Is this against ToS?

I’m not sure if roblox would flag this as a phishing game since it requires entering a username/password (it’s not their account’s username and password)…

This would belong in #help-and-feedback:game-design-support. But may I ask why you want to make an in-game account? When you are playing games on Roblox you have already created an account for all of Roblox. Why reinvent the wheel? How will you guarantee that the player cannot input their real password? What if the player forgets their password or otherwise needs to reset it?

What happens if another player gets into their “account” through bruteforce or by other means?? There is a lot to account for here.

Just don’t waste time creating something that already exists.

It is against ROBLOX ToS if you have some sort of username/password thing inside the game, I guess they might think that it’s a scam trying to get your account, like most games that are scams.

Also what @sjr04 just posted, I think it is unnecessary to add a feature like this in your game.

It’s for a law enforcement style game, it’s meant to recreate an MGT system. And thanks, let me change that.

I’m pretty sure it is against the terms of service. Moderation bots may detect the word “password” and assume its a scam game. I understand what you’re trying to make. I believe you want to make it so let’s say the player got hacked or they’re using an alt, they can carry data? I don’t know lol.

There won’t be any data in it… I can maybe add “time in game” or something?

If you’re creating your own login system for your game and not linking it with ROBLOX’s database or asking anything pertaining ROBLOX’s database, I don’t see why it would be considered against the TOS.

That’s what I think, but I don’t want roblox to think I’m asking for the actual account username and password.

I would presume that Roblox’s fear in terms of a custom log-in system is passwords being stolen (eg. kids putting in their Roblox username and password, and the developer sends it to some sort of scam group). Roblox can’t really verify that the developer is correctly encoding the password either.

Do you think I could prevent this by only making the accessible from people in a certain exclusive group? The people in the group would know not to input their actual info.

Very true, I think you’re better off contacting an actual intern about this

Would about if I put a warning saying “DON’T INPUT YOUR ACTUAL ROBLOX CREDENTIALS” or something?

We get that this is not your intention however it is impossible for you to guarantee that people won’t. You can put 50 pieces of text saying “Do not use your Roblox password” and someone might still do it. It’s too big of a risk. A much higher priority than wanting to simulate an MGT system.

I would recommend using some sort of code system. What I mean is perhaps a certain combination of numbers such as 921833 (totally didn’t use random number generator) could unlock it.

Ah so like when they register, they would click something like “GENERATE LOGIN” and it would make their credentials for them?

Yeah pretty much, or they could set their own code. What do you plan on using this for anyways?

A MGT database system - license plates, emergency services callouts, roleplaying, etc

For storing passwords in general, the best practice is to store a hash of the password instead of the password itself. It’s also a good practice to salt the hashes, to prevent attacks using rainbow tables. So even when an attacker finds some way to read from the database, they won’t know user’s passwords.

For the context of roblox, I think the code system mentioned above would be best.
But from a gameplay perspective, I think an animation of the character logging in and automating the login with roblox userId would be more aesthetic and user-friendly.

Yeah, in the future I might do it so if the player is in a group it’ll automatically log them in. For now, I think this is cool haha

Maybe just say “Code” instead of “Password” and make a little note saying do not put in real information.