generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Roblox » Suggestions & Ideas
Home Search
 

Re: Two-Stage Login Authentication

Previous Thread :: Next Thread 
TecmagDiams is not online. TecmagDiams
Joined: 18 Sep 2008
Total Posts: 1882
12 Nov 2015 04:08 PM
It has come to my attention recently that ROBLOX is severely lacking in security measure to protect user's from malicious activity. Just a few days ago my account was hijacked, without my knowledge someone had logged into it until it was too late and over $2000 of items had been sold off from my account, including items I had earned numerous years ago.

Without even a system that prevented these transactions which were so obviously fraudulent (Never made a trade, nor sold items, yet suddenly was trading items worth hundreds of real world money for tiny amounts, and item sales for crazy cheap), it brought to my attention the complete lack of security for accounts.

I propose a simple yet powerful solution: the ability to opt-in to a two-stage login. Two-stage login's are common practice in many companies that want to offer account security. Simply requiring new log-in sessions to use both the account's normal sign in as well as verify a code sent to the authenticated account email address offers not only a high level of security, but alerts users to security breaches in their account before harm can be done.

Had a feature like this existed just a few weeks ago, I would have received an unrecognized log-in attempt email, and would have known to change my login details without losing a single item, instead of finding my account ravaged over the course of a few hours that I was actively online scripting one of my places.

Of course, the most secure and preferred means of two-stage logins allow users to use a cellphone to receive verification codes on new login attempts. I understand that this may be outside ROBLOX's current means, however a simple email option for now would work wonders.
Report Abuse
TecmagDiams is not online. TecmagDiams
Joined: 18 Sep 2008
Total Posts: 1882
13 Nov 2015 02:47 PM
Bump
Report Abuse
xLawOut is not online. xLawOut
Joined: 28 Feb 2015
Total Posts: 1782
13 Nov 2015 03:19 PM
not anybody's fault that you lost your account because you fell for the Z0GM THIS WEBSITE GAVE ME AIDS GO VISIT IT NOW TO GET FREE 4 AIDS'ES freeaidsandrawballs.wtf.com

also useless idea
Report Abuse
Blackstride is not online. Blackstride
Joined: 19 Nov 2010
Total Posts: 8133
13 Nov 2015 03:28 PM
@xLaw
you're useless
Report Abuse
xLawOut is not online. xLawOut
Joined: 28 Feb 2015
Total Posts: 1782
14 Nov 2015 03:47 AM
@black
your face is not useless, I can use it to sweep the floor.
Report Abuse
TecmagDiams is not online. TecmagDiams
Joined: 18 Sep 2008
Total Posts: 1882
14 Nov 2015 04:33 AM
xLawOut, its not my fault Roblox's security measures failed to protect my account when I have never entered my ROBLOX credentials on a website that was not under the domain ROBLOX.com. I know how to protect my account, I'm versed in account security and ROBLOX lacks security protocols.

As I said in my post, most mayor websites, be the social media like FB, or multipurpose service accounts like Google, or game distribution like Ste offer these means of two-step login processes. Account security is a serious matter. Your failure to understand that is saddening at best and maddaing at worst.

This idea allows for much greater account security, on a site that has high traffic and open loop currency that is very important. Such security measures, as suggested, would be optional. Thiseans there are literally zero drawbacks and only benefit to adding such measures. That is quality.
Report Abuse
TheLostMeme is not online. TheLostMeme
Joined: 24 Oct 2015
Total Posts: 445
14 Nov 2015 05:15 AM
Nice copied forum! Ive seen this many times!
Report Abuse
TecmagDiams is not online. TecmagDiams
Joined: 18 Sep 2008
Total Posts: 1882
14 Nov 2015 10:09 AM
A few things I'd like to address here TheLostMeme,

First, this is a suggestions and ideas forum, on a game that does not credit or reward individuals for their suggestions. The forum exists purely for the improvement of ROBLOX. You can not steal nothing, which is what I would be receiving other than the account security of this idea.

Second, the burden of proof lies within the one making a claim. If you are going to slander and attack someone, try actually bringing evidence to the table, otherwise you are just a heckler without any rhyme or reason to even be listened to.

Third, I do not see any recent postings on a thread like this. Rather than dig for a probably poorly written thread to necro-post in, I simply created a new thread with the idea written out plainly and in ways that highlight the importance of it's feature.

Forth, I did not copy this idea. I wrote this thread after a recent hijacking on my account that brought to my attention the severe lack of account security on ROBLOX, as suggested by the ROBLOX team during my interactions with their support agents.

Fifth, please learn to use a suggestions and ideas forum correctly. If you are posting on an idea you should be voicing why you agree or disagree with it. In the case of disagreeing you should provide constructive criticism, ways to improve the idea, reasons why the idea would be counter productive, things that would be harmed by the implantation of the idea, technical difficulties with the idea, etc. This community never ceases to surprise me with it's lack of basic etiquette and understanding, common sense is suppose to be common.
Report Abuse
TheLostMeme is not online. TheLostMeme
Joined: 24 Oct 2015
Total Posts: 445
14 Nov 2015 10:15 AM
I read the first sentence and thats copied aswell c;
Report Abuse
Superwarrior360 is not online. Superwarrior360
Joined: 21 Feb 2013
Total Posts: 2703
14 Nov 2015 10:28 AM
support
Report Abuse
TecmagDiams is not online. TecmagDiams
Joined: 18 Sep 2008
Total Posts: 1882
14 Nov 2015 11:12 AM
Thanks TheLostMeme and Superwarrier360 for supporting this thread by keeping it on the front page of the forum, always is nice to see users helping keep impactful ideas alive and well.
Report Abuse
powdercat is not online. powdercat
Joined: 27 Dec 2011
Total Posts: 2197
14 Nov 2015 11:49 AM
Support. Why?

