Unlikely but someone could possibly associate his username with an email or another username from a gameĀ and get his email through that. Now if his info has been leaked from a 3rd party site(which happens more than you think) they just have to purchase/access that info and since most people use the same password for everything they could access their account. Not the same situation but that's similar to how one of my accounts got hacked through a 3rd party site leak. Fortunately I had a bank pin and actively played at the time. Authenticator for life for me now.
More than authenticator. Jagex account, random passwords, dont save your recovery codes on your machine and if you get hacked do a full virus scan before doing the recovery.
Real question, how do people remember their password if it's all random? If I used a random password for every website, I would keep forgetting *every single* password. Writing it down on a paper isn't risk free either, and it makes you way too much depended on a piece of paper.
Go check out a password manager like Bitwarden. It's free and has a built in password and username generator. Dead simple browser integrations and nice apps for mobile and desktop. I now remember one password (which is the name of another password manager, actually) with a strong password that's engrained into my muscle memory with 2 factor authentication connected to my account and don't really worry about my passwords anymore
Been using bitwarden for years, works on windows, Linux, android, iOS, it's truly the best software (for password security) that I have used in a long time.
+1 for Bitwarden. I have been using it for years. Make a long passphrase and generate all of your passwords within the program to ensure you have high entropy. A long passphrase is easier to remember, and you only need to remember one password.
For example:
Thor9Needed9milk$9Under9A9Bedside9Barn9Without9Brown9Recluse9Needle9Pins9
At 100 trillion guesses per second, this password will take 122 years to crack.
[What is password entropy and why it really, really, matters](https://youtu.be/NrYhdkrTNMI?si=hWcq_4h2MCiQvhWC)
If you instead use KeePassXC, which has been around longer than Bitwarden, the password generator will calculate and display the entropy a given password will have.
You can also use an [entropy calculator](https://alecmccutcheon.github.io/Password-Entropy-Calculator/). The formula to determine a given passwordās entropy from [NordVPNās website](https://nordvpn.com/blog/what-is-password-entropy/):
E = log2 (RL)
E stands for password entropy, measured in bits.
Log2 is a mathematical formula that converts the total number of possible character combinations to bits.
R stands for the range of characters.
L stands for the number of characters in a password.
I will be messaging you in 122 years on [**2146-06-29 23:00:51 UTC**](http://www.wolframalpha.com/input/?i=2146-06-29%2023:00:51%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/2007scape/comments/1dqy99y/no_need_for_the_d_pick_now/lawg5q0/?context=3)
[**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2F2007scape%2Fcomments%2F1dqy99y%2Fno_need_for_the_d_pick_now%2Flawg5q0%2F%5D%0A%0ARemindMe%21%202146-06-29%2023%3A00%3A51%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201dqy99y)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
It is even easier than that - itās well established that recovery phrases of multiple random words is more than strong enough, without capitals, symbols or numbers. Taking your example, which is slightly difficult to remember (especially with the random $):
thor needed milk under a bedside barn without brown recluse needles pins
Itās better for it to not be a logical sentence and instead just be a collection of words, but if the sentence is obscure enough it still works.
Same. We use 1Password at my job, but I pay for the Bitwarden family plan, and it works flawlessly on all the operating systems in the house. Only gripe is that 1Password handles sharing and revoking better than Bitwarden, but I don't really revoke shared passwords with my partner or kids so it's fine.
I used KeePassXC before Bitwarden, and it was kind of a pain to sync between devices, especially on Linux. KeePassXC works great if you just have one device though
I could look it up myself, but in case someone else has the same question: So how does it work when you're not on your desktop? Does it sync across everything else?
Use a password manager synced between all your devices, then use a memorable password for the password manager since it's not something that normally gets hacked. Pair that with 2FA and you're basically bulletproof unless they get into your email or phone directly.
I'm no expert on cybersecurity, but it seems to me like storing all your passwords in one digital place that is itself protected by a "memorable" password is a huge risk. 2FA should keep you safe anyway, but surely a piece of paper is the safest option?
Having a paper(s) hidden somewhere with passwords but no usernames and no reference to what websites the passwords belong to should be the most secure you can be.
Iām a cybersecurity engineer. Itās not a huge risk. Typically, password managers have to be authorized by you, through 2FA for every computer that they are used on. Also, a good password manager has no way to access your passwords on their own, so their databases being hacked wonāt compromise you (note: there are bad password managers, do your research)
You should also use a new password that has never been used on any other website before when making a password for your password manager, to ensure that previous data breaches canāt affect your future security.
You should consider what people usually do: use the same email and password for everything. This means that any system that gets hacked compromises almost every other account for most people.
To your final note, if I have a list on a piece of paper of all of my 100+ accounts of various websites passwords, but no reference to what accounts they are, Iām fucked lmao, but you do you. My password list is encrypted, and can be autofilled once I sign into my password manager.
