How to better protect your Roblox account from hackers with two-step verification (2SV)

How to protect your Roblox account from hackers with two-step verification (2SV)

Accounts on the popular online gaming platform keep getting hacked. So, how can you better protect your Roblox account?

First things first. Make sure that you are using a unique, hard-to-crack password for your Roblox account. That means not using a simple, easy-to-guess password, dictionary words, or passwords that you are using anywhere else online.

That last point is particularly important, perhaps the biggest mistake internet users make when it comes to securing their accounts is to use the same password in multiple places. Reusing passwords across different services means that if a hacker breaches one website’s password database they can then use those passwords to see if they unlock your other online accounts.

For instance, Mark Zuckerberg had his Twitter, LinkedIn, Instagram and Pinterest accounts hacked in 2016 because he was using the same password for them as he’d been using on LinkedIn, which suffered a password breach in 2012.

But choosing a unique, strong, password isn’t enough. That password could still be phished from you, for instance.

And that’s why I recommend that computer users enable two-factor authentication or two-step verification (read this if you want to know the difference) where available, to add an extra step to the login process.

Sign up to our free newsletter.
Security news, advice, and tips.

How to enable two-step verification (2SV) for your Roblox account

Having logged into your Roblox account from a desktop or laptop computer, click on the cog in the upper-right hand corner of the screen and choose “Settings”.

Roblox cog

Choose the “Settings” tab, and enable “2 Step Verification”.

Roblox settings

Note that if you haven’t already done so, you will need to give Roblox an email address (and verified it) before enabling two-step verification. The reason why Roblox requires this will become clear in a moment.

Your account is now protected.

Roblox 2sv enabled

Next time you attempt to log into Roblox, the site will ask you for not just a username and password, but also a six digit code.

Roblox verification dialog

This is the reason why Roblox requires you to give it a verified email address. Upon attempting to login, you should have received in your email a message from Roblox containing the temporary verification code.

Roblox verification email

Of course, if it wasn’t you trying to access your Roblox account you now have a heads-up that someone else was… and that maybe your username and password have been compromised.

Email-based 2SV, not app-based

Users who are familiar with 2FA and 2SV will notice that there’s a difference between how Roblox has implemented two-step verification and the way that many other online services do it.

Many websites these days offer app-based 2SV where an authenticator app – often running on the user’s smartphone – generates a six digit code to help the user authenticate their identity.

The idea is that a hacker might have managed to grab your password, but they won’t – hopefully – have physical access to your smartphone.

Roblox, unfortunately, does not offer users the option of app-based 2SV. Instead when you attempt to log into an account protected by 2SV, Roblox will send a code to your email address. And that’s the code you enter to complete your login.

That’s certainly better protection than simply defending your Roblox account with a username and password, but it’s not going to be much help if a hacker has also managed to compromise your email account, and so is able to view the verification code that Roblox has just emailed to you.

My guess is that Roblox feels it’s easier to support two-step verification conducted only via email, particularly with a userbase largely made up of youngsters.

But it seems a shame that Roblox is not offering the option of app-based authentication which has been adopted by so many other sites.

Read more about two-factor authentication and two-step verification:

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “How to better protect your Roblox account from hackers with two-step verification (2SV)”

  1. Cutieplier Gaming

    nice thank u it helped me and my almost hacked account with this

  2. Wished Roblox and hackers never existed

    Didn't help. Also Roblox has been having this app based verification for a while now and I had it enabled when my account was hacked by a waste of air called omarderkk2 and his alt account dima_rostovskyeathui. ALL my valuables that could be moved are now stolen. How did they get into it? I have no clue. I NEVER shared my password, NEVER went to any other sites other than Roblox itself to enter my password, NEVER logged into Roblox from any other devices than my own and no one has phyical access to my devices. I did learn however that Adopt Me publishes lists of players and makes it known which player has which items which is rancid and easily makes people targets of hackers. This is a very big issue with Roblox. IF all my progress and the endless hours I spent on Roblox is going to get stolen from me just like that in a jiffy by a waste of air, how can I even trust the site to even want to play games there?! Anyways, the hackers tried his best to lock me out and fully steal my whole account (I'm sure he steals people's Robux too but I myself never had any Robux) and I barely managed to get my account back but I reported all this both to Adopt Me and Roblox, neither are showing any care in the safety of us users. Adopt Me even has disabled our ability to report hackers to them! As if there is anything else we could do or anyone else we could ask for help! I'm furious, not going to lie, I spent AGES and DAYS of my life building my account and playing and getting rewards and now … now what?! Some mentally diseased terrorist ate up all my progress and all those hours of me pushing myself to better my account and my ranking and possessions in games … . And how he got through the two step verification? Maybe he is part of Roblox? Since I see many others saying they too were hacked despite the two step verification, it makes me think these hackers in fact are from Roblox itself or work for it cause what else could explain that!? Either way, I'm very disappointed and angry with both Adopt Me and Roblox due to their irresponsible behavior and lack of care or respect for their users. I lost more than 700 items of mine that I worked hard, raged, shed tears and lost sleep at many nights to gather in Adopt Me!! And now what? They're basically saying that we can't even report them and that they won't do anything about it because they're "busy"! If you're so busy and so useless in providing the users with the safety they need, you had no rights to even make a gaming site in the first place! And they're making billions from the people buying Robux, and they're saying that can't spare some of that money to recruit more mods and admins to tend to the reports? I mean who else do they think I have to go to to ask for help or who else can remove and ban hackers from Roblox? My local police?! I talked to many others too and all said that despite them reporting too, Roblox never did anything to help them or to ban the hackers. I can't even explain how angry I am from this unfairness and injustice. If I was rich I wouldn't hesitate to go to the US and fully sue Roblox for this. I'm writing to you right now knowing that at any moment I could get hacked again as soon as that hacker notices that I managed to get into my account but what can I do to prevent that? Thanks to rancid Roblox and vile Adopt Me, NOTHING! How is that fair? Any hosts MUST endure their users will be safe. Roblox don't even care about that!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.