RedFalling wrote:I really can't understand how so many people are getting hacked. Jagex only sends you messages in your runescape inbox and they will never ask you for our log in details cause, they already know them. Are people going to fan sites that are untrusted or are people just to trustworthy of their friends? I have friends that I have known for years in real life and they play, but I would never tell them my password. And don't say keyloggers and viruses. If you have a anti software up to date and don't go to unknown websites, or click untrusted links, you will be fine.
I'm sorry to anyone here that has been hacked, and I truly hope you recover quickly.
Been so long since I changed my rs pw, that I havent looked into the security of rs log in, but unless its changed it was case insensitive, and no symbols, given that most people still use variations of words maybe with a few digits thrown in, if you are going for random names, you could probably brute force hundreds of names an hour.
As I say I really dont know how well RS protects against this kind of cracking - it might be very secure - but its good password security anyway not to use words, but Assuming you have a pretty large word list you can use that word list ( a word list is literally a txt document with 100's 1000's or a full dictionary of words) as passwords you'll be amazed how many people with ie the name deep, will have the password deep or deep7, but assuming most people arent that stupid a vast majority will have a password like red47blue or 888james etc.. now assuming u have a common list of say 10000 words, that are commonly used as a pw, names, sports, teams, common game words (guthix sara), etc etc... and a simple program that will run those words with prefixes and suffixes, like 818valley or liverpool123 or other words dfsowner1 etc.. and with the same program maybe put 100 common rs words together for a username; like sara dfs pure rune dragon etc.. it will do those words 100x100, ie with that short list:
sara dfs pure rune dragon:
Saradfs
Sara_dfs
Sara__dfs
SaraPure
Sara__pure
SaraRune
Sara_Rune
Sara__Rune
SaraDragon
Sara_Dragon
Sara__Dragon
DfsSara
DfsPure
etc.. etc.. etc.. add in maybe the numbers 1-10 and some commonly used suffixes or prefixes like uk or xx or red etc, you quickly have tens of thousands of names, a simple program would check which of those 10k+ names actually exist, then depending on the individual they might try those names against a list of 50 common passwords, might take a few hours, or against a full word list as I explained above, might take a few days with enough proxies, but with probably the simple 50 common passwords list you can assume they would crack maybe 50+ names, with a full word list and enough proxies / time to spare ( think people who may do this for a living, bots may be beaten?, but stealing 100's of millions of gp off of other players and selling it is still viable)
I dont post this as a means of doing it, because there certainly isnt enough information on how you would do it, but as an information tool for people when choosing passwords, if you choose a word, or words and numbers or just letters or just numbers etc.. you can have the best personal computer security in the world and still lose your account, given that rs doesnt have case sensitivity or special characters allowed. use of words in any form as you password would be extremely careless and your account easily stolen. (that is in general to reds question and not aimed at anyone as I dont know anyones who's account has been hackeds circumstances)
^^^ sorry long winded post and no time to check if its readable or makes sense lol
in short always follow personal computer safety set out several places in this forum and you are very unlikely to be hacked
Follow simple password security ( i know some people used to laugh at me when i sent them new passwords on the forum, because they are so hard to remember - and i was pretty stupid and didnt follow my own advice recently after forgetting one of my pw's) but on things like this forum where you can use symbols and letters numbers etc.. use something like **6yYe(oPh£rtnm7!" (hope i didnt guess someones password lol) and you will never have ur pw cracked on something like rs where case sensitivity is off and no symbols are allowed use a good number and letter mix, and make sure the numbers arent commonly used together, 123 747 818 etc.. and the letters are not words! and u will not be cracked