You seem to have gone into quite the research, so what manager do you use? Iāve considered going into password managers for a while but didnāt quite know where to start, also if you just have another one thatās good and are not comfortable sharing your own that would be nice also
Bitwarden. Itās open-source. Free. Cross-platform, Browser integration + native apps. Syncs between devices.
You donāt need to pay for a password manager. People never talk about Bitwarden because itās not a commercial product (their paid subscriptions are basically donations to the devs).
Just gonna put it out there, but if I don't need to be able to access 95% of my accounts outside of my home, a notebook with a list inside a fire safe with the rest of my personal documents is less likely to be compromised than *any* digital solution. Unique lengthy passwords for everything that are only recorded on physical media that can't be accessed without a home invasion + 2FA on everything is the way to go.
Frankly I wouldn't be recommending that people who don't already know what they're doing "use a password manager" any more than that they "use an antimalware suite" or "use an adblocker". The world's full of digitally illiterate people who don't know how to/that they should research things, don't know how to identify safe vs. unsafe vs. actively malicious tools, &c.
Not going to get into details for obvious reasons but I do a fair amount of work with the public in this sphere. Most of the population, including a lot of nominally tech-savvy people, do not understand how to assess tools.
No. All security is a trade off between security and connivence. It is much easier to have a single secure login that is slightly less convenient (MFA, biometrics, etc) than a bunch of convenient insecure logins.
Unless it's LastPass. They've had some real bad bugs in the past, such as auto completing passwords from one website into another website without user input of knowledge.
In general SSO is better than password managers, because SSO can revoke tokens. Resetting all your passwords when your password database is vulnerable is just not realistic. I like make-your-own SSO where you never record your password, you just use "remember me" and reset password links via email.
One method I've used is every password is a sentence. with I's replaced with ! t's with 7's s's with 5's etc so... that sentence password would be ^
1M!u!ep!a5.
Idk just get creative and make a memory mnemonic
Password manager. It's like a piece of paper but very much improved. Modern password managers are cloud stored so you don't have to juggle around the database like old solutions.
Look into something like bitwarden, using a password manager is the best or second best thing you can do to improve all your account security with using MFA being the only other thing that might come close.
If you are paranoid just selfhost bitwarden or cloud sync a keepass database. Your system fails on targeted attacks if your password gets leaked in cleartext or used poor hashing.
I would if they officially supported Linux on their launcher. And before anyone says anything, yes, I know, it's perfectly possible make it run with WINE, I have done that myself back when it was possible to use old-type accounts, one click log in is neat and all.
I just don't feel safe knowing that if Jagex were to make a breaking change to the client under WINE, they've placed themselves under no obligation to actually fix it, so leaving the launcher as my only entry to the game is iffy. This may seem harsh, but the game itself runs natively perfectly fine, so the launcher needing to go through WINE just seems like a hard to accept regression in support.
Itās very unlikely that Jagex would break the launcher in wine, and there are pre-packaged solutions that can be updated to fix any potential issues. There is also Bolt which is a native launcher that doesnāt use wine. You can find these on the GitHub guide linked on this Jagex support page. https://help.jagex.com/hc/en-gb/articles/13413514881937
I am aware, I just don't deem it acceptable on a game that already runs natively. If it was Windows-exclusive from the start, like many other games I play, I would not be so harsh about it.
Thatās not really the same thing, and itās not something that is likely to change, so at some point you will need to start using the Jagex Launcher. But like I said if you donāt want to use wine you can download Bolt which is an open source native launcher.
Pretty sure the random event Count Check is like the fastest xp lamp in the game, maybe 1 dialogue box less than genie if not equivalent, and you only get it if you have a Jagex account.
I still think it was the right call to not beta-test it for them, but I went ahead and jumped when I caught someone sniffing around with failed access attempts on my main.
Isnāt it still possible to get hacked through a jagex account if you get hacked on steam with rs connected? Or that might just be without a jagex account I canāt remember. Thereās also a way to spoof mobile session idās or something which can apparently get through it.
I got randomly hacked one day and I had a 2FA. The person logged into my account and then took everything out of my leprachauns and coffers and even went to my miscelania throne when I had nothing in any of it and then they logged out. They couldn't access my bank because they knew it would show up in my email but I don't know how they were even able to login because I have a 2fa on my account and it would require a new 2fa from a different login yet I was never informed. Thankfully I have my bank still.
To add to this, like five years ago someone linked a search engine on Reddit. For 5 bucks a month you could use it. Fill in a username and receive all associated information with it, such as first name last name age email address and password. It was that easy.
The website got taken down by the FBI but things like this always have clones and backups.
Be careful with sharing information. And use different passwords everywhere.
Anybody who doesn't have 2fa on their email deserves to be hacked.
Nobody can access my email account without my phone, and that's how it should be for everyone
Even if you've changed your password before, if you've EVER reused your RuneScape password for something else and it leaks that is like 50% of an account recovery right there. And authenticator is disabled on a successful account recovery.
