How to protect your account from getting hacked: A super advanced guide
There are posts about this topic before, I am aware, but these posts are ancient. They also don’t cover topics more advanced than your account. None of them have said that you can recover a deleted ROBLOSECURITY cookie, or that viruses can also steal passwords from AppData folders. Therefore, I present you with a very advanced tutorial on how to protect your Roblox account!
In this post, I will describe all the methods that I use to protect my account from being hacked, no matter how significant or insignificant these appear to be. Some methods are a must-have, whereas some are not that necessary. I will order these in the order of most needed down to abstract methods that you may not really need (abstract methods).
These will be color coded from: Red = 100% Necessary, Yellow = Somewhat necessary, Blue = Not really necessary without extreme circumstances.
[color=red]COMMON SENSE.[/color]
Everyone has this. Do not click on any weird links, or paste scripts anywhere in your browser. Simple and easy. Also, do not visit “free robux” sites.
Also, DO NOT GIVE ANYONE YOUR PASSWORD. Roblox will never ask for your password. Not even Roblox admins!
Also, do not give any .har files to ANYONE, and do not paste stuff in inspect element.
One more tip: Copy and paste the link text into a new tab before viewing it, links can be infected easily but this will stop infected links.
[color=red]2 Factor Authentication[/color]
This is absolutely essential. If you don’t have this on and you’re known at all within Roblox, you’re basically asking to get hacked. Although it’s under settings, Roblox Support can take it from here. https://en.help.roblox.com/hc/en-us/articles/212459863-Add-2-Step-Verification-to-Your-Account will explain how to access 2FA settings and enable it. Note that you must have a verified email first. However, DO NOT ADD YOUR PHONE TO YOUR ROBLOX ACCOUNT. This is because of SIM spoofing being a new hacking tactic.
[color=red]Password choice[/color]
Password choice is also needed. Nowadays, with the immense power of computers, hackers can use brute force attacks to password guess lots of shorter passwords. In fact, an 8 character password can be cracked within under an hour, even if you have symbols and numbers (e.g 73nd8an#). If you are aiming for good security, a 10 character password will suffice (e.g e8c;iq1=Nf would take about 2 months to crack), but a 12 character password is best (e.g beJ9amH'[qu& would take 400,000 years to crack). Also, a good password will also have a mix of uppercase (ABCDEFG), lowercase (abcdefg), numbers (1234567) and symbols (;#.$*^)
IMPORTANT: Use your brain to memorise all passwords. Do not use any password saving service for best security.
Useful tool: https://howsecureismypassword.net/
[color=red]Account PIN[/color]
In the unlikely event of your account getting hacked, an Account PIN stops your settings getting changed. This protects against hackers changing your password, even if they know it.
You can find this just below the “Add 2 Factor Authentication” option in settings.
[color=red]ROBLOSECURITY cookies[/color]
This is simple. DO NOT GIVE ANYONE ANY COOKIES. AND, DO NOT PASTE JAVASCRIPTS INTO YOUR BROWSER. They can bypass 2FA and steal you account instantaneously. If you do fall for this, click Sign out of all sessions immediately, and then change your password. This video explains how to do that: How to sign out of all sessions in Roblox! (2021) (STILL WORKING)!!! - YouTube, and it leads onto my next point.
[color=orange]Sign out of all sessions[/color]
Sign out of all sessions is classed as “orange” because it is needed in some cases. If you get hacked, then you need to do this immediately. However, as a more casual countermeasure, you can just click this regularly if you feel like it. Also, do this if you visit a site and then realise it’s a fake Roblox site, or it may steal your cookie. Look above for how to sign out of all sessions.
[color=yellow]Deletion of cookies[/color]
You can delete cookies to remove easy finding of your ROBLOSECURITY cookie. However, this is far from foolproof. There are better ways to protect yourself, that can avoid this or stack on top of this. Read “Secure deletion of data” (below) and read the next one for better versions of this that I use.
Also, this will only protect if you have dodgy people in the house or a virus on your device. This is not meant to protect against foreign attacks.
