How to protect your Roblox account: Advanced guide

They can cold boot if they have skill, or they can social engineer your bank/ISP. If they social engineer your ISP, they can perform SIM swapping.

the only new public bruteforcer was the h0nker and it was patched in less than a day. yeah people creditential stuff but the captcha does it job pretty well

usually when there’s a keylogger there’s a whole rat so the attacker can view your screen and grab the cookie after you logged in /shrug

ezgif-4-88b7e2723498
i cannot stand that stupid email that advertises itself as “secure”. read more @ E-mail providers - which one to choose?

that is considering someone has a password hash and is bruteforcing the hash, but if someone would break into the roblox db i’d assume roblox would roll out mandatory pw resets anyways. consider that cracking an account is bottlenecked by amount of threads, network speed, proxies, ratelimits, accounts getting temp locked etc

doubt anyone would break into your house for roblox

isps can provide cell services too but isp != carrier

Hopefully I have 84 charactered password.

2 Likes

I just thought at dinner today: Can a different language password protect you?

Even if you can’t do that, you could at least use, say, French, Spanish or Japanese Romaji to stop dictionary attacking.

E.g, MathBad may be vulnerable to a dictionary attack or brute force, but Suugaku wa yokunai desu would be very safe (and MUCH longer!), and 数学は良くなです would be safest (if possible). Both are Japanese translations btw.

2 Likes

Dictionary attacking puts those passwords at risk. If we have a dictionary and use that instead of letters, it is actually quite vulnerable.

Is this a bad thing? My passwords are saved on my Mac.

1 Like

You gotta add something here. Even if you keep signing out of sessions, the hacker can keep spamming your Roblosecurity and they’ll be able to keep getting in. What you need to do is quickly sign out of sessions and then change your password. When you change your password, your Roblosecurity is invalidated so it won’t work anymore.

1 Like

Really really bad advice, use a secure password manager (not your browser).

iCloud keychain is safe, you should be fine, but if you wanna be extra safe, use a password manager such as keepass (No idea if thats on mac)

How secure is your Mac? Best to be safe. Although iCloud keychain is safe, if it gets hacked then gg. That’s why I recommended the “brain” storage method instead.

1 Like

For those who are serious about security, I strongly recommend giving a read on this topic instead:

This post is unfortunately misleading.

3 Likes

no, sign out of all sessions works by invalidating all roblosecurities and making a new one

1 Like

i think password managers can be hacked easier than brains

NEVER trust online password managers, NEVER. Use something permanent like a piece of paper or a note to store your passwords on it and remember to hide it.

1 Like

That sounds a bit dramatic. I use LastPass, and I’m fine.

Not possible, I was being hacked live in March of this year. The hacker started to sell all my limiteds for cheap prices and I keep signing out of sessions. But he kept coming back in. Only when I changed my password, the roblosecurity he got stopped working.

It’s not vulnerable by my actions, meaning I never do stupid stuff on my Mac and make it vulnerable.

An online password manager is okay, but they’re not permanent. If you store your passwords on a cloud, you can lose your password for some time due to outage or even breach. If you store your passwords locally, you can lose them due to viruses on your PC. It’s better to keep them where you’ll not lose them.

1 Like

Ah, okay. Maybe I should start writing down passwords and keep them safe. :eyes:

1 Like

sigh

Please, before telling people not to use password manages, explain why.
Here are some starter issues with not using password manages, whether they’re online or not:

  • Memorizing/writing down all of your passwords for all of your websites
  • If your memory fails, or you forgot where you wrote your passwords, you can’t access your accounts
  • Authorizing yourself to get access to the passwords; when you have written down your passwords, you don’t have a log of who accessed them. You can keep them in a safe, but it’s easier to crack into a physical safe than it is to crack your encrypted passwords with the key only you know, by an algorithm security experts have created.
  • It takes time to write down your new passwords, and type them into forms instead of just selecting the field & pasting.
  • Recommended practice is to change passwords for your accounts at least once every year
  • If any of your emails/passwords are detected and found pwned, you should update your credentials ASAP. This is extremely unintuitive to do without a password manager that automatically checks and alerts you, you have to do this manully.
  • Password management becomes a hell, and are you really more secure by doing it physically?
4 Likes