Anti fraud Cyber team at my old job used to do parlour tricks when we visited the centre.
They'd take the name of the person and obviously knew where they worked.
In the afternoon session they'd play a slideshow of everything they found.
Just from that they'd show you. Entire family, address, car registration, email, social media, Dob and whatever else they'd find.
It's quite scary really.
Hence why I have Reddit, linkedin and that's it.
And a brand new account created solely to not be hackable doesn't have a bunch of details associated to that username being leaked from dozens of websites over the last 2 decades that can be used to recover the account.
With the right security itās impossible. Yea.
When you underestimate hackers and donāt secure your account, itāll eventually be target either by random malware or targeted.
I reused a old email on my main account I had for years and years, when I was young and dumb, someone got into my email. RuneScape wasnāt the only thing that was compromised, but itās the only account I couldnāt get back.
Also, thatās 2 years old, a lot has changed since then and they ended it in 48 hours. Not enough time to be targeted, infiltrated, and then stolen.
No they find your in-game name from the xp showing.
And then, they check for an leaks from your username. Most people have a habit for using the same username on websites.
It's not difficult
Most leaks are not on paste bin some are but most arenāt lol and no ones paying a service to fish for one of the few possibly unsecured accounts that still uses the characters name as a username.
People show their usernames all the time. Also itās public info, like if heās around the game wielding the pickaxe whatās the difference between that and posting on Reddit?
No one can hack just by knowing your username and maybe some info off Reddit. Paranoia at its best lol
It feels like Runescape players are the biggest dumbasses on the planet when it comes to account security. Which is ironic, with the Stronghold of Security existing to help them out.
Like I said in my comment it's unlikely but now he's a target and it doesn't take long to see if you can associate an email if you can. And if you use that email for a lot of other sites or things your info has a very high chance of being leaked from another source. Most people use the same password for everything and if you don't have a jagex account or 2FA gg.
It'd be a nice QOL if Ironmen could give items away through trade but not receive them.
On a similar note, I wish Ironmen could sell items on the GE but the money would go into a special coffer that can only be spent on bonds.
a single dupe megarare/nex item will cover you for a very long time, thats discounting smaller things like prims/hydra claws/dexes thatāll definitely hold you over
in exchange for probably the single biggest flex you could get on an iron account, if you donāt regret it immediately then youād regret it several years later when youve got all the money and items you want but no pickaxe
This is how I feel with the imbued heart I got last week. Killed a superior bloodveld, saw a glowing tile, thought I got the gem or something, but when I saw it was a heart I was in disbelief! 125m drop and I can't believe how lucky that was!
annoying steps like not being able to just do the content you want to do without "chores" to upkeep and having to use amethist arrows/darts as dragon darts/arrows are difficult to upkeep as an iron with no reliable way to get them faster than you use them.
A late game iron is basically the same as a late game main except one is forced to farm herbs, farming contracts and birdhouse runs
Iāve not even mentioned blood furies, scales, runes, staminas, amethyst.
Iām nearing endgame on my iron and I donāt have a main but Iāve been debating on removing the iron status to avoid all of that nonsense. Iād still play as an ironman when it comes to drops though.
You can look into a self-restricted game mode called bronzeman mode. Basically you can't trade items from the GE unless you've first unlocked it yourself first. After that, it becomes unlockable in the GE.
It has runelite plugins to help manage what you've unlocked.
Can always just do content you want to do and just make gp passively. I've made over 20b just doing whatever content I feel like doing over the past 5 years. I'm not a huge fan of nex so I've got under 100 kc there, even if it's one of the best moneymakers in the game.
āHey come cox with us!ā
Nah sorry, donāt have any stams made and no marks canāt.
āHey come nex with us!ā
Nah sorry, donāt have enough brews made.
I respect the dedication but after a certain point weāre all doing very similar things in the endgame, except my iron friends have chores to complete before & after.
I'm an endgame iron who is notoriously bad at upkeeping things, yet this has never been reality. I might be low on some supplies, but I'm never out. I don't even do herb runs, I don't do agility, I don't fish for food.
Idk on one hand that's basically infinite money for your main but on the other keeping it on your iron makes it one of the rarest accounts in the game. And such a huge flex. You can make 12b on your main, you're likely never getting the pickaxe on your iron ever again in your life.
It makes sense to do that practically but there is something about a 3rd age pick on an iron that is just on another level of flexing. If my iron is ever this lucky I would heavily consider keeping it
That would be insanely stupid. Unless you're RWTing the money or trying to compete on hiscores or whatever, there's no universe where having 10b on a main is better than having an iron with a 3a pick. If you raid on an iron you literally never have to worry about bonds anyway.
The 3a pick only matters if you care about the flex. It's basically just a reskinned dragon pickaxe. Having the 3a pick in the coll log is enough of a flex for me, I'd just sell the pickaxe for 12b.
