...to the man who distrusts himself. - François La Rochefoucauld
Do I distrust myself? Absolutely, I'm only human. Like many of you, I have put many hours of work into my account and would never want someone to take that away from me. However, we all know there are others out there focused on taking what doesn't belong to them from us. As I write this article, Jagex provides eight security tips (each with more information than I’ve provided in the list) to their players:
- Do NOT tell other players personal information
- Think before using your password.
- Watch out for fake websites!
- Don't use unofficial RuneScape add-ons.
- Watch out for fake emails, and fake staff!
- Do NOT share your RuneScape account with anyone else!
- Make sure your computer is secure!
- Protecting your computer from spyware (unwanted advertising and tracking).
These tips that Jagex has provided to players are certainly beneficial. However, they lack a personal element to them. By this, I mean that a player may read these tips and say to himself, “Oh, this doesn’t apply to me. This only happens to other players.” This is a completely understandable state of mind for human nature. The problem is that it can and may, in fact, happen to you. What can you do to keep your account your account secure beyond what Jagex has provided?
-There are currently ~13,800,295,000,000,000,000,000,000,000,000 (13.8 nonillion or 13.8x10^31) possible combinations of passwords between 5 to 20 digits. UTILIZE THIS. Never use a five or six digit password just because it’s quicker to log in that way.
-Always use a completely unique password for RuneScape that you use nowhere else. This includes RS fansites.
-Bookmark RuneScape in your browser. Always access the site this way. One misspell into Google may lead you to a nearly identical RS site that will phish your password.
-Never trust a link to RuneScape from any outside source if you’re going to enter your password. Always refer to your RuneScape bookmark before logging in.
-When logging into the RuneScape site (not the game itself), the link should begin with "https:", not "http:".
-Never use something that could easily be guessed like 13579, abc123, qwerty, letmein, asdfg, monkey, ninja, memes, your name, or any information that could be found on your Facebook page or in your bag at school (pets names, school, political/religious beliefs, friends’/family members’ names, birthday, school mascot, your sports team number(s), graduating year, school ID #, locker combo, etc.).
-Your password should include letters and numbers. Even if you use something that could be found about you in a Google search, if you include a set of random numbers, it will make it extremely difficult to guess.
-If you are in the habit of downloading anything that might be deemed 'risky' you should make general computer security a priority. Keep your computer’s software up-to-date before downloading something and be sure to scan ANYTHING downloaded from the internet, no matter whom it was downloaded from.
-If you think you may have a keylogger or other computer virus, don’t log in. This seems straightforward, but many players grow bored and decide to play while scanning for infections.
-The bank pin may seem annoying to enter at every log in, world hop, or lag out/in, but it may just save your entire bank if you do get hacked.
-Do not use your birthday, birth year, graduation year, consecutive/repeating numbers, or anything like that.
-Set the pin reset to seven days. If you somehow forget it, it is better to wait the seven (as opposed to three) days because a hacker has to wait the same length of time.
-If you are wearing or carrying more than 5% of the total value of your bank (or items that are very annoying to replace), make it a priority to bank everything prior to logging out for extended periods of time. Anything you are wearing or have in your inventory when hacked may be dropped or stolen even if you have a bank pin. This is also important to do if you know inclement weather conditions are approaching your area. If your power goes out, your items may be insecure.
-As a student, I understand being too busy to play for weeks at a time. However, you should make time to log in at least two non-consecutive days out of the week to ensure your account is safe.
-If you have a keylogger, it is not safe to enter your bank pin. Some keyloggers are programmed to take a screenshot every time the mouse is clicked.
Recovery Questions: -Lie like there is no tomorrow. I cannot stress this enough. In our world where a simple Google search can find information about you (that could easily be used to answer recovery questions) from Facebook, Twitter, YouTube, or any other social media site. The solution, simply, is to answer with gibberish. My favorite vacation spot may very well be “6frisbie1417shamrock9001tiger42,” for example (it's not my answer, don’t worry).
-Update everything (new password, pin, and questions) at least once a year. Pick a day of significance other than your birthday to do this annually; assuring that your computer is completely clean first.
-Register a serious email address along with your username. It makes the recovery process run much smoother (not to mention provides 10 extra bank spaces).
-Do NOT link your account with your Facebook page. For such a popular site, Facebook is surprisingly unsecure. For those of you with Facebook accounts, how many times have you glanced at your wall only to see, “lulz dont leave your fb prof up next time bro”? Guess what? If one of those pseudo hackers happens to play RS on the same computer as you and you left your page up, you have now been hacked. In addition, many applications and posts are viruses spread easily through permissions that you didn’t know you granted to any applications you’ve accepted (because who actually reads those, right?). Also, if you have a weak password on Facebook, some total stranger could hack that instead if they see you’re a fan of the official RS page to gain access to your RS account (depending on what information you have public).
-Regardless of how much you trust your friends, it is imperative that nobody be told your password or other sensitive details. Even if they don’t hack you, you don’t know whom they may tell the information.
-You should only keep account security information on paper. Chances are a hacker will not try to break into your home just to search for this. If you have a sibling or other room mate who also plays RS, keep it a bit more hidden than your computer desk drawer.
-You should not be using Internet Explorer. No exceptions. The only purpose of Internet Explorer is to download a safer browser such as Mozilla Firefox or Google Chrome. Either of those will not only increase security, but speed as well. Chrome is slightly faster, but Firefox has better customization options and add-ons like AdBlock Plus (though Chrome also has many equivalent ‘extensions’).
-If at all possible, keep your email or username that you use to log in different from the display name that other players see. If they don’t know the email or username, even if they have the best password-forcer in the world, chances are they don’t know whom they are trying to hack.
-If you are rich on RuneScape, that’s awesome. Don’t tell the world. Many players have become famous for being so rich. One of whom made bank videos and max cash videos and was, in fact, recently hacked and lost all of her expensive items + her max cash pile. This includes not showing off all of your expensive items at the Grand Exchange (lying to people by telling them your blue phat is loaned from someone else, etc.). Keep it secret and you will not be a major hacking target. If no one knows you’re a great target for hacking, they won’t know to try. Silence here is, indeed, the best security.
It is quite sad that such great measures have to be taken just to keep virtual possessions safe from the hands of the greedy or malicious. There will always be hackers who try to steal accounts or items, but perhaps if everyone were to utilize maximum account security, some would be discouraged or thwarted altogether. Ultimately, if you keep your password safe, your account, too, shall be safe.