Secure Your Roblox Account

Stop password reset spam. Enable 2FA. Add an Account PIN. Lock down your email and sessions.

“Help — someone is trying to reset my password!”

Follow these steps immediately. Don’t click links from suspicious emails. Go directly to roblox.com/login.

1) Immediate Actions

Change your Roblox password to a unique, strong password you don’t use anywhere else.
Enable 2-Step Verification (2FA) with an Authenticator app in Settings → Security. This blocks logins even if someone has your password.
Turn on Account PIN (Settings → Parental Controls) to prevent changes to security settings and trades without your 4-digit PIN.
Log out of all other sessions (Settings → Security → “Log out of all other sessions”).
Secure your email: change your email password, enable email 2FA, and remove any unknown forwarding rules or filters.

2) Set Up 2FA the Right Way

In Settings → Security, enable 2-Step Verification. We recommend an authenticator app (TOTP) rather than only email codes. Popular options: Google Authenticator, Microsoft Authenticator, 1Password, or Authy.

Save recovery codes in a password manager.
Don’t share codes. Roblox staff will never ask for them.

3) Strengthen Your Credentials

Use a long passphrase (12+ characters) with mixed words, numbers, and symbols.
Never reuse passwords. If reused anywhere, change that password too.
Store passwords in a reputable password manager.

4) End Other Sessions & Check Devices

In Roblox Settings → Security, click “Log out of all other sessions.”
Update your devices and run a malware scan to rule out keyloggers.
Review connected devices/browsers for anything unfamiliar and revoke access when possible.

5) Secure Your Email (Critical)

If an attacker can control your email, they can reset your Roblox password.

Change your email password and enable 2FA on your email account.
Remove unknown forwarding rules, filters, or backup email addresses.
Check recent activity and sign out other email sessions.

6) Spotting Phishing & Fake Reset Emails

Check the sender domain and links. When in doubt, don’t click—go to roblox.com/login directly.
Never enter your password on pages reached from suspicious emails or DMs.
Roblox employees won’t ask for your password or 2FA codes.

7) If You Can’t Access Your Account

Try account recovery at roblox.com/login → Forgot Password/Username.
Contact Roblox Support at roblox.com/support. Provide username, email, device info, and recent activity (but never your password or full 2FA codes).
If your email is compromised, secure the email first, then reset Roblox password.

8) Quick Message Template to Support

Subject: Account Security — Password Reset Spam / Possible Unauthorized Access Hello Roblox Support, I’m receiving password reset emails that I did not request and I’m concerned about unauthorized access. Details: - Username: <username> - User ID (if known): <id> - Email on file: <email> - Approximate time of suspicious activity: <time> Actions taken: Changed password, enabled 2FA with authenticator, added Account PIN, and logged out of all other sessions. Please review my account security and let me know if you see unusual logins. Thank you, <name>

9) FAQs

Will enabling Account PIN lock me out?

No. The PIN only protects settings changes (including security and trade settings). Keep the PIN private.

Do I need 2FA if I have a strong password?

Yes. 2FA stops attackers even if your password leaks or is guessed.

I lost access to my authenticator—what now?

Use recovery codes you saved during setup. If you don’t have them, contact Roblox Support with proof of ownership.