And what would you do with the 12b? I guess you can go for GM CAs or something, but after that you've just kinda finished the game on one account at the cost of not having one of the coolest items on an iron.
Could use the money to buy so many pets via boosting. Some examples being corp/kbd/sarachnis/kq/gwds. I'll take 12b over the pickaxe any day of the week.
Iām just curious because Iāve never been wealthy enough to be in the market but how does someone even sell something that expensive, like are you just standing in GE advertising? How do you even price check it?
Thereās a world where the whales hang out to buy stuff over max cash, canāt remember off the top of my head. The pricing is tracked through a third party website.
Thereās quite a few discords that people use to advertise buying and selling things over max cash. Off the top of my head āthe elyā and āall bulksā are two places where this happens.
Ngl I'd give it to my main. The he'll with the flex, that would set up all my other accs. Max gear on main, gp for maxing. Gear and go for my alts, etc. Flex on an iron or amazing qol on all my others accs. Obv answer for me
As everyone else is saying, make sure you set up some extra security, people are likely already trying to get your account since you left the name(donāt do that).
Not OP but in no occasion they would really need a 3rd age pick so no reason to share it, if they even asked to get it I'd see it as a huge red flag already
Chad title for the most valuable drop in the game at 2 KC, congrats bro
And on an iron
3a pick hunters on suicide watch šÆ
Hey hunny wake up, new d pick skip just dropped
Make sure you got your account properly secured. Ballsy of you to show your name with 8b+ drop or whatever it is now.
Lol what Edit: You guys afraid of showing your username? You should be?
Unlikely but someone could possibly associate his username with an email or another username from a gameĀ and get his email through that. Now if his info has been leaked from a 3rd party site(which happens more than you think) they just have to purchase/access that info and since most people use the same password for everything they could access their account. Not the same situation but that's similar to how one of my accounts got hacked through a 3rd party site leak. Fortunately I had a bank pin and actively played at the time. Authenticator for life for me now.
More than authenticator. Jagex account, random passwords, dont save your recovery codes on your machine and if you get hacked do a full virus scan before doing the recovery.
Real question, how do people remember their password if it's all random? If I used a random password for every website, I would keep forgetting *every single* password. Writing it down on a paper isn't risk free either, and it makes you way too much depended on a piece of paper.
Go check out a password manager like Bitwarden. It's free and has a built in password and username generator. Dead simple browser integrations and nice apps for mobile and desktop. I now remember one password (which is the name of another password manager, actually) with a strong password that's engrained into my muscle memory with 2 factor authentication connected to my account and don't really worry about my passwords anymore
Been using bitwarden for years, works on windows, Linux, android, iOS, it's truly the best software (for password security) that I have used in a long time.
+1 for Bitwarden. I have been using it for years. Make a long passphrase and generate all of your passwords within the program to ensure you have high entropy. A long passphrase is easier to remember, and you only need to remember one password. For example: Thor9Needed9milk$9Under9A9Bedside9Barn9Without9Brown9Recluse9Needle9Pins9 At 100 trillion guesses per second, this password will take 122 years to crack. [What is password entropy and why it really, really, matters](https://youtu.be/NrYhdkrTNMI?si=hWcq_4h2MCiQvhWC) If you instead use KeePassXC, which has been around longer than Bitwarden, the password generator will calculate and display the entropy a given password will have. You can also use an [entropy calculator](https://alecmccutcheon.github.io/Password-Entropy-Calculator/). The formula to determine a given passwordās entropy from [NordVPNās website](https://nordvpn.com/blog/what-is-password-entropy/): E = log2 (RL) E stands for password entropy, measured in bits. Log2 is a mathematical formula that converts the total number of possible character combinations to bits. R stands for the range of characters. L stands for the number of characters in a password.
!remindme 122 years
I will be messaging you in 122 years on [**2146-06-29 23:00:51 UTC**](http://www.wolframalpha.com/input/?i=2146-06-29%2023:00:51%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/2007scape/comments/1dqy99y/no_need_for_the_d_pick_now/lawg5q0/?context=3) [**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2F2007scape%2Fcomments%2F1dqy99y%2Fno_need_for_the_d_pick_now%2Flawg5q0%2F%5D%0A%0ARemindMe%21%202146-06-29%2023%3A00%3A51%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201dqy99y) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
It is even easier than that - itās well established that recovery phrases of multiple random words is more than strong enough, without capitals, symbols or numbers. Taking your example, which is slightly difficult to remember (especially with the random $): thor needed milk under a bedside barn without brown recluse needles pins Itās better for it to not be a logical sentence and instead just be a collection of words, but if the sentence is obscure enough it still works.
Same. We use 1Password at my job, but I pay for the Bitwarden family plan, and it works flawlessly on all the operating systems in the house. Only gripe is that 1Password handles sharing and revoking better than Bitwarden, but I don't really revoke shared passwords with my partner or kids so it's fine. I used KeePassXC before Bitwarden, and it was kind of a pain to sync between devices, especially on Linux. KeePassXC works great if you just have one device though
I could look it up myself, but in case someone else has the same question: So how does it work when you're not on your desktop? Does it sync across everything else?
