Password guessing

Password Guessing, commonly abbreviated as PGing and known in cryptography as Password Cracking (commonly abbreviated as PCracking), is an action in which a user tries to use different password combinations to get into another user's account. This has a questionable effect, as most methods require that the victim is using a weak or common password such as "abc123", "password", "qwerty", "123456", the player's username, or a password named after something they like that is told on their profiles.

PGing has been a common practice in 2017, where players snipe accounts just for name snipes or to act that you are older on ROBLOX. When ROBLOX added the forum age limit on May 1, 2017, due to a mass forum raid, most people used PGed accounts just to access the forum.

Making a Strong Password
. Abbreviating some phrase ("People live in glass houses" producing "pligh") also ensures protection from dictionary attacks (which is a form of bruteforcing and PGing) and makes it easy to remember. You cannot make simple or short passcodes and will get the message "Please create a more complex password" if you do. A good way create a strong password is to use unexpected spaces, like putting a space in the front of your password (e. g. " pI igh * " ) and using spaces.

One great way to test how effective your password will be is through [|How Secure Is My Password], which gives advice if it deemed weak to make it stronger and thus more difficult to guess.

Additional Protection against PGing

 * 2-Step Verification makes you enter a code that is sent to the email on your Roblox account when you log in successfully, which means that even if your account is breached by a password guesser, they cannot access unless they have the code. 2-Step Verification can be enabled from your account’s Settings.
 * Adding a PIN to your account will mean that if your account does happen to be accessed, the guesser won’t be able to change your account’s important settings such as email and password without the correct PIN number being input first. When you enter the PIN, your account’s settings will be ‘unlocked’ for up to 5 minutes meaning you can edit them before the timer runs out, or lock them again anyway.

Consequences
Within the past year or two, ROBLOX have been cracking down on accounts that appear to be stolen. For example, if an account logs on for the first time in 10 years and changes the password or email, ROBLOX will lock the user out of the account and revert the email address, OR will terminate the account.