Jump to content

Securing your RS account.


Bobby

Recommended Posts

Edit 4/7/23 - as Jagex has launched a better option for securing your accounts (and it is still in beta), it is indeed a better option then what was posted below sooo long ago.. Please review what they posted on the RS site and set up your account with protection using this method. The link is below but you can always go directly to the runescape website and access it from your account settings as well.

Please note it only works with the official client for rs3 at the moment and does not support linux.

 

https://secure.runescape.com/m=news/jagex-accounts---open-beta-begins

https://secure.runescape.com/m=news/jagex-accounts-closed-beta

 

 

 

Nowadays without the proper security, it is very simple for your runescape account to be hacked. never fear though, if properly secured, then your account will be safe.

Lets go over a few basics first.

things you will need:

Antivirus software: links are provided below

Smartphone: Android, IOS, Windows Phone, Blackberry

Email Address - Preferred to use gmail.

Antivirus Protection: goes to say that you should have an antivirus program installed on your computer.

Option one is Avast https://www.avast.com/index

if you arent interested in avast, you can go with AVG www.free.avg.com ,

I'm not saying that these are the best ones, however these 2 are the ones i use. there are many more out there that can do the same thing.

2 step authentication / Smart phone: if you have a smart phone (yes this includes windows phone too) For this, you will need a smart phone. Go install google authenticator on it. windows phone doesn't use the google app, but it has an app that is compatible with google services and will work fine for what we will use it for.

After you have installed the app on your phone and you verified your computer is virus free, head over to runescape.com and log into your account. You will need to click on account settings and open the authenticator option, then go through the options to set up the authentication. you will need to have the smartphone app opened while doing this.

mgkfBAk.png

EDIT: 2 STEP auth without a smartphone. I'm posting a link for steps to set up winauth for those of us who do not have a smartphone. If you set it up on a flash drive, make sure you don't lose it.

http://services.runescape.com/m=rswiki/en/Authenticator_codes_on_a_desktop_or_laptop

Alright i have authentication set up, am i good to go?

NO!

Guess what, you are only halfway done. you now need to set up 2 step authentication for your email address

WHY?

If someone hacks into your email address and uses it to recover your account, guess what happens? your 2 step authentication for Runescape will be REMOVED!!

We don't want this.

i RECOMMEND you make and use a google email address for this if you dont already have one (and even if you do, you can make an email dedicated just to runescape)

Once it is created/made, make sure you link your runescape account to it otherwise there is no point., back to the picture up top, click on Email and Communication preferences and link the email address you just set up to your runescape account.

now that it is linked, lets set up 2 step authenticaton for this email address

go back to google.com and make sure you are signed into your account, then click on the face icon in the upper right corner and click on "my account"

WQrNL30.png

after you do this, click on 2 step verification and it will run you though some steps to set up 2 step authentication for this account

lQR5yXq.png

Make sure you have a phone number ready for this next step, I use texting to receive my codes personally, but you are able to set it up to provide codes through the app that we have installed earlier or you can even have it call the number in question if you need it to.

bFvPc00.png

Just a few more things....

now that we have authentication set up, make sure you log into game and SET A BANK PIN, Needless to say, you should have a bank pin set for your runescape account. Its silly nowadays to not have one.

With the ability to Change your in game name, us older players should utilize it to our advantages and make use of it. Make sure your login name and in game name are different. Make things harder for other people to figure out your account information.

Also do not click any links in emails that CLAIM to be from jagex. Very Easy way for someone to receive your account information or even worse, they can slip a "bug" onto your computer which will give you issues, viruses, trojan horse, etc.....

If you follow the Steps Above, then you will have worked on making your runescape account much safer.

Edited by Bobby
Jagex updated stuff.. took em long enough
Link to comment

:lol:

 

Thank you, Bobby!

 

Please add in a bit about separating your log in name from your display name (if you don't log in with an email), using a bank pin, not following links in "Jagex" emails. Or I can edit this in later, whatever. 

Link to comment

Should have had all this setup beforehand though :reporter:

To be fair, almost all of this was added long after most current hacking victims stopped playing. Which has made old accounts into easy targets. I personally know people who are meticulous with their security and still managed to lose their accounts because of this.
Link to comment

I might be the only one (actually I probably am) but for those few of us poor people who don't own a smartphone, perhaps stick a tidbit in about using winauth in place of codes sent to your phone :P I have mine set up on a flash drive so I can use it where ever I go :D Also you did an excellent job with this thread!!

Edited by Carsomyr
Link to comment

Should have had all this setup beforehand though :reporter:

To be fair, almost all of this was added long after most current hacking victims stopped playing. Which has made old accounts into easy targets. I personally know people who are meticulous with their security and still managed to lose their accounts because of this.
I thought all these new safety measures made accounts un-hackable unless people shared accounts or had same passwords or link-baited etc. All those 2-steps and text confirmation seems hard to hack. I don't know much though lol :P
Link to comment

Not unhackable, but close enough. But that was my point. An older player would not have authentication set up on their account because it simply didn't exist when last they played. How would they know it's now an option unless someone tells them?

Link to comment

Not unhackable, but close enough. But that was my point. An older player would not have authentication set up on their account because it simply didn't exist when last they played. How would they know it's now an option unless someone tells them?

It does say it on the lobby screen but I get what you're saying, we must spread the word, this guide will do just that! :D

Link to comment

If you're really paranoid, you make an email account that is only linked to your Runescape account and used for nothing else. That way you're less likely to get those phishing emails from fake Jagex people.

Jagex used to have a nice little account setting that let you change what they called you in emails from them. So rather than saying, "Greetings Bleedblack" it would say, "Greetings Queen of Penguins" if I had set it to call me "Queen of Penguins" instead. I had a look and can't find it, which is a shame, because it was such a simple way to know whether or not it was really Jagex contacting you.

Link to comment

I might be the only one (actually I probably am) but for those few of us poor people who don't own a smartphone, perhaps stick a tidbit in about using winauth in place of codes sent to your phone :P I have mine set up on a flash drive so I can use it where ever I go :D Also you did an excellent job with this thread!!

Thanks, I looked into winauth a little bit, I've added it to the OP

Link to comment
  • 1 year later...
  • 1 year later...
  • 1 month later...
  • 6 months later...
  • 2 years later...

I try to do this for all my accounts that allow it. One thing worth mentioning I think is that google also has a Password Checkup that will show you which passwords are weak, reused or the site used has been exposed to a data breach.

Link to comment
  • 6 months later...

This is solid advice! I have lost accounts due to not taking my security serious and it's really frustrating when it happens. In my instance I got socially engineered for my recovery questions, but if I had even 2-factor or a bank pin it would have been much less devastating

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...