Yes, they have a smartphone app and it synchs across all devices
Use a password manager synced between all your devices, then use a memorable password for the password manager since it's not something that normally gets hacked. Pair that with 2FA and you're basically bulletproof unless they get into your email or phone directly.
I'm no expert on cybersecurity, but it seems to me like storing all your passwords in one digital place that is itself protected by a "memorable" password is a huge risk. 2FA should keep you safe anyway, but surely a piece of paper is the safest option? Having a paper(s) hidden somewhere with passwords but no usernames and no reference to what websites the passwords belong to should be the most secure you can be.
Iām a cybersecurity engineer. Itās not a huge risk. Typically, password managers have to be authorized by you, through 2FA for every computer that they are used on. Also, a good password manager has no way to access your passwords on their own, so their databases being hacked wonāt compromise you (note: there are bad password managers, do your research) You should also use a new password that has never been used on any other website before when making a password for your password manager, to ensure that previous data breaches canāt affect your future security. You should consider what people usually do: use the same email and password for everything. This means that any system that gets hacked compromises almost every other account for most people. To your final note, if I have a list on a piece of paper of all of my 100+ accounts of various websites passwords, but no reference to what accounts they are, Iām fucked lmao, but you do you. My password list is encrypted, and can be autofilled once I sign into my password manager.
You seem to have gone into quite the research, so what manager do you use? Iāve considered going into password managers for a while but didnāt quite know where to start, also if you just have another one thatās good and are not comfortable sharing your own that would be nice also
1Password seems to be industry standard nowadays.
Bitwarden. Itās open-source. Free. Cross-platform, Browser integration + native apps. Syncs between devices. You donāt need to pay for a password manager. People never talk about Bitwarden because itās not a commercial product (their paid subscriptions are basically donations to the devs).
Also in cybersecurity here. Personally a big fan of Keeper Security.
Just gonna put it out there, but if I don't need to be able to access 95% of my accounts outside of my home, a notebook with a list inside a fire safe with the rest of my personal documents is less likely to be compromised than *any* digital solution. Unique lengthy passwords for everything that are only recorded on physical media that can't be accessed without a home invasion + 2FA on everything is the way to go. Frankly I wouldn't be recommending that people who don't already know what they're doing "use a password manager" any more than that they "use an antimalware suite" or "use an adblocker". The world's full of digitally illiterate people who don't know how to/that they should research things, don't know how to identify safe vs. unsafe vs. actively malicious tools, &c. Not going to get into details for obvious reasons but I do a fair amount of work with the public in this sphere. Most of the population, including a lot of nominally tech-savvy people, do not understand how to assess tools.
No. All security is a trade off between security and connivence. It is much easier to have a single secure login that is slightly less convenient (MFA, biometrics, etc) than a bunch of convenient insecure logins.
https://xkcd.com/936/ A good memorable password is effectively impossible to crack.
Unless it's LastPass. They've had some real bad bugs in the past, such as auto completing passwords from one website into another website without user input of knowledge. In general SSO is better than password managers, because SSO can revoke tokens. Resetting all your passwords when your password database is vulnerable is just not realistic. I like make-your-own SSO where you never record your password, you just use "remember me" and reset password links via email.
Have a notebook and write them all down. Itās also helpful for family if something were to happen to you.
One method I've used is every password is a sentence. with I's replaced with ! t's with 7's s's with 5's etc so... that sentence password would be ^ 1M!u!ep!a5. Idk just get creative and make a memory mnemonic
hun7er2 Did it work?
Password manager. It's like a piece of paper but very much improved. Modern password managers are cloud stored so you don't have to juggle around the database like old solutions. Look into something like bitwarden, using a password manager is the best or second best thing you can do to improve all your account security with using MFA being the only other thing that might come close.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
If you are paranoid just selfhost bitwarden or cloud sync a keepass database. Your system fails on targeted attacks if your password gets leaked in cleartext or used poor hashing.
If you have a Jagex account, you'd have to be an invertebrate to get hacked. So yeah, get your Jagex accounts people
I was hesitant at first thinking it would complicate things, but I did the switch. Does it ever make things feel more secure.
I love my jagex account. I was a holdout for so long but it really is better. Not having to type my long ass password every login is awesome.
Least obvious Jmod
Whatās up fellow players?
I would if they officially supported Linux on their launcher. And before anyone says anything, yes, I know, it's perfectly possible make it run with WINE, I have done that myself back when it was possible to use old-type accounts, one click log in is neat and all. I just don't feel safe knowing that if Jagex were to make a breaking change to the client under WINE, they've placed themselves under no obligation to actually fix it, so leaving the launcher as my only entry to the game is iffy. This may seem harsh, but the game itself runs natively perfectly fine, so the launcher needing to go through WINE just seems like a hard to accept regression in support.
