Account Security/Theft: Keeping your Account Safe! [*]

Follow

We do our best to ensure that Roblox is a safe and fun place for everyone but there's even more that you can do to help!  The ultimate power of account security is in your hands.  With the helpful knowledge below, you can learn how to stay savvy and keep your account safe from any would-be thieves.

Never Share Your Password or Cookies

The most common way players lose access to their account is by sharing their login information.  Even if it’s a friend you know in real life, you should always keep your password safe. It is also important to keep in mind that Roblox employees will never ask you for your password.  If anyone asks for this information, do not give it to them and please be sure to report them to our moderators using the Report Abuse feature.

There’s a reason we have warnings throughout the site to never give out your password.  If someone has it, then they have control of your account and you can lose all your items and currency.

The same kind of caution applies to giving someone other data, such as your browser cookies, personal details, or sensitive computer information.  You should never give these out over the internet.  If someone tells you they know this awesome trick or hack and just need some particular info from you to get it to work, they are just trying to steal your account.

The most common tricks may be claims of getting a sweet prize or free Robux in exchange for a special security code or other account details. They may even claim that it is for a Roblox birthday or anniversary, but this is also a scam. Any officially supported Roblox promotions will be announced through the blog, Notifications tab of your Messages section, or through a banner on the top of the site.

Enable 2-Step Verification (2SV)

Please be sure to enable 2-Step Verification as an added security measure for your account. This feature can be found in your Account Settings Security tab. For more information, please see our FAQ article with all the details of this great security feature.

Always Log Out of Your Account When You're Done Playing

If you leave your account logged in on a computer, anyone else can use that computer and have access to your account.  It’s important that you always log out after playing, especially when using a shared computer such as at school or a library.

Make Your Password Hard to Guess

Common passwords such as pass123 or using part of your username as a password are easy to guess.  If your username is bloxcool, your password shouldn’t be bloxcool123. 

A password that is hard to guess usually follows these guidelines:

  1. The password is at least 8 characters long
  2. It contains capital letters and lowercase letters
  3. The capital and lowercase letters aren't in common locations. Think "tHepaSsWOrd" instead of "ThePassword"
  4. It contains numbers
  5. It has at least one special character (Such as !)
  6. You don't use the same password on another website
  7. Beware of phishing emails or other forms of contact asking you to verify, reset or revert information that you did not request.

Never Add Someone Else’s Email Address on Your Account

The only email address that you should have verified under your account page is your own or a parent's.  If you put someone else’s email address there, then they will receive the password reset emails and can then gain access to your account and lock you out of it.

Learn to Recognize Scam/Phishing Sites

The only links allowed on Roblox are links to other pages from roblox.com or those specified in the "What Not to Post" section of the Roblox Rules. To review these rules, click here. If you get a message like this:

f*ree*.ro*b*ux.o*mg.c*om (just remove the * and go there and get free robux /BC/cheats!)

This is a SCAM.  If they have to use special symbols just to get a link on the site that means it’s not allowed in the first place.  These sites will ask you to either download special apps in order to compromise your computer or for your account name and password so that they can steal your account and take all your items and Robux.

Some of these websites use images from Roblox to try and fool players or may even copy the Roblox site design.  This is against the law and we can request that the hosting company take that site down. If possible, please alert our mods by using the Report Abuse link located on the chat/comment/message that sent the site to you.

Never Enter Your Login Information into an In-Game GUI or Pop-Up

Remember to only enter your login information when logging in through the official roblox.com website or on the login screen of the official Roblox mobile apps. Should you play a game that asks for this information for any reason at all, even if it looks like an official Roblox request, please leave the game and use the Report Abuse link located on the game's details page. 

Never Download a Program (.Exe File) from an Untrusted Source or Without Parent Permission

These kinds of programs are called malware and keyloggers.  Never download or run a program (.exe file) without your parent's permission.  Any program you download should be from a trusted company source.  These programs can track your personal information such as passwords.  Additionally, sharing outside programs on Roblox is not allowed.  If any are shared with you, please report them via the Report Abuse buttons.  If you have downloaded malware, please make sure to remove the program from your computer, run a virus scan and change all your passwords.

We also recommend checking and removing all browser extensions.  Some browser extensions can steal login information or cookies and this allows someone else to access your account.  We recommend not using any browser add-ons or extensions unless you are 100% sure they are from trusted sources.

More Information And What To Do If Your Account is Stolen

For more information on keeping your account safe or what to do if your account has already been taken, please see the following links: