Extra Account Security

[DoctorDRAG0N]

An unbelievable mass of players have gotten hacked recently. This is really terrible & I am genuinly very sorry to hear about all of the recent issues some of my friends have been having. Just a piece of advice(aside from all the usual precautions of anti-virus,spyware,bank pin & changing recovery questions every once in again) If you have changed your original screen name twice,(this takes atleast 2 months if you have never done it) there is no-way for anyone to know your original log-in name.(if you dont tell them or they didn't know you previously)

I can post my password on forums & I guarantee you no-one can log onto my account. I am not trying to sound arrogant,but I do feel quite secure knowing no-one aside from myself knows my original rsn. If you change your name once, the "last known as" will give you away when someone adds you to friends list. Doing this twice will prevent anyone that didn't know you before from even attempting to access your account....as they have no idea what not only your password is, but your rsn log-in info as well.

Newer accounts have the luxery (and inconvienience) of using an e-mail as thier log-in names. This takes a little longer to log in but the security benefit of needing 2 pieces of non-provided information definatly outwiegh the inconvienience. If someone asks you your favorite food or the names of your pets or any similar account recovery style questions, Ignore & report them immediatly! Don't be fooled into believing they are talking about common interests, they are most likely trying to recover (a.k.a hack) your account.

I wish everyone in KoA the best & would never wish anyone in RuneScape the mis-fortune of a compramised account. I've worked years on my account & the money really isn't important, but our time is irreplaceable! I know alot of people really like thier original screen-names. But odds are you like having all your stuff even more.

p.s. This post was written in the common interest of all, and not intended as Critisizm to anyone.

[ShadowD3F]

appreciate the post dd

[Diplomatt]

I was thinking about changing my screen name for that very reason.

I do find it very funny when I log into the cc and I see loads of new names that I dont recognise. I usually end up adding them so I can see who they 'used' to be!

By the way, was your original Runescape Name: InternDragon? 1styearDragon? stillatunistudyingDragon?

[onezerobin]

Nice post DD You are right about recovery questions, considering the amount of info kids reveal in d&d clans. I read Chessy's hackers interview; and apparently that's how he stole her account. Couldn't help wondering why did not she create a separate account for the merch clan.

[RedFalling]

I really can't understand how so many people are getting hacked. Jagex only sends you messages in your runescape inbox and they will never ask you for our log in details cause, they already know them. Are people going to fan sites that are untrusted or are people just to trustworthy of their friends? I have friends that I have known for years in real life and they play, but I would never tell them my password. And don't say keyloggers and viruses. If you have a anti software up to date and don't go to unknown websites, or click untrusted links, you will be fine.

I'm sorry to anyone here that has been hacked, and I truly hope you recover quickly.

[Supra]

Funny thing is is i changed my rsn so long ago it shows when people add me as it being my original name, even tho it is not so gf them trying to get ahold of my account.

[Sammathnar]

Funny thing is is i changed my rsn so long ago it shows when people add me as it being my original name, even tho it is not so gf them trying to get ahold of my account.

I think mine looks like that too now. It takes about 60 days for that to happen, I believe.

[Huzzah]

Another tip about recoverys is simply not to make them easy to get info about yourself. Use things that you never have a reason to bring up. Instead of having whats your fav food have the vin number to your car or your sin number or whatnot. Something you'd have no reason to share with anyone and something someone else would have a very hard time to get. Also it can be good to have your rs registered email seperate from the email you use on forums and what not if you have more then one.

Great tip dd although I like my name too much to change it. I just can't picture another 'Huzzah' running around. =/

[Poppy]

I picked up this useful tip in Mumble the other night (thanks Tamal ). Jagex have added an option to extend the delay on re-setting your bank pin from 3 to 7 days. I haven't seen this in any update info but it is available if you talk to a banker.

Hopefully if anyone does get onto your account, it will give you extra time to re-claim it before they get in your bank.

[Deep_Pain]

I really can't understand how so many people are getting hacked. Jagex only sends you messages in your runescape inbox and they will never ask you for our log in details cause, they already know them. Are people going to fan sites that are untrusted or are people just to trustworthy of their friends? I have friends that I have known for years in real life and they play, but I would never tell them my password. And don't say keyloggers and viruses. If you have a anti software up to date and don't go to unknown websites, or click untrusted links, you will be fine.

I'm sorry to anyone here that has been hacked, and I truly hope you recover quickly.

Been so long since I changed my rs pw, that I havent looked into the security of rs log in, but unless its changed it was case insensitive, and no symbols, given that most people still use variations of words maybe with a few digits thrown in, if you are going for random names, you could probably brute force hundreds of names an hour.

As I say I really dont know how well RS protects against this kind of cracking - it might be very secure - but its good password security anyway not to use words, but Assuming you have a pretty large word list you can use that word list ( a word list is literally a txt document with 100's 1000's or a full dictionary of words) as passwords you'll be amazed how many people with ie the name deep, will have the password deep or deep7, but assuming most people arent that stupid a vast majority will have a password like red47blue or 888james etc.. now assuming u have a common list of say 10000 words, that are commonly used as a pw, names, sports, teams, common game words (guthix sara), etc etc... and a simple program that will run those words with prefixes and suffixes, like 818valley or liverpool123 or other words dfsowner1 etc.. and with the same program maybe put 100 common rs words together for a username; like sara dfs pure rune dragon etc.. it will do those words 100x100, ie with that short list:

sara dfs pure rune dragon:
Saradfs
Sara_dfs
Sara__dfs
SaraPure
Sara__pure
SaraRune
Sara_Rune
Sara__Rune
SaraDragon
Sara_Dragon
Sara__Dragon
DfsSara
DfsPure

etc.. etc.. etc.. add in maybe the numbers 1-10 and some commonly used suffixes or prefixes like uk or xx or red etc, you quickly have tens of thousands of names, a simple program would check which of those 10k+ names actually exist, then depending on the individual they might try those names against a list of 50 common passwords, might take a few hours, or against a full word list as I explained above, might take a few days with enough proxies, but with probably the simple 50 common passwords list you can assume they would crack maybe 50+ names, with a full word list and enough proxies / time to spare ( think people who may do this for a living, bots may be beaten?, but stealing 100's of millions of gp off of other players and selling it is still viable)

I dont post this as a means of doing it, because there certainly isnt enough information on how you would do it, but as an information tool for people when choosing passwords, if you choose a word, or words and numbers or just letters or just numbers etc.. you can have the best personal computer security in the world and still lose your account, given that rs doesnt have case sensitivity or special characters allowed. use of words in any form as you password would be extremely careless and your account easily stolen. (that is in general to reds question and not aimed at anyone as I dont know anyones who's account has been hackeds circumstances)

^^^ sorry long winded post and no time to check if its readable or makes sense lol

in short always follow personal computer safety set out several places in this forum and you are very unlikely to be hacked

Follow simple password security ( i know some people used to laugh at me when i sent them new passwords on the forum, because they are so hard to remember - and i was pretty stupid and didnt follow my own advice recently after forgetting one of my pw's) but on things like this forum where you can use symbols and letters numbers etc.. use something like **6yYe(oPh£rtnm7!" (hope i didnt guess someones password lol) and you will never have ur pw cracked on something like rs where case sensitivity is off and no symbols are allowed use a good number and letter mix, and make sure the numbers arent commonly used together, 123 747 818 etc.. and the letters are not words! and u will not be cracked

[Draco Ea]

As an IT-professional (at least thats what my boss tell our customers and personnel) I can say there is only 1 way to avoid security-issues with any PC, smartphone, . . . : remove the (fleshy) obstacle between the keyboard and the chair.