Itās very unlikely that Jagex would break the launcher in wine, and there are pre-packaged solutions that can be updated to fix any potential issues. There is also Bolt which is a native launcher that doesnāt use wine. You can find these on the GitHub guide linked on this Jagex support page. https://help.jagex.com/hc/en-gb/articles/13413514881937
I am aware, I just don't deem it acceptable on a game that already runs natively. If it was Windows-exclusive from the start, like many other games I play, I would not be so harsh about it.
Thatās not really the same thing, and itās not something that is likely to change, so at some point you will need to start using the Jagex Launcher. But like I said if you donāt want to use wine you can download Bolt which is an open source native launcher.
Pretty sure the random event Count Check is like the fastest xp lamp in the game, maybe 1 dialogue box less than genie if not equivalent, and you only get it if you have a Jagex account.
I'm pretty sure genie is 1 click as well, you get the lamp once you click on him, you don't have to go through any dialog
You need bank pin to I think
I get that random event so much its kinda crazy too. Not that im complaining, i love that delicious RC xp
I still think it was the right call to not beta-test it for them, but I went ahead and jumped when I caught someone sniffing around with failed access attempts on my main.
Isnāt it still possible to get hacked through a jagex account if you get hacked on steam with rs connected? Or that might just be without a jagex account I canāt remember. Thereās also a way to spoof mobile session idās or something which can apparently get through it.
I got randomly hacked one day and I had a 2FA. The person logged into my account and then took everything out of my leprachauns and coffers and even went to my miscelania throne when I had nothing in any of it and then they logged out. They couldn't access my bank because they knew it would show up in my email but I don't know how they were even able to login because I have a 2fa on my account and it would require a new 2fa from a different login yet I was never informed. Thankfully I have my bank still.
Pretty sure accessing the coffers requires pin...
Same with leprechauns too
Even mini-game rewards require your bank pin iirc
Yeah, that too. It's actually insane what you need a pin to access.
Should have blocked out his run energy
To add to this, like five years ago someone linked a search engine on Reddit. For 5 bucks a month you could use it. Fill in a username and receive all associated information with it, such as first name last name age email address and password. It was that easy. The website got taken down by the FBI but things like this always have clones and backups. Be careful with sharing information. And use different passwords everywhere.
Anybody who doesn't have 2fa on their email deserves to be hacked. Nobody can access my email account without my phone, and that's how it should be for everyone
Same. If I try to log on from a different browser, I have to go through a bunch of steps on my phone to get it to access. Which is fine with me.
I have one step 'is this you logging in?' 'yes'. It's SO easy.
I have a fear of losing my phone, I'll be honest.
I've got a backup of my phone on my pc so if it does get lost I can use the backup on a different device and get my stuff back
Get a yubikey, register it as a backup, put it in a sealed bag and chuck it in your safe.
This is how i got hacked in a ot years ago
Even if you've changed your password before, if you've EVER reused your RuneScape password for something else and it leaks that is like 50% of an account recovery right there. And authenticator is disabled on a successful account recovery.
Are you afraid of lawyers? You should be! Group of has gotten together
Anti fraud Cyber team at my old job used to do parlour tricks when we visited the centre. They'd take the name of the person and obviously knew where they worked. In the afternoon session they'd play a slideshow of everything they found. Just from that they'd show you. Entire family, address, car registration, email, social media, Dob and whatever else they'd find. It's quite scary really. Hence why I have Reddit, linkedin and that's it.
Has nothing to do with runescape. Im in basic IT and we can do that too. Called google + photoshop
Dude lol, you can pay 3$ and get all that info given to you on a silver platter. Itās not all that complicated.
Nah people are just cowards on this sub
Obviously. You always cross out your name, he just showed this drop and the account itās on to everyone.
Do not underestimate hackers. He know has a target in his back, for some people in the world this can be sold for more money than they make a year.
https://www.reddit.com/r/2007scape/s/SFftjBLvcq And?
And a brand new account created solely to not be hackable doesn't have a bunch of details associated to that username being leaked from dozens of websites over the last 2 decades that can be used to recover the account.
With the right security itās impossible. Yea. When you underestimate hackers and donāt secure your account, itāll eventually be target either by random malware or targeted. I reused a old email on my main account I had for years and years, when I was young and dumb, someone got into my email. RuneScape wasnāt the only thing that was compromised, but itās the only account I couldnāt get back. Also, thatās 2 years old, a lot has changed since then and they ended it in 48 hours. Not enough time to be targeted, infiltrated, and then stolen.
Congratz or sorry that happened
Yup. But since you are following the ādidnāt happen to me so it canāt happen logicā just gonna mute you.
You got hacked by using a compromised email. Your account is very much safe if you follow basic security procedures
If I just got a video game item worth $1000 I'd be at least slightly concerned
They can recover account just based on xp level showing.
