This is very important, if you’ve been hacked once you need to completely cleanse your account or they’ll just be back in a months time to clean out your rebuild too
I am begging you, please now upgrade to a [Jagex Account](https://oldschool.runescape.wiki/w/Jagex_Account) to improve your security so this doesn't happen again.
I have an email account that i cant access anymore. Can i use a different email for mij jagex account and still connect my account?
Edit: confirmed, account is connected with new mailadres
And now NEVER EVER use that email address to sign up for anything else, so a password is never breached alongside the email address, or a full name etc.
And lock that email down like fort fuckin knox, MFA out the ass.
Yeah you can even reference SteamDeck guides too since it's also linux based. They have similar ones for different ways to launch the jaglauncher. I have it setup on mine now too!
...except they aren't prioritizing mac either, because the launcher only runs under rosetta compatibility mode in M1 and later macs.
...and because Jagex didn't actually make the launcher, so they aren't prioritizing anything.
pretty sure those people aren't actually Linux users because the fix is literally either using proton or using an open source front-end alternative, both things actual linux users should know very well and be very happy to try, but they treat it as if those aren't even options
I think the linux thing is the astroturf the rule-breakers who don't want jagex accounts are using currently
That's a very tin foil take. I think the more obvious issue is the huge popularity of the steam deck a Linux platform sold to people who might have very basic technical skills.
You gotta get out of the cave man, not every Linux user is a power user believe it or not there are people out there using stuff like Ubuntu that don’t know how to use command line.
"Companies intentionally making it harder" is weaselly wording that is at best misleading, at worst attributing malice to a decision better attributed to other reasoning, Occam's Razor style.
Additionally, whether companies work to natively support the DIY operating system with their application does not change whether or not the DIY operating system is DIY. Users of the DIY operating system are reasonably expected to overcome obstacles of using the DIY operating system instead of a far more popularly used operating system, and by all accounts I've read it is not very difficult of a workaround to get the Jagex Launcher to work on Linux anyway -- certainly not on the scale of difficulty some other applications many users would want to use might have.
Nope, it just wasn't possible when it released right away and Jagex wasn't going to natively support
I wrote it off for a while and have been primarying Windows anyway for games my friends wanted to play that haven't enabled Proton support for their anticheat
The narrative of Linux users being bastions of cheating is a pervasive myth that doesn't align with the realities of how botting works. It's an industry. Players pay development teams or individuals money for access to the scripts and if you want the best chances at not being detected you pay them more for a specific script to be written for you sometimes even using your inputs during a "real" session
And crucially - these cheats are developed for the platform that the customers who buy these cheats are on... AKA Windows
It isn't easier to do this on Linux, outside of how Linux is nice for development work in general but they're not PLAYING from Linux - the cheats are made for Windows!
I do wish the knowledge of the other community projects that make Jagex accounts work on Linux was more widespread but when you go from Runelite which has a native Linux client to that it put a sour taste in our mouths :(
I'm an arch user who _does_ have a Jagex account and is using a workaround. I bitch about it constantly because I shouldn't have to use a workaround to use the _launcher_ for a Java based game.
I'm worried that many of the workarounds that exist will be unintentionally closed off by the developer of the launcher -- who is not actually Jagex. I'm not sure what sort of contract Jagex has with them, but if that company is in charge of maintaining the launcher, it's not unfeasible that they decide to do that on their own without Jagex's input to serve bigger clients.
Or, in some sort of worst-case scenario, since Jagex is so awful at bans, they start flagging unusual behavior in the launcher/alternative launcher that comes from using those workarounds and people get banned for what they believe is some kind of hacked client. This hasn't happened in Runescape, but it has happened with games on Linux before.
There is no reason to think that Jagex is going to intentionally stop the workarounds, and there are 2 Flatpak that are being maintained that would fix any issues that may occur. There is also Bolt which is a third party launcher that wouldn’t be affected by any change to the Jagex launcher.
My issue with using the workarounds is that if it's not officially supported an update from Jagex could break it. And if it's not supported Jagex can just go "eh, it's a workaround good luck" and since I have to use the launcher I'd be locked out of my account.
It’s very unlikely that it would break, and there are two different Flatpak that are maintained that would fix this if it were to happen. There is also Bolt which is a native launcher, so it won’t have this issue to begin with.
