The Jagex account system offers a secure, centralised location for accessing all of our games and comes with some key security features.
Strong passwords |
Your password can be longer and more complex, making it much harder to guess. |
|
Attack protection |
Log ins via the Launcher are better protected from brute-force attacks. |
|
Email notifications |
You'll receive email notifications for new device log ins and account changes. |
|
Required 2FA |
Two-factor authentication is mandatory for Jagex Accounts, by default you'll need to enter a code sent to your email to log in. For added security, you can set up a mobile authenticator app and backup codes. |
|
Improved recovery |
If you're unable to log in via your usual method and have backup codes activated, you can use a backup code to sign in to your Jagex account. |
Take action to keep your account out of the wrong hands.
Set a unique password
You can set a password that is between 8-64 characters long, which may contain uppercase and lowercase letters and special characters.
Use a unique password for all of your online accounts. That way, if one is compromised, your other accounts remain secure.
A good password should be memorable but difficult to guess or brute force. Having unique passwords for your entire online presence can be hard to manage, so consider using a secure password manager.
Enable an authenticator app
Setting up an authenticator app adds an extra layer of security to your Jagex account, and protects unauthorised access even if a hijacker knows your password or has access to your email address.
When adding an authenticator (TOTP), you'll also be given a set of 10 backup codes, that you can save in case you ever lose access to your authenticator. Please ensure that you save your backup codes separately to the device your authenticator is held on, storing them somewhere safe and secure.
Most common authenticator app providers offer the ability to backup the app, this will allow you to recover your app should you lose it or your device.
Protect your email address
A secure email address will help keep your accounts safe, so be sure to set a strong password and utilise your email provider's security features such as 2-factor authentication. It's important to check any rules or filters set up on your email account, especially if you suspect your email may have been compromised. Most providers offer guides on how to check, for example see Gmail's guide on creating and editing rules/filters.
Check out the advice from some popular email providers:
Secure your device
Keeping your device locked with a passcode can keep it safe from any nearby threats. You should also enable your preferred antivirus and anti-spyware software and scan your device regularly.
You can also activate your browser's phishing filters to alert you of potentially unsafe websites. Here's how to enable phishing filters on some popular browsers:
For general advice on how to stay safe and secure online, you can check out this page on the National Cyber Security Centre's website.
Stay up to date
Keep your operating system and applications up to date. Missing a critical security update could make your device less secure. A quick search in your favourite search engine will provide you with some steps.
Secure any linked accounts
If your character is linked to a third party account, ensure you've utilised the third party account's security features such as Google's 2-step verification, Apple's two-factor authentication or Steam Guard.
Remove unknown linked accounts
If someone hijacks your RuneScape character, they can link their own third party login (such as through their Google or Steam account) and access your account even if you change your password. A third party account can only be applied to a character, not an entire Jagex Account. Regularly check and remove any unrecognised linked accounts.
Manage active sessions
If you've forgotten to log out of your account on a shared device or suspect a third party has access to your account, you can end all active sessions which will log you out on all devices.