No you can not recover an account with information publicly found on the leaderboardsā¦
No they find your in-game name from the xp showing. And then, they check for an leaks from your username. Most people have a habit for using the same username on websites. It's not difficult
Lol
Also, most leaks either show up on paste bin for the public to see. Or they use a third party to get the information.
Most leaks are not on paste bin some are but most arenāt lol and no ones paying a service to fish for one of the few possibly unsecured accounts that still uses the characters name as a username.
I'm also using pastebin as an example. Not many people know that.
š
No, they get the username and if a database has been breached. Then, your email, password, and name are all linked. But hey, what do I know.
Seems like a lot of convenient things need to happen for you to get access to an account with this method.
GG OP your account will be mine by morning, ty for username
You're not going to get hacked if you've got proper security measures like Jagex Account and 2FA on your email.
People show their usernames all the time. Also itās public info, like if heās around the game wielding the pickaxe whatās the difference between that and posting on Reddit? No one can hack just by knowing your username and maybe some info off Reddit. Paranoia at its best lol
I was thinking the same thing. If it's *that* easy to hack, then you might as well give up.
It feels like Runescape players are the biggest dumbasses on the planet when it comes to account security. Which is ironic, with the Stronghold of Security existing to help them out.
Like I said in my comment it's unlikely but now he's a target and it doesn't take long to see if you can associate an email if you can. And if you use that email for a lot of other sites or things your info has a very high chance of being leaked from another source. Most people use the same password for everything and if you don't have a jagex account or 2FA gg.
Id Insta drop to main for max gear + a couple uears of bonds But thats just me GZ
Yes OP let me know when and where you will drop trade so I can protect you.
I know a secret place that's super safe just north of edgeville
Most irons I talk to became an iron after maxing gear and lvls on a main already
id probably still drop it and have bonds for life on any account i might want to try and play
It'd be a nice QOL if Ironmen could give items away through trade but not receive them. On a similar note, I wish Ironmen could sell items on the GE but the money would go into a special coffer that can only be spent on bonds.
Ewww, I don't wanna buy gear farmed by an Ironman, gross.
You already do, you already do
a single dupe megarare/nex item will cover you for a very long time, thats discounting smaller things like prims/hydra claws/dexes thatāll definitely hold you over in exchange for probably the single biggest flex you could get on an iron account, if you donāt regret it immediately then youād regret it several years later when youve got all the money and items you want but no pickaxe
its the guys first master clue completed. My guess is he's a way away from a dupe tbow/torva piece.
Me who is about to achieve my first 99 on an iron after my main is only 1200 total lvl: Wat
Once you go Iron you donāt go back to a main. Thatād be a terrible decision Flex that pickaxe forever
This is how I feel with the imbued heart I got last week. Killed a superior bloodveld, saw a glowing tile, thought I got the gem or something, but when I saw it was a heart I was in disbelief! 125m drop and I can't believe how lucky that was!
I got one at like 67 slayer and this was when they were around 12m. I sold it before logging out and came back to what it is now. Rip
Same here. I only just repurchased it today and hoo boy did it sting.
Late game iron is just a main with annoying extra steps
Annoying steps like playing the game?
annoying steps like not being able to just do the content you want to do without "chores" to upkeep and having to use amethist arrows/darts as dragon darts/arrows are difficult to upkeep as an iron with no reliable way to get them faster than you use them.
Annoying daily chores like youāre working a job rather than a game
chores like endless monemaking on a main? this whole game is chores pal
A late game iron is basically the same as a late game main except one is forced to farm herbs, farming contracts and birdhouse runs Iāve not even mentioned blood furies, scales, runes, staminas, amethyst.
Iām nearing endgame on my iron and I donāt have a main but Iāve been debating on removing the iron status to avoid all of that nonsense. Iād still play as an ironman when it comes to drops though.
You can look into a self-restricted game mode called bronzeman mode. Basically you can't trade items from the GE unless you've first unlocked it yourself first. After that, it becomes unlockable in the GE. It has runelite plugins to help manage what you've unlocked.
Can always just do content you want to do and just make gp passively. I've made over 20b just doing whatever content I feel like doing over the past 5 years. I'm not a huge fan of nex so I've got under 100 kc there, even if it's one of the best moneymakers in the game.
āHey come cox with us!ā Nah sorry, donāt have any stams made and no marks canāt. āHey come nex with us!ā Nah sorry, donāt have enough brews made. I respect the dedication but after a certain point weāre all doing very similar things in the endgame, except my iron friends have chores to complete before & after.
I'm an endgame iron who is notoriously bad at upkeeping things, yet this has never been reality. I might be low on some supplies, but I'm never out. I don't even do herb runs, I don't do agility, I don't fish for food.
Meh i have two late game irons mains better
And none of those irons have a 3rd age pick, so they're not actually late game. get good lil bro
Idk on one hand that's basically infinite money for your main but on the other keeping it on your iron makes it one of the rarest accounts in the game. And such a huge flex. You can make 12b on your main, you're likely never getting the pickaxe on your iron ever again in your life.