You can install the Jagex Launcher in Linux by following the GitHub guide linked on this Jagex support page. https://help.jagex.com/hc/en-gb/articles/13413514881937
it literally says “you have successfully changed your password for your jagex account” i’m assuming you haven’t seen the original post of his yesterday or two days ago
I upgraded to a Jagex account after being hacked in January and they still have access to my account, even though the Jagex account uses a different email, randomly generated passwords, and 2fa. Can’t figure it out. They have access to the account but not the bank pin. I’m clueless.
Log in on the website, go to your account settings and look for linked accounts. If you see anything, remove it!
https://support.runescape.com/hc/en-gb/articles/6813469869969-Link-third-party-account
I just got home and checked. YES it was linked to steam! The initial hack was 100% on me with my email not being properly secure(Though I'm still unsure how they got my original login name as it was embarrassing and I didn't share it with anyone), but since then I was unable to figure it out. I've locked down everything since, even clicked the "End all Active Sessions" button which I though would be sufficient. The hacker plays the long con and doesn't log in daily, when when I've noticed them log in and quickly out, I'm assuming it was to check the 'last log in' date to judge if they should submit a pin reset request and let me know they still have access. They don't move the account or take anything (I've left 5m in the inventory on purpose to see if they'd take). The extended pin reset timer is a blessing.
Hopefully this was how they were getting in, and I can finally unhide my bank from the various locations across Gilenor in the off chance they reset my pin.
Yes, but a Jagex Account is a hell of a lot more secure. As someone who has only ever gotten an account hijacked once and that was over a decade ago; I was weary of getting a jagex account before but now it's just so easy to use. I never have to put passwords in unless I'm making/adding a character to the account.
You can't be weary of a process you haven't begun. "I'm weary of visiting France" when one hasn't visited France doesn't make sense. It is only correct if one is in France visiting or previously visited.
In your example you are correct. In the context of OP's sentence, you are not. I am weary of getting a Jagex accout - I am tired of it, the process, the ads, the insistence from Jagex that it's somehow safer despite the fact that VPNs do not work with it. That's the context it works in.
Yes, I'm not saying its the *perfect* word to use, just that it, by chance, does work here
Gramatically? Yes. Contextually? No.
Weary is something you are when you're either currently doing something, or when you're unwilling to do something you previously have done, again.
Wary is when you have fears about something. Regardless of if you've done it before.
OP, at that stage he's describing, was WARY of making a jagex account, because he hasn't tried it before, nor was he in the process of making one.
If he had however been in the process and, for some reason, found it to be too much work for him to complete, he would have been weary of making one.
Off the top of my head, Jagex account security is improved from:
* getting a chance to set your account to a new email (potentially worthless, but huge if you originally used your general purpose email. This is a chance to make an email that's completely unique to your account, lowering the risk of your email getting compromised from data leaks.)
* forced 2fa
* passwords can be longer and are now case sensitive (i.e., previously, passwords weren't sensitive and were pretty short, so a hypothetical password of "HunTeR2" was simply "hunter2". Having case sensitivity makes your potential password many **many** times more difficult to brute force, and if you utilize the extra length, it's not even in the same ballpark. We're talking passwords that can would take several billion years on average to brute force.)
* recovery codes (basically lets you easily recover the account if shit somehow _still_ hits the fan)
I'm sure I missed some, but even if I did, my point still stands: Jagex accounts are legit. If you care about account security and you're not a linux player, you should really consider the upgrade. You should honestly consider it even if you _are_ on linux, but those players have to jump through a lot of hoops to play with it, since they're not supported natively, so I understand why they wouldn't.
The main improvement is removing the account recovery process, which previously would allow people who had enough information to recover your account to do it over and over, whenever they wanted. If you got compromised once, your account was as good as gone forever.
Mandatory two factor authentication, allows for longer and more complex passwords, "improved brute force protection" presumably meaning it locks out attack bots after fewer attempts, it emails you if there's a login from a new location, and if you do get hacked you can use backup codes to regain access without needing to go through this password reset process and hackers can't themselves use the recovery process to keep stealing your password.
It's probably enough, but there's no downside to upgrading to a Jagex account and it prevents anyone from attempting to fraudulently recover your account, so it's still worth doing.
I have (had?) a bank pin and authenticator and my account got hijacked yesterday. Didn’t click on any phishing links or give my info to anything. Hijacker upgraded my account to a jagex account, but somehow to a different email address than the one linked to my account.
yes it's more than good enough if you're not ratted (you have bigger things to worry about than your rs account atp)
2FA your email, 2FA your account, and make sure any linked accounts (steam, FB, etc.) are either removed or secured.
if you'd like to prove otherwise lmk
The primary benefit of a Jagex account is that it disallows the legacy recovery process. With a Jagex account a bad actor can't submit a fraudulent recovery request for your account.
ermm actually the primary benefit is the 3-5 count check lamps and bank space I've gotten B)
my point was most people (who haven't bought their accounts) are low-profile enough to get away with just 2FAing everything.