[color=yellow]Incognito mode[/color]
Incognito mode does not keep cookies, so ROBLOSECURITY cookies cannot be found with ease. Therefore, if you are high profile, use incognito whenever you can, which is usually always.
[color=yellow]VPN[/color]
Use a trustworthy VPN, such as RiseUpVPN, ProtonVPN, ExpressVPN, NordVPN and SurfShark.
This may not do that much against your Roblox account to start with, but it protects against IP grabbers. If an attacker gets your IP, if it’s local they can call your ISP and get info about you. This could eventually lead into social engineering methods, such as engineering Spanish Roblox Support (September 2020).
[color=yellow]Email choice[/color]
Use an email that nobody knows about. Better yet, make the email just before your Roblox account. This can help massively against Spanish Roblox Support social engineering attacks.
[color=blue]Secure data deletion (passes and stuff)[/color]
A lot of files and logs are left on your OS. If one got hold of your device, or put a virus in, then they could extract the files from the %localappdata% folder or the %temp% folder. Not only would you put your Roblox account at risk, but all your other accounts as well! This can also put your cookies at risk, if you deleted your cookies.
You can clear the folder that is %temp% and %localappdata% > Roblox > logs (type %temp% and %localappdata% in the search bar and navigate to the Roblox folder and the Logs if applicable) using a program such as Eraser to prevent anyone seeing those files. It will also speed up your device, as a side bonus. Use the Guttman method (35 passes) if you want to be very safe, however, a 1 pass method will usually be enough. Each pass will overwrite the data previously on the file, making it impossible to read the older data.
If you deleted your cookies, then wipe the empty space on your disk to prevent the cookies from being recovered.
Important: Wiped data CANNOT be recovered with current technology. Although it may be possible with extraordinary advances in magnetic field microscopic technology, it is not possible right now.
More about the Guttman method: Gutmann method - Wikipedia
[color=blue]SIM swapping[/color]
@callmehbob was unfortunately, a victim to this (Royale High Dev). SIM cards can be swapped and this is a strange vulnerability to Roblox accounts.
I recommend either not adding a phone number to your Roblox account, or you can use settings to ensure nobody has SIM swapped you. I recommend the first over the latter as well.
Also, SIM swapping can result in much worse things than a Roblox account hack? Bank account hack? Possible. Address leak/dox? Possible, and it could cause a cold boot attack (go down).
[color=blue]Real-world protection[/color]
If you have untrustworthy family members, this method is more important than “blue”. You should always remember to close applications, because leaving the app open is actually a major vulnerability in the real world. I use a yellow edge taskbar, because yellow is hard to miss. This will remind me to close apps when not in use.
Also, you can create more desktops in Windows to protect yourself. This tells you how to do this: Multiple desktops in Windows - Microsoft Support, and also, Win+Ctrl+Left/Right Arrow Key will switch desktops as well.
Note that this method only protects against people in the house.
[color=blue]Keylogger[/color]
Keyloggers could steal your passwords. These log the keys you tap on your keyboard. However, this is circumventable. You can open up a virtual keyboard to type your password in, or you could see if you could use anti malware to remove (or at least quarantine) the keylogger.
[color=blue]Cold boot attacks?[/color]
Although no Roblox account has been hacked with this method yet, one could possibly get hacked if their address is doxxed. If the hacker breaks into your house when you’ve just logged into Roblox, they can spray liquid nitrogen (or other cold substances) to preserve the RAM. This is extremely unlikely, but an easy way to stop this is to look behind you if you’re logging into Roblox or turning off your PC.
Also, staying near your PC for 5 minutes after you’ve turned it off will eliminate any risk of a cold boot attack.
Note: A cold boot attack is EXTREMELY UNLIKELY, and it is much more worthwhile to read above methods first, especially the red ones. Even outside of Roblox, there’s only been a few successful cold boot attacks ever carried out, so this really isn’t anything serious to fear.
Thank you for coming to my TED talk about how to fully secure your Roblox account, as well as reaping some other side benefits.