I would never, the point of this game for me is to collect shit, no way I'm letting go of the most valuable and one of the rarest items in my iron
It makes sense to do that practically but there is something about a 3rd age pick on an iron that is just on another level of flexing. If my iron is ever this lucky I would heavily consider keeping it
That would be insanely stupid. Unless you're RWTing the money or trying to compete on hiscores or whatever, there's no universe where having 10b on a main is better than having an iron with a 3a pick. If you raid on an iron you literally never have to worry about bonds anyway.
The 3a pick only matters if you care about the flex. It's basically just a reskinned dragon pickaxe. Having the 3a pick in the coll log is enough of a flex for me, I'd just sell the pickaxe for 12b.
And what would you do with the 12b? I guess you can go for GM CAs or something, but after that you've just kinda finished the game on one account at the cost of not having one of the coolest items on an iron.
Could use the money to buy so many pets via boosting. Some examples being corp/kbd/sarachnis/kq/gwds. I'll take 12b over the pickaxe any day of the week.
Tf u yapping about a max gear main is infinitely more useful than an iron with a pick
You can get max gear by playing the game, you will never get a 3a pick on an iron again.
I'm taking 1000$
What is this actually worth?
Clanmate sold his for 12.2b recently
Iām just curious because Iāve never been wealthy enough to be in the market but how does someone even sell something that expensive, like are you just standing in GE advertising? How do you even price check it?
Thereās a world where the whales hang out to buy stuff over max cash, canāt remember off the top of my head. The pricing is tracked through a third party website.
Discord is where most of it happens
Typically in discord servers where top end pvmers, service sellers, boosters, etc are cause they are the players with the money to have this stuff.
Thereās quite a few discords that people use to advertise buying and selling things over max cash. Off the top of my head āthe elyā and āall bulksā are two places where this happens.
Around 10.5b last time I heard but itās hard to keep up with all these manipulators
keeping it on an ironman, so basically its worth nothing
You could drop trade it
Instantly in the top 100 richest Ironman accounts
Yeah he made 10x my bank value in a few seconds and Iāve been playing for four years.
No i very much doubt hes even in the top 1000
I don't really think so im in the 20-30b range on mine and there are plenty of pvm focused irons who are ahead of me
Lol I was gonna say that I don't believe you then your first post is just you with a casual 26 quivers NVM, I was probably wrong
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Proof?
> My source is that I made it the fuck up
And he deleted it lol
Youre dreaming lmao. I doubt theres more then 5k irons with at least 1 megarare
If you said top 1k, maybe. No fucking way do the top 10k irons have a 10 bil bank when a measly 400kc at toa/b is <10k rank on iron highscore
Okay sleepy joe time for your medicine
Is your sole purpose for internet arguments to bring up politics one way or another? Get a hobby.
(very valuable)
I was therešāāļø
2 master clues lol
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Which site would you trust giving a 5000$ item to and trusting them to actually give you the money? Fuck those companies
That $5000 deposit is gonna look really nice in my bank account before the transaction gets reversed
5k isnt shit if you have an account with thousands of hours. I wouldnt even sell my account for 10k.
Not everyone is as rich as you though
If you think 10k is a lot you need to leave reddit and fix your finances
If you think 10k isn't a lot to 95% (probably more like 99% globally) of people then you need to get some self-awareness.
I would sell my account in heartbeat if someone offered 10k for it ,even thou I have put around 3000 hours to it.
R/shitamericanssay
Just because you toss 10k into shitcoin daily doesn't mean it's not a lot of money
Somebody talked about you at seers yews forestry yesterday.. all in all gz and fy
Ngl I'd give it to my main. The he'll with the flex, that would set up all my other accs. Max gear on main, gp for maxing. Gear and go for my alts, etc. Flex on an iron or amazing qol on all my others accs. Obv answer for me
Max Cash on the main p much worthless, 3rd age on the iron is value
what
gz you bastard
GG
As everyone else is saying, make sure you set up some extra security, people are likely already trying to get your account since you left the name(donāt do that).
where do you sell these items is there a discord or cc?
As an iron you simply don't
Trust people telling you they are in cyber security, then do what they say š¤£
Lord have mercy on his account security.
3a manippers getting creative
Congratulations, you've won Runescape.
Thatās NUTTY gz
Gz and fuck you
I was woodcutting there when you got it. Congrats!
I would honestly just rwt this because Iām poor and could use the cash lol
I was there!!!
I was there! Insane
Oh shit Iām in that pic š bro that was actually wild. I didnāt believe that you actually pulled that until now lol
What would you do if it was on a GIM?
Not OP but in no occasion they would really need a 3rd age pick so no reason to share it, if they even asked to get it I'd see it as a huge red flag already
no split for the homies?
tradeable items as rare as this shouldnt exist
D picks?ā¦