MrSquer
|
  |
| Joined: 18 Feb 2011 |
| Total Posts: 6103 |
|
|
| 19 Jul 2016 07:13 PM |
For whatever reason, one of the words in the post wasn't allowed, so I had to use an intermediary through Twitter and PasteBin. Sorry :/
https://twitter.com/MrSquerAnim/status/755555707261378561
Please take time to read through that all! It applies to YOUR account as much as everyone else's.
|
|
|
| Report Abuse |
|
|
| |
|
|
| 19 Jul 2016 07:15 PM |
| Someone get the admins to read this right now |
|
|
| Report Abuse |
|
|
MrSquer
|
  |
| Joined: 18 Feb 2011 |
| Total Posts: 6103 |
|
|
| 19 Jul 2016 07:25 PM |
I'm trying to figure out if it can get forwarded to Jared Shapiro, the ROBLOX Corporation Web Platform VP.
|
|
|
| Report Abuse |
|
|
DrBreaker
|
  |
| Joined: 18 Jul 2015 |
| Total Posts: 350 |
|
|
| 19 Jul 2016 07:33 PM |
I like the idea of locking the account after failing a few times. But 32 times is a LOT. Maybe lessen it to like 7-10.
|
|
|
| Report Abuse |
|
|
|
| 19 Jul 2016 07:35 PM |
Account PGing Protection
Permanently ban anyone whose account is compromised Problem solved |
|
|
| Report Abuse |
|
|
DrBreaker
|
  |
| Joined: 18 Jul 2015 |
| Total Posts: 350 |
|
|
| 19 Jul 2016 07:37 PM |
Also for the security questions, if you forget the answers, maybe a backup email would help you "renew" the questions or in other words you can choose different questions and you should have the options to enable or disable them.
I've read it all and I might blindly forgot some stuff you mentioned, but it's just an in case.
|
|
|
| Report Abuse |
|
|
|
| 19 Jul 2016 08:21 PM |
| i dont really get the personal question for old accounts as the ones PGed have most likely quit and would never set that security measure up. |
|
|
| Report Abuse |
|
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 19 Jul 2016 08:23 PM |
r+://449719662r+://449719756r+://449719862 |
|
|
| Report Abuse |
|
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 19 Jul 2016 08:29 PM |
accidentally pressed post
my response
"If a Captcha was in place at signup (even if you don't try to make multiple accounts, just one), there wouldn't have been that problem" ok so you want kids that some might have issues with eyesight or reading to solve this captcha? https://twitter.com/ADMlN_pic/status/751026395480989696
"there is a list compiled of the most common English words" thats 1 of 68 methods to do that but ok
"while the person behind the script types in the Captcha each time." thats very inefficient
"the account (if it's verified) should be locked" exploitable, trolls could spam someone's e-mail
"block the Internet Protocol address of the user trying to login" ever heard of a proxy
r+://449719662r+://449719756r+://449719862 |
|
|
| Report Abuse |
|
|
MrSquer
|
  |
| Joined: 18 Feb 2011 |
| Total Posts: 6103 |
|
|
| 19 Jul 2016 08:51 PM |
"ok so you want kids that some might have issues with eyesight or reading to solve this captcha?" I explained that they need to upgrade to Captcha 2.0. That example was 1.0- completely separate problems.
"thats 1 of 68 methods to do that but ok" That's just the most common method.
"thats very inefficient" mhm, but people still do it to PG accounts
"ever heard of a proxy" Yes, but most people are too dumb to know what that is. If they are using a proxy or Tor, there's not much ROBLOX can do except for locking the account until the email is seen.
|
|
|
| Report Abuse |
|
|
MrSquer
|
  |
| Joined: 18 Feb 2011 |
| Total Posts: 6103 |
|
| |
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 20 Jul 2016 06:35 AM |
"I explained that they need to upgrade to Captcha 2.0. That example was 1.0- completely separate problems." you mean the new recaptcha?
"That's just the most common method." no it isn't
"mhm, but people still do it to PG accounts" there's a different way to do it
"Yes, but most people are too dumb to know what that is. If they are using a proxy or Tor, there's not much ROBLOX can do except for locking the account until the email is seen." so you're saying PGers are too dumb to know what a proxy is? if they were then they wouldn't know what PGing is
r+://449719662r+://449719756r+://449719862 |
|
|
| Report Abuse |
|
|
|
| 20 Jul 2016 06:49 AM |
- Lock an account after 5 failed pw0rd guesses Won't work because anyone can purposely lock out the original owner of the account
- Lock an IP for 24 hours after 5 failed pw0rd guesses Better, but still not good. What if this person has other roblox users in their house? Now they're locked out.
- Anything to do with checking a user's IP Just no. Anyone who suggests this needs to get off the internet. IPs can change, or a user may be logging in from a different place, such as a public library or their grandparents' house.
- Captcha Unfortunately this looks like the best solution right now. Do not use reCaptcha. |
|
|
| Report Abuse |
|
|
redlego98
|
  |
| Joined: 11 Jul 2008 |
| Total Posts: 8870 |
|
|
| 20 Jul 2016 07:43 AM |
Eh, personally I would like to see two step verification.
A strange game. The only winning move is not to play. |
|
|
| Report Abuse |
|
|
| |
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 20 Jul 2016 08:22 AM |
2 step authentication is better idea, you get an e-mail with a code to enter
r+://449719662r+://449719756r+://449719862 |
|
|
| Report Abuse |
|
|
|
| 20 Jul 2016 08:39 AM |
Can you read? THAT WILL NOT WORK FOR INACTIVE ACCOUNTS |
|
|
| Report Abuse |
|
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 20 Jul 2016 08:42 AM |
and your point is? there is no way to protect old inactive accounts, but roblox can still do something to prevent rich people from getting hacked
r+://449719662r+://449719756r+://449719862 |
|
|
| Report Abuse |
|
|
redlego98
|
  |
| Joined: 11 Jul 2008 |
| Total Posts: 8870 |
|
|
| 20 Jul 2016 08:46 AM |
"THAT WILL NOT WORK FOR INACTIVE ACCOUNTS"
But it will protect newer and active accounts. Inactive accounts do not necessarily need to be protected.
A strange game. The only winning move is not to play. |
|
|
| Report Abuse |
|
|
|
| 20 Jul 2016 09:27 AM |
^ out pger active accounts can just change their pw0rd inactive accounts cant |
|
|
| Report Abuse |
|
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 20 Jul 2016 09:30 AM |
most inactive accounts have an e-mail, but they're unverified as they didn't add verification yet so 2 step authentication would still work
r+://449719662r+://449719756r+://449719862 |
|
|
| Report Abuse |
|
|
| |
|
Clurny
|
  |
| Joined: 28 Apr 2010 |
| Total Posts: 12046 |
|
|
| 20 Jul 2016 10:16 AM |
bothangles everyone knows you're the worst troll ever so dont even bother try dumb loser
|
|
|
| Report Abuse |
|
|
Borsy
|
  |
| Joined: 31 Jul 2014 |
| Total Posts: 15111 |
|
|
| 20 Jul 2016 11:41 AM |
Your connection is not private
Attackers might be trying to steal your information from wiki.roblox.com (for example, messages, credit cards). NET::ERR_CERT_COMMON_NAME_INVALID Automatically report details of possible security incidents to Google. Privacy policy
r+://449719662r+://449719756r+://449719862 |
|
|
| Report Abuse |
|
|