As account scamming tactics evolve, we remain ever-vigilant in promoting good account security practices. Here are some good tips to follow on keeping your accounts secure:
- If two-factor authentication (2FA)/two-step verification (2SV) is available, use it. Enabling 2FA/2SV allows you a second line of defense against malicious user attempting to access your account. While we understand that having to verify yourself twice-over can be tedious, the extra step is worth it to protect your account against unauthorized access.
- Use unique passwords for all accounts. One of the easiest ways you can get your accounts stolen doesn’t even have to involve you. When you sign up for a website using a password, you’re effectively trusting that the website to have impenetrable security that will never allow malicious people to access your account information. This is not always the case, and many notable security breaches back this up. Think of your passwords like keys: if you use the same password for every website, you’re effectively creating a bunch of copies of the same key; if someone steals that key, they can get into anything that key is used for! Unique passwords are one of the most important practices in keeping everything secure.
- Roblox admins will never ask you for your password! Anyone who asks you for your password is trying to steal your account and should be reported through the Report Abuse button.
- Do not give your cookies to other people. One popular form of stealing accounts through social engineering involves the victim giving up their cookie data. This is like giving the attacker access to your account directly. If somebody asks you what your .ROBLOSECURITY cookie is, they’re trying to steal your account!
- Protect your personal information. Any information you share via digital communications has the chance to wind up in the hands of someone else; sharing things like your address and phone number is ill-advised. If people start asking you about your life, like old pet names or your birthday, and you don’t know why, they are likely phishing for information they can use to guess your passwords.
- Be careful when downloading browser extensions. There are many browser extensions that will steal your account or could be otherwise harmful to your computer. You should only download browser extensions from trusted sources.
- Roblox customer service may ask you to verify partial account or billing information if you need assistance with your account or a request submitted via our official support form here: www.roblox.com/support. Roblox employees will never ask you for your password or full credit card information. Roblox employees with an admin badge on the Roblox website may reach out to users, via Roblox private messages, to confirm email contact; they will otherwise never ask you for account information.
- There is no such thing as free Robux or Builder’s Club. Websites telling you otherwise are trying to steal your account.
Think your Roblox account has been compromised? Follow the guide here to figure out how to recover anything that was stolen!
Thanks, and be safe out there,
Developer Relations Team