Only Jagex has the numbers to say what % of account resets come through compromised email vs unsecured steam vs accepted account recovery vs whatever else I'm forgetting
If this happens to a jagex account he literally can't get it back.
And they are no more secure than normal accounts. Its a strict downgrade. If they can phish his email they phish his jagex account.
Not to mention the bi-monthly fuckery where jagex account players can't even play the game for hours, like missing the start of leagues lmao.
> If this happens to a jagex account he literally can't get it back.
That's not true, it's significantly easier to recover because you just need a saved recovery code instead of going through the old recovery process and trying to remember payment details from 2004.
> And they are no more secure than normal accounts. Its a strict downgrade. If they can phish his email they phish his jagex account.
They remove a massive vulnerability by disallowing the recovery process. That alone is a huge upgrade. They aren't particularly more secure otherwise as long as you have 2FA on your legacy account, but it's still worth it just to remove the chance that someone could submit a fake recovery request for your account.
> Not to mention the bi-monthly fuckery where jagex account players can't even play the game for hours, like missing the start of leagues lmao.
Other than leagues, when has this happened? I haven't had any issues playing since I upgraded.
When I actually got to log in, it said last logged in 1day and 12 hours ago…..so as you can guess my bank was wiped, but I’m still happy to have my account back. My Authenticator and bank pin were disabled. I’m still not sure how it happened. Thanks for all the helpful comments that helped me get this account back.
This is just false information and dumb logic.. you say a factory reset won't fix but to make sure to use the USB installer to re-image after a reset? Which is it?
Completely wiping your PC and reinstalling windows will remove 99% of malware as they exist as an executable file.
You can download the operating system directly from Microsoft/ Apple safely if you don't have the USB.
Looks like someone’s a bit confused between a factory reset and a total system reformat. A reset isn’t wiping the slate clean it often keeps a bunch of data, unlike a fresh OS install via USB, which scrubs almost everything. And sure, downloading from Microsoft or Apple is safe, but let’s not mix simple resets with thorough cleanses.
I did not have a jagex account at the time of being hacked, I made one in the process of panicking when I couldn’t log in Saturday night. Speaking of this tho, I still never imported my account but I will rn.
You're double fucked if you don't learn how to set up better security. Bank pinks take a minimum of 3 days to remove, so they've been on your account for a while. Do you not have Windows Defender running?
Triple check the connections settings on the website. Make sure it's not connected to a steam account or something that lets them bypass 2FA. If you see any device you don't recognize, remove it. If you accidentally remove one of yours, well all you gotta do is log back in.
Check your PC for keyloggers/malware in general. If you're still on the edge, back up personal files (pictures, videos, etc) Do not back up .exe files or any system files, and do a fully clean install of windows.
check your e-mail address, change password to a unique phrase and check for MAIL FORWARDING. hackers can forward mails to their own addresses to keep control of your accounts.
Also, install a password manager and don't re-use passwords
can only speak for gmail, other services prob are similar.
click cog wheel -> show all settings
then in settings theres a tab for "forwarding and ..." its the top setting, there could be a email address linked there.
same thing just happened to me about a month back and got cleaned for my entire 1.7b bank. kind of okay with it in a weird way as my desire to play is non existent and it’s made me realize how much time i was wasting in the game.
i generally agree with that sentiment but even still, there’s better ways for me to waste my time lol. not gonna sit here and be one of those “you could be a ceo or learn a new language if you put as much time into irl” bros, but really…runescape is just on a different level of sunk cost fallacy time wasting and for what? there’s no grand over arcing story line that is super intriguing or anything. the most enjoyable parts of the game(mini games, pvp) are dead in lieu of efficiency scape. idk. i guess i just had my eyes opened a bit and the thought of rebuilding seriously made me ask, “for what?”.
It’s actually worse than that, they themselves will shit on the game while they log 14 hours a day in it, but if you tell them 14 hours a day is probably too long to do something they aren’t even enjoying they’ll suddenly get a PhD in Philosophy and debate with you about the meaning and purpose of life so they can feel less bad that they play runescape 14 hours a day.
lmao, what is the "criticism"?
gz if you or they don't want to play -- spend your time how you want to. A "for what" doesn't need to exist to enjoy playing the game.
almost happened to me too.. was on a random hiatus from the game but i'm too paranoid and keep checking in on my account now and then. Randomly log on one day and check my bank to see 1 day remaining on pin removed ...
authenticator was still active btw
Yea I might end up in the same boat, I was already barely playing for the last year when I had my bank. We will see when winter comes(normally play a lot more in winter). The challenge of rebuilding seems like I could get me to dive back in, but at the same time I don’t wanna just lose everything again.
I have 4 big streamers about to give me their fortune 8) only wanted my acc info and bank pin so they can log into it and trade those billions. Sad to see so many content creators leaving but that money will go to good use ^^
Why do you assume it's phishing? It's more likely their email, password, and other info were exposed in some data breach. It's really easy to take advantage of Account Recovery with just that information.
If I’m being honest, I think my 1st post got so big that a jmod checked it out themselves. I only say this because my 2nd appeal was denied, and 8mins after that email, I got another to reset my pw.
Just another tip: Check your email settings if your email doesnt forward any mails to mail X, I was hacked once (way before Jagex account stuff existed) and the hacker had emails forwarded to his mail. Made me wonder why I never got the reset password mails. Found the problem after 2 days.
(I know you got your email, but still check!)
I will never understand how people actually get hacked. I've had the same username and password for my account since 2004 and I've never been hacked. No auth, for the longest time no bank pin
i think accs that login with usernames are a lot more secure if you are the only human alive that knows the username, because a compromised email doesnt even let them login
I lost my first account I had as a kid. Of my own forgetfulness.
It's been so long now all I remember is my original characters name. Lol, statefarm22.
They can also convert the account to a normal account fairly easily if you have not secured the iron status properly. Plus them drop trading all your stuff to their account to sell will certainly hurt an iron a lot more then a main.
Some people just want to watch the world burn.
Lucky sonofabitch
They told me to email them what happened so they could document it but still couldn't give me access back because there's no way to verify I'm the owner without an active email and phone number attached to the account
Rip, are you saying you clicked this link and input your details? I’m a little confused because the email looks phishy with @a.jagex.com as the domain. But the context of the post makes it seem like you might have thought this was a sign your already hacked
I knew my account was hacked Saturday when I tried to log in and couldn’t, my 1st post was basically me saying goodbye to the community because I thought I had lost my account. This post is showing me getting access back to my account. All emails in question are real jagex emails, anyone who says they are fake doesn’t know how to read and is stupid for assuming it’s a phish without even trying to look up jagex emails.
That’s the subdomain, so it probably does come from the second level domain which is jagex.com. It is good to look out for that though and I’m not 100% sure that means it’s always secure, but OP is fine in this case.
The things to look out for is stuff like jagex.anfoejenskwkdnco.com, and emails with this phishing attack vector typically include some type of button that is like “if this is not you click here to change your password now”
how do you start the process? my account was stolen and banned but i cant even appeal it anymore and i have been without it for months, is there a way to talk to actual suppoet?
Make sure the hackers didn't link a steam account or anything as a way to get back in.
This is very important, if you’ve been hacked once you need to completely cleanse your account or they’ll just be back in a months time to clean out your rebuild too
did you see the original post? lol. this was what the issue was. they had a steam account linked
Sadly we can't smell that there was an original post linked to this one.
i just kind of felt like the people who browse this sort of sub browse frequently
I am begging you, please now upgrade to a [Jagex Account](https://oldschool.runescape.wiki/w/Jagex_Account) to improve your security so this doesn't happen again.
Let him escape the runescape matrix while he has a chance
He fought pretty hard to stay in
I have an email account that i cant access anymore. Can i use a different email for mij jagex account and still connect my account? Edit: confirmed, account is connected with new mailadres
Yes.
Thanks!
And now NEVER EVER use that email address to sign up for anything else, so a password is never breached alongside the email address, or a full name etc. And lock that email down like fort fuckin knox, MFA out the ass.
I've been told I won't be able to play on Linux anymore if I do and that would be unacceptable for me at least ;-;
There’s a Linux launcher called bolt that’s very easy to use. It’s open source too
Peeping this, many a thank
Yeah you can even reference SteamDeck guides too since it's also linux based. They have similar ones for different ways to launch the jaglauncher. I have it setup on mine now too!
Yep! This is it and it's how I was able to play RuneLite on my Steam Deck.
Seconding this. Bolt is a lot easier to set up than the github pages that Jagex links to.
I just worry that Jagex will change something in the protocol and brick the third party launchers down the road.
Seems crazy to me there’s no linux compatibility yet while I’m over