Password guessing

Password Guessing or Password Cracking, commonly abbreviated as PGing/PCracking, is an action in which an attacker attempts to enter different password combinations to get into a user's account. This has a questionable effect, as most methods require that the victim is using a weak or common password such as 'apple', or a password named after something they like that is told on their profiles.

PGing has been a common practice in 2017, where players snipe accounts just for name snipes or to act that you are older on ROBLOX. When ROBLOX added the forum age limit on May 1, 2017, due to a mass forum raid, most people used PGed accounts just to access the forum.

Making a Strong Password
Abbreviating some phrase ("People live in glass houses" producing "pligh") also ensures protection from dictionary attacks (which is a form of bruteforcing) and makes it easy to remember. You cannot make simple or short passcodes and will get the message "Please create a more complex password" if you do. A good way to create a strong password is to use unexpected spaces, like putting a space in the front of your password (e. g. " pI igh * " ) and using spaces.

One great way to test how effective your password will be is through How Secure Is My Password, which gives advice if it deems your password too weak in order to make it stronger and thus more difficult to guess.

Additional Protection against PGing

 * 2-Step Verification makes you enter a code before the account can be used, which is sent to the email linked to your Roblox account when a successful login attempt is made. This means that even if your account is breached by a password guesser, they cannot access it unless they have the code. 2-Step Verification can be enabled from your account’s Settings.
 * Adding a PIN to your account will mean that if your account does happen to be accessed, the guesser won’t be able to change your account’s important settings such as email and password without the correct PIN number being input first. When you enter the PIN, your account’s settings will be ‘unlocked’ for up to 5 minutes which means you edit them before the timer runs out or lock them earlier by clicking on the button again if you are already done editing your details.

Consequences
Within the past year or two, ROBLOX have been cracking down on accounts that appear to be stolen. For example, if an account logs on for the first time in 10 years and changes the password or email, ROBLOX will lock the user out of the account and revert the email address, OR will terminate the account.