Accounts on the popular online gaming platform keep getting hacked. So, how can you better protect your Roblox account?
First things first. Make sure that you are using a unique, hard-to-crack password for your Roblox account. That means not using a simple, easy-to-guess password, dictionary words, or passwords that you are using anywhere else online.
That last point is particularly important, perhaps the biggest mistake internet users make when it comes to securing their accounts is to use the same password in multiple places. Reusing passwords across different services means that if a hacker breaches one website’s password database they can then use those passwords to see if they unlock your other online accounts.
For instance, Mark Zuckerberg had his Twitter, LinkedIn, Instagram and Pinterest accounts hacked in 2016 because he was using the same password for them as he’d been using on LinkedIn, which suffered a password breach in 2012.
But choosing a unique, strong, password isn’t enough. That password could still be phished from you, for instance.
And that’s why I recommend that computer users enable two-factor authentication or two-step verification (read this if you want to know the difference) where available, to add an extra step to the login process.
How to enable two-step verification (2SV) for your Roblox account
Having logged into your Roblox account from a desktop or laptop computer, click on the cog in the upper-right hand corner of the screen and choose “Settings”.
Choose the “Settings” tab, and enable “2 Step Verification”.
Note that if you haven’t already done so, you will need to give Roblox an email address (and verified it) before enabling two-step verification. The reason why Roblox requires this will become clear in a moment.
Your account is now protected.
Next time you attempt to log into Roblox, the site will ask you for not just a username and password, but also a six digit code.
This is the reason why Roblox requires you to give it a verified email address. Upon attempting to login, you should have received in your email a message from Roblox containing the temporary verification code.
Of course, if it wasn’t you trying to access your Roblox account you now have a heads-up that someone else was… and that maybe your username and password have been compromised.
Email-based 2SV, not app-based
Users who are familiar with 2FA and 2SV will notice that there’s a difference between how Roblox has implemented two-step verification and the way that many other online services do it.
Many websites these days offer app-based 2SV where an authenticator app – often running on the user’s smartphone – generates a six digit code to help the user authenticate their identity.
The idea is that a hacker might have managed to grab your password, but they won’t – hopefully – have physical access to your smartphone.
Roblox, unfortunately, does not offer users the option of app-based 2SV. Instead when you attempt to log into an account protected by 2SV, Roblox will send a code to your email address. And that’s the code you enter to complete your login.
That’s certainly better protection than simply defending your Roblox account with a username and password, but it’s not going to be much help if a hacker has also managed to compromise your email account, and so is able to view the verification code that Roblox has just emailed to you.
My guess is that Roblox feels it’s easier to support two-step verification conducted only via email, particularly with a userbase largely made up of youngsters.
But it seems a shame that Roblox is not offering the option of app-based authentication which has been adopted by so many other sites.
Read more about two-factor authentication and two-step verification:
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.