Secure Your Account

Go down

Secure Your Account Empty Secure Your Account

Post by elemntsk8ter on Mon May 27, 2019 6:00 pm

Wanted to bring this topic back to life after hearing of numerous recent occurrences. As a security professional, it pains me to see accounts being compromised, but unfortunately it is all too real for many of us. I am going to expand upon some of the tips that @Zvny started here:

1. Make a different email for your RuneScape account.
Runescape does not allow for extremely strong passwords. Ensure that it is at the very least a long password and follow the below steps to keep your email account secure.

2. Put an Authenticator on your email account.
Using two-factor authentication requires something you know and something you have. You know your password, you have a phone or an application that provides a TOTP (Time-based One Time Password). I recommend using Authy for multifactor. It can be installed on computer, on a smartphone, or even in a Chrome Browser. I recommend the smart phone if you can choose between those three. Authy allows you to store and backup multiple accounts' two factor authentication codes wherever Google Authenticator is an option. You can also use it on multiple devices which is a plus over Google Authenticator.

3. Use a password that you've never used anywhere else.
Your email should have a strong password consisting of at least 8+ (I would say 16+) including lower case, upper case, symbols, and numbers. While this can be inconvenient to have such complex passwords, you can use something like Lastpass to store all passwords in a vault. Use a very strong password for this account and never share it with anyone. 

4. Authenticator on your RuneScape account itself.
See step 2 above about Authy. Apply the same mechanics on your OSRS account as you do for your email.Sign into your account on Runescape.com and go to Account in the upper right. Authenticator will be the first option.

5. Bank pin on your RuneScape account.
Add a bank pin.

6. Never provide your password.
Only input your password on an official Jagex website or client. (Using a third party client such as Runelite or OSBuddy is at your own risk, but considered "safe". Official links provided, as there are fake websites to install malware out there.)
Check the URL for a valid SSL certificate and a proper domain.
Good URL: https[:]//secure[.]runescape.com/m=weblogin[RestOfURL]
Bad URL: https[:]//secure[.]runescape.com.randomdomain.ro/m=weblogin[RestOfURL]

The certificate should be issued to the domain in which you are going. If it does not, or if it is invalid, do not enter credentials.
Secure Your Account Captur11
Secure Your Account Rs11

7. Perform regular system security hygiene.
Make sure your PC is updated regularly. I check for updates on my desktop daily. It is important to keep your systems current to prevent exploits of known vulnerabilities. I use Driver Booster to make sure all my drivers are up to date in addition to the Operating System updates provided by Windows. If you are a Mac or Linux user, while the attack surface is smaller for you, ensuring your system is up to date is an important step.
I also recommend two products for scanning for issues as well. CCleaner and Malwarebytes are both free tools that can be used to scan for registry issues and viruses / malware on your system.

If you ever think: this seems too good to be true, it probably is. If you're not sure, send me the link in a PM on these forums. I'll take a look at it and get back to you as soon as I can. If there are any questions about this.. fire away - I'll answer as best I can.

Happy Safe Scaping!


Last edited by elemntsk8ter on Fri May 31, 2019 1:41 pm; edited 6 times in total
elemntsk8ter
elemntsk8ter
Active Forum Member

Posts : 208
Reputation : 10
Age : 28
Join date : 2017-12-05


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by Eito on Mon May 27, 2019 6:10 pm

Great post ele
Eito
Eito
Active Forum Member

Posts : 51
Reputation : 2
Join date : 2019-03-23


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by ladybird2 on Tue May 28, 2019 6:10 am

well done............if it saves just one person............or makes any others rethink their security............you have de mystified it for us, and are offering on going support, good job Smile
avatar
ladybird2
Active Forum Member

Posts : 1626
Reputation : 84
Join date : 2015-06-08

ladybird


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by Chestnut on Tue May 28, 2019 12:06 pm

Thank you so much for the links. I am currently getting these things.
Chestnut
Chestnut

Posts : 16
Reputation : 1
Join date : 2019-02-04


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by Chestnut on Tue May 28, 2019 12:07 pm

Also it seems that just recently a lot more accounts have been compromised is there anything Jagex themselves can do to battle it?
Chestnut
Chestnut

Posts : 16
Reputation : 1
Join date : 2019-02-04


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by elemntsk8ter on Tue May 28, 2019 2:40 pm

Jagex needs to improve their password complexity allowance, however most compromised accounts come from end user mistakes, like supplying a password unknowingly or downloading malware unknowingly from a fake website.

No matter if a password is "password123!" or "JtTJSasdinad87234$oiad#!lvnUh".. If it is provided to an adversary, it's a useless form of security. A second form of authentication is the best way to prevent it; If the server doesn't recognize the system requesting access, it will prompt for a second form of authentication that hopefully only you have access to. Implementing that was a step in the right direction for Jagex.
elemntsk8ter
elemntsk8ter
Active Forum Member

Posts : 208
Reputation : 10
Age : 28
Join date : 2017-12-05


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by Mimikyutie on Wed May 29, 2019 12:26 pm

Very well done! You detailed everything very succinctly!
Mimikyutie
Mimikyutie

Posts : 34
Reputation : 4
Join date : 2019-02-17


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by Iwan on Wed May 29, 2019 12:43 pm

good post element, every1 should do this and its almost impossible to get hacked. also be aware of fake links to the runescape website. mainly on twitch there are alot of fake streams that have a link to them. i also wanna point out that runescape passwords arnt case sensitive, so your best bet is to have a long password.
Iwan
Iwan
Active Forum Member

Posts : 420
Reputation : 2
Join date : 2017-09-15


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by The_Gamed on Fri May 31, 2019 1:36 pm

Great post Ele, some good tips in there for all unaware or recently suffering from account tampering.
The_Gamed
The_Gamed
Active Forum Member

Posts : 123
Reputation : 2
Join date : 2018-10-30


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by TheHeavyJ on Sat Jun 15, 2019 10:42 am

Thanks for putting this together. I do these things already, so yay. That being said, I am very pleased to have had a best-practices post to see if I had anything missing. Top notch!
avatar
TheHeavyJ

Posts : 42
Reputation : 0
Join date : 2016-07-10


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by KingNightfury on Sat Jun 15, 2019 12:41 pm

how do u feel about windows defender?
KingNightfury
KingNightfury
Active Forum Member

Posts : 250
Reputation : 5
Age : 24
Join date : 2017-05-05


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by elemntsk8ter on Mon Jun 17, 2019 2:11 pm

@KingNightfury - Windows Defender isn't bad, but it's also not great. It would be best to leverage it in addition to another program. Hopefully what gets missed by one program will be picked up by another.

ClamAV or Malwarebytes (previously mentioned) are "best-in-breed" options to help augment WD.
elemntsk8ter
elemntsk8ter
Active Forum Member

Posts : 208
Reputation : 10
Age : 28
Join date : 2017-12-05


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by KingNightfury on Mon Jun 17, 2019 2:18 pm

@elemntsk8ter wrote:@KingNightfury - Windows Defender isn't bad, but it's also not great. It would be best to leverage it in addition to another program. Hopefully what gets missed by one program will be picked up by another.

ClamAV or Malwarebytes (previously mentioned) are "best-in-breed" options to help augment WD.
ok ty cause rn ive been going with just defender, ima put in Malwarebytes to give it a hand, ive used it before to clean one of my friends malware locked laptops.
KingNightfury
KingNightfury
Active Forum Member

Posts : 250
Reputation : 5
Age : 24
Join date : 2017-05-05


Back to top Go down

Secure Your Account Empty Re: Secure Your Account

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum