Secure Your Account

Wanted to bring this topic back to life after hearing of numerous recent occurrences. As a security professional, it pains me to see accounts being compromised, but unfortunately it is all too real for many of us. I am going to expand upon some of the tips that @Zvny started here:

1. Make a different email for your RuneScape account.
Runescape does not allow for extremely strong passwords, and I believe they are not case sensitive so "PASSWORD1230!" will be the same as "password123!" or "PaSsWoRd123!". Ensure that it is at the very least a long password and follow the below steps to keep your email account secure.

2. Put an Authenticator on your email account.
Using two-factor authentication requires something you know and something you have. You know your password, you have a phone or an application that provides a TOTP (Time-based One Time Password). I recommend using Authy for multifactor. It can be installed on computer, on a smartphone, or even in a Chrome Browser. I recommend the smart phone if you can choose between those three. Authy allows you to store and backup multiple accounts' two factor authentication codes wherever Google Authenticator is an option. You can also use it on multiple devices which is a plus over Google Authenticator.

3. Use a password that you've never used anywhere else.
Your email should have a strong password consisting of at least 8+ (I would say 16+) including lower case, upper case, symbols, and numbers. While this can be inconvenient to have such complex passwords, you can use something like Lastpass to store all passwords in a vault. Use a very strong password for this account and never share it with anyone. 

4. Authenticator on your RuneScape account itself.
See step 2 above about Authy. Apply the same mechanics on your OSRS account as you do for your email.Sign into your account on Runescape.com and go to Account in the upper right. Authenticator will be the first option.

5. Bank pin on your RuneScape account.
Add a bank pin.

6. Never provide your password.
Only input your password on an official Jagex website or client. (Using a third party client such as Runelite or OSBuddy is at your own risk, but considered "safe". Official links provided, as there are fake websites to install malware out there.)
Check the URL for a valid SSL certificate and a proper domain.
Good URL: https[:]//secure[.]runescape.com/m=weblogin[RestOfURL]
Bad URL: https[:]//secure[.]runescape.com.randomdomain.ro/m=weblogin[RestOfURL]

The certificate should be issued to the domain in which you are going. If it does not, or if it is invalid, do not enter credentials.



7. Perform regular system security hygiene.
Make sure your PC is updated regularly. I check for updates on my desktop daily. It is important to keep your systems current to prevent exploits of known vulnerabilities. I use Driver Booster to make sure all my drivers are up to date in addition to the Operating System updates provided by Windows. If you are a Mac or Linux user, while the attack surface is smaller for you, ensuring your system is up to date is an important step. There's no need to pay for the premium versions of this, and I haven't tested the other products they offer.
I also recommend two products for scanning for issues as well. CCleaner and Malwarebytes are both free tools that can be used to scan for registry issues and viruses / malware on your system.

If you ever think: this seems too good to be true, it probably is. If you're not sure, send me the link in a PM on these forums. I'll take a look at it and get back to you as soon as I can. If there are any questions about this.. fire away - I'll answer as best I can.

Happy Safe Scaping!

Great post ele

well done............if it saves just one person............or makes any others rethink their security............you have de mystified it for us, and are offering on going support, good job

Thank you so much for the links. I am currently getting these things.

Also it seems that just recently a lot more accounts have been compromised is there anything Jagex themselves can do to battle it?

Jagex needs to improve their password complexity allowance, however most compromised accounts come from end user mistakes, like supplying a password unknowingly or downloading malware unknowingly from a fake website.

No matter if a password is "password123!" or "JtTJSasdinad87234$oiad#!lvnUh".. If it is provided to an adversary, it's a useless form of security. A second form of authentication is the best way to prevent it; If the server doesn't recognize the system requesting access, it will prompt for a second form of authentication that hopefully only you have access to. Implementing that was a step in the right direction for Jagex.

Very well done! You detailed everything very succinctly!

good post element, every1 should do this and its almost impossible to get hacked. also be aware of fake links to the runescape website. mainly on twitch there are alot of fake streams that have a link to them. i also wanna point out that runescape passwords arnt case sensitive, so your best bet is to have a long password.

Great post Ele, some good tips in there for all unaware or recently suffering from account tampering.

Thanks for putting this together. I do these things already, so yay. That being said, I am very pleased to have had a best-practices post to see if I had anything missing. Top notch!

how do u feel about windows defender?

@KingNightfury - Windows Defender isn't bad, but it's also not great. It would be best to leverage it in addition to another program. Hopefully what gets missed by one program will be picked up by another.

ClamAV or Malwarebytes (previously mentioned) are "best-in-breed" options to help augment WD.

elemntsk8ter wrote:@KingNightfury - Windows Defender isn't bad, but it's also not great. It would be best to leverage it in addition to another program. Hopefully what gets missed by one program will be picked up by another.

ClamAV or Malwarebytes (previously mentioned) are "best-in-breed" options to help augment WD.

ok ty cause rn ive been going with just defender, ima put in Malwarebytes to give it a hand, ive used it before to clean one of my friends malware locked laptops.

bumping this to keep your account safe!

Great guide. Thank you for posting this.

thank you, i maked all steps from your security tips guide. many thank you

bumping this due to discussion in game

yooo, those links were actually super helpful. Cheers.

also idk how but that malwarebytes thing fixed my wifi on my laptop and my desktop <3

good tips .. i always use cc cleaner nowadays and surprisingly enough windows security is pretty tight on 11 . we now use it over nortons and mcafee .. nortons has turned into one big scam it seems .. malwarebytes works well ..
anywho yea lots of security on rs lol , always use 2 step and as well use a 2 step on your mail if possilbe  . but from what i understand runelite has some exploits and has contributed to peoples accounts getting hacked i wonder how true that is , i did check it out but un sure if its worth it over all to use