Jan 2015 01:49 PM |
Use Google Authenticator to prevent accounts from being stolen
How it works: In settings of someone's account, they can select a button or something that allows them to have an extra layer of protection on their account, essentially removing the possibility of losing your account.
It would require the person to download google Authenticator, you can down load it on any phone or tablet. Roblox would then provide a scan bar for the person to copy/screenshot using the app, and it would provide a code the person must put in along with their pass word. This would stop hackers because they can not get that code unless they have your device that you use to get he code.
This would have to be completely optional of course for people who don't have a mobile device or don't want to download the google Authenticator.
You can also have it so if you put the code in once, you don't need to put it in again for another 30-60 days (your choice). I'm also pretty sure if/when roblox does this, they can have it set to only that computer, so if someone tries to access your account from their own computer they would need a code. While you wouldn't need to (assuming you set it to not ask you for 30/60 days)
I don't think I explained this too well, look up Google Authenticator and you'll see that it can be easily implemented into roblox and can work as a very good feature for those who want their accounts protected, almost guaranteed.
Also it'll help Roblox staff by cutting down on people who are trying to retrieve their accounts
Post support, honestly I don't see how this could be a bad feature and can prevent everyone who uses it from any risk of losing their account.
Tl;dr Using this will make any computer you don't normally use roblox with will have to out in a second code only you can get using a mobile device, it would be optional in account settings |
|
|
| Report Abuse |
|
|
|
| 31 Jan 2015 01:50 PM |
| I don't know whether you should suggest downloads to your computer, even if it is from google. However, if this does theoretically work, maybe send a note to the ROBLOX staff claiming that you have found a solution for hacking prevention? |
|
|
| Report Abuse |
|
|
Craith
|
  |
| Joined: 21 Jan 2015 |
| Total Posts: 2022 |
|
| |
|
|
| 31 Jan 2015 01:53 PM |
you dont download it to your computer sorry if i put that i meant to remove it
its an app yuo can download on a tablet or phone
if roblox does this they woudl give a scan bar thing you take a picture of using the app and itll load a randomly generated code that you use when you log in
so unless a ahcker has your ipad/phone/whatever they cant touch your acc
|
|
|
| Report Abuse |
|
|
cycoboy83
|
  |
| Joined: 31 May 2011 |
| Total Posts: 831 |
|
|
| 31 Jan 2015 01:53 PM |
| Good idea in theory, but you forget this won't put a dent in scamming. If someone is stupid enough to give out their pass, what makes you think they will treat a meaningless code on their phone any differently? |
|
|
| Report Abuse |
|
|
|
| 31 Jan 2015 01:55 PM |
Well scamming is a different story
I'm referring to in this when someone gets keylogged or gives their pass word out to someone who tries to take the account itself
unfortunately there's really nothing that can be done about scamming
|
|
|
| Report Abuse |
|
|
|
| 31 Jan 2015 01:56 PM |
support
the philosopher has spoken |
|
|
| Report Abuse |
|
|
cycoboy83
|
  |
| Joined: 31 May 2011 |
| Total Posts: 831 |
|
|
| 31 Jan 2015 02:00 PM |
| And what exactly stops a keylogger from picking up the secure code as well? If I recall correctly, the codes for Google Authenticator are based off of the current time, and they don't use the internet to invalidate a code after it's been used. Since keyloggers are usually part of a bigger RAT, all an attacker would have to do is delete the user's cookies, then keylog their pass and entry code, and use that info from there. As for people giving out their pass, that's what I was referring to by scamming. If they're dumb enough to give out their pass for any reason, then a secondary code won't save them from their own stupidity. Don't get me wrong it'd be a nice feature to have, I just question whether or not it would actually help anything. |
|
|
| Report Abuse |
|
|
| |
|
|
| 31 Jan 2015 02:04 PM |
well the code is randomly generated on your mobile device oh i think you mean like the code is different every time you are asked to put it in its not like a second pass where you're putting the same thing in, its a completely different 6 digit code every time so unless the keylogger went to your house and stole your phone/tablet they cant get that second randomly generated code
also the code only lasts for 30 seconds incase that helps too
|
|
|
| Report Abuse |
|
|
cycoboy83
|
  |
| Joined: 31 May 2011 |
| Total Posts: 831 |
|
|
| 31 Jan 2015 02:07 PM |
| Yeah but I mean the way it's generated - The code is based on the current time, and it's run through some complex math equation and probably spit out as hexadecimal. That means that even if the code is valid for 30 seconds, the code could be used twice since the time is the same, and with some well timed keylogging it's very possible to capture the code and use it within that time frame. |
|
|
| Report Abuse |
|
|
|
| 31 Jan 2015 02:08 PM |
"its an app yuo can download on a tablet or phone" Neither of which I own. GG |
|
|
| Report Abuse |
|
|
quamisido
|
  |
| Joined: 18 Apr 2014 |
| Total Posts: 8599 |
|
| |
|
| |
|
|
| 31 Jan 2015 02:09 PM |
yes but i think you're looking to far into it assuming they can see what you input in real time they'd have to be at their computer ready to do it same time and know the complex math equation to get the number and all that jazz
for roblox purposes i dont think any kid here would go to that length but yes i guesssssssssssssssss i see what you're saying |
|
|
| Report Abuse |
|
|
|
| 31 Jan 2015 02:10 PM |
@Nteorvolri
well thats why it would have to be optional
|
|
|
| Report Abuse |
|
|
cycoboy83
|
  |
| Joined: 31 May 2011 |
| Total Posts: 831 |
|
|
| 31 Jan 2015 02:38 PM |
| Eh, support. Long as it defaults to off, I don't own a phone or tablet and it would really suck if I had to log in on one before I could turn the feature off. :P |
|
|
| Report Abuse |
|
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|