Heck, even if ROBLOX didn't consider all of this, a simple E-M@il would be great! Google does this and ROBLOX should too. It would improve security as well. If there was a thumbs up button for forum posts, I'd thumb up.
Report Abuse
xLawOut is not online. xLawOut
Joined: 28 Feb 2015
Total Posts: 1782
14 Nov 2015 12:10 PM
@tecmag
your fault that you got pg'ed
roblox doesn't need a two stage login just because a 9 year old got pg'ed.
Report Abuse
skullsten is not online. skullsten
Joined: 03 Feb 2012
Total Posts: 2522
14 Nov 2015 12:11 PM
@above
you'd be feeling the same way if you got PG'ed
Report Abuse
NoahTheSimMaster is not online. NoahTheSimMaster
Joined: 22 Feb 2014
Total Posts: 207
14 Nov 2015 12:12 PM
Support
Report Abuse
TecmagDiams is not online. TecmagDiams
Joined: 18 Sep 2008
Total Posts: 1882
14 Nov 2015 12:28 PM
xLawOut, thanks for the continued support of my thread. Keeping it alive and well is always appreciated.

Now, onto the content of your message, I don't understand how it's my fault that someone managed to hijack my account. I use a secure login code that meets and exceeds account security minimums by most standards. However, I feel it is ROBLOX's responsibility to keep their players safe, even more so when they have open loop currency. I did ALL of the things I could to keep a safe account, yet someone still managed to get in. That by definition is insecure, and I feel any company owes it to their customer's to make account security a serious issue. It's why major companies use methods of Two-Stage authentication. Additionally your ad hominem is cute, and revealing to your own insecurities about being seen as a child. Childhood is precious. It's a time before the responsibilities of the real world. Also it's flattering that you think I was so advanced that I was creating popular places on ROBLOX at the age of 2, as you can see my account is 7 years old. I wish I was 9 however, if I was losing $2000 wouldn't seem so bad, it'd just be a number. You on the other hand should try being a little mature, something you don't have to be very old to do, so no worries on if you could or couldn't.

Lastly, no, ROBLOX doesn't need a second-stage authentication process because someone guessed the login information of a 9 year old. They need it because people are able to hijack the accounts of adults who have thousands of dollars with of value on their account. ROBLOX should add it because it improves account security without draw-back. Because it makes account hijacking near impossible. Because it will make them more professional. Because it will make their Open Loop currency have more stability.

As for everyone else posting their support, thank you. Again it means a lot to see an idea with such large impact on the security of accounts getting attention.
Report Abuse
xLawOut is not online. xLawOut
Joined: 28 Feb 2015
Total Posts: 1782
14 Nov 2015 02:08 PM
@op
>family
>friends
>children (if you have them)

suspect all of them and see who did it.
Report Abuse
TecmagDiams is not online. TecmagDiams
Joined: 18 Sep 2008
Total Posts: 1882
14 Nov 2015 02:17 PM
The hijacker was in my account while I was actively on it, I found out when I suddenly noticed messages on my account and more R$ then I shouldn't have had. I had been scripting and building my place, ruling out family who wouldn't have had computer access at the time.

I've never logged on or shared my login credentials with friends for any of my accounts, because that's a huge security breach (The only account credentials I've ever shared I specifically changed before sharing with a close friend, and they are absolutely unique to the service I used them for).

I don't have children. My best guesses to how my account was hijacked would be that I logged in on a non-encrypted network and the signal was monitored and picked up, or that my credentials where brute-force generated.
Report Abuse
zoom1220 is not online. zoom1220
Joined: 11 Feb 2010
Total Posts: 495
14 Nov 2015 02:34 PM
support
Report Abuse
Blackstride is not online. Blackstride
Joined: 19 Nov 2010
Total Posts: 8133
14 Nov 2015 02:36 PM
support
OP, don't waste your breath on these trolls
Report Abuse
TecmagDiams is not online. TecmagDiams
Joined: 18 Sep 2008
Total Posts: 1882
15 Nov 2015 02:48 PM
Thanks for the support, I'd really love to see suggestions like this implemented.
Report Abuse
wonderful72pike is not online. wonderful72pike
Joined: 13 Jul 2010
Total Posts: 7009
15 Nov 2015 03:03 PM
Support.
Report Abuse
0nesh0t is not online. 0nesh0t
Joined: 24 Mar 2012
Total Posts: 15845
15 Nov 2015 03:06 PM
during a livestream there were a couple of seconds in the wrong tab, showing that there was a sort of process and lock in the sign in screen, so there've been rumours about it being implemented either '15 or '16

can't find the exact one though, which is a shame

Checkmate.
Report Abuse
5ZR is not online. 5ZR
Joined: 11 Dec 2012
Total Posts: 2218
15 Nov 2015 03:15 PM
support
Report Abuse
BagelBoy445 is not online. BagelBoy445
Joined: 23 Feb 2011
Total Posts: 3826
15 Nov 2015 03:17 PM
Support.
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Roblox » Suggestions & Ideas
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image