A Password is a set of characters which is used to gain access to an account. It is recommended to change your password every 1 to 3 months to ensure that your account stays secure. Never tell anyone the password of your account as it will compromise the security of your account. Jagex Moderators will never ask for your password. Anyone that attempts to ask for your password should immediately be reported for scamming. There is a system that prevents any IP address from accessing any RuneScape account if five or more incorrect passwords are tried in succession. This is to prevent would-be hijackers from gaining unauthorised access to your account.
Password creation advice[edit | edit source]
A RuneScape password can be anywhere from 5-20 characters, and is not case sensitive. Currently there is no support for special characters. It is recommended to choose a password that is closer to the maximum length.
To improve on your overall password security, abide by the following steps:
- Keep it unique
- Use a unique password for each of your accounts Reusing passwords is risky. If somebody figures out the password for one account, or if a database is breached they could potentially gain access to other accounts (think: email, RuneScape, banking, and more)
- Make sure your password has a mix of letters and numbers. This makes it harder for somebody to guess.
- Don't get personal
- Don't use personal information or common words
- Make your password difficult to guess by selecting a random word or phrase and inserting letters and numbers into the beginning, middle and end
- Remember it
- If it gets too burdensome to remember all passwords across your internet presence, use a trusted password manager to store your login information. Most Password managers use 256-bit encryption and use a master password to login with - the master password is the only one you need to remember.
- Stay Accessible
- Make sure your registered email is up-to-date and secure. It is important to remember that your password is only as secure as the registered email on your account. To secure your email, ensure the password used on it is different, and protect your email with 2-Step Verification.
- Add an extra layer of security with the Runescape Authenticator.
- This extra defence means that even if someone knows your password they will be unable to access your account
General password security[edit | edit source]
- DO NOT pick any word or number which has a connection to you, so don't pick your favourite animal or your house number.
- DO NOT use your phone number or any personal information as your password. This can be easily guessed by a friend or relative.
- DO NOT just use a number at the end of a word, such as apple1.
- DO NOT use common number and letter substitutions e.g. 4 as the word 'for', 1 as 'L' or 'I', 5 as 'S'
- DO NOT use repeating characters 'bbbbbbbbbb' or series of characters such as 'kbkbkbkbkbkb' or also something like 'rs2rs2rs2rs2'.
- DO NOT use your real name, account name or name of an item either forwards, backwards or divided up.
- DO NOT use a series of characters off any keyboard such as 'adfsghd', 'lkjhgf' or 'qazwsxedc', as these are very common and hijackers will look for these.
- DO NOT fall for users saying that the system will censor your password.
- DO NOT give your password to anyone. This includes any friends, relatives, or other player.
- DO NOT use a password that you've previously used on your account.
- DO NOT combine your RuneScape password with other things such as your email account. If the password for one is discovered, access to your RuneScape account becomes much easier for hijackers.
- DO NOT use your RuneScape password a second time for an account on another website, or for secondary RuneScape account.
- Be careful about keeping your RuneScape password in places where it may be accidentally discovered, like in a Microsoft Word document.
- Passwords should not be entered if there is someone directly behind you.
- Passwords should never be entered on any website besides runescape.com. Many non-legitimate websites have keyloggers, which record and steal players' passwords. The same rule applies to RuneScape fansites as well - including the RuneScape Wiki. The cheats and scams page can teach you many common scams to be aware of.
The cheats and scams page can teach you many common scams to be aware of.
Changing your password[edit | edit source]
To change your password, log into the RuneScape website from the button at the top-right of the home page, and click "My Account". Once you log into your account settings, click on "Change Password". It will bring you to a screen prompting you to send a link to your registered email. Check your email for a link to to enter your new password.
If you have forgotten your password entirely, you can click on the "Can't log in?" button from within the Old School RuneScape client and request for a password reset to be sent to your registered email address after entering your login. Otherwise, use the Reset Password support page on the RuneScape website.
It is strongly advised to run virus scan software prior to changing or resetting your password if you suspect your computer might be infected by a keylogger or you have any other security concerns, or use a different computer of which you know it is secure. You run the risk of losing access to your account from a hijacker if you don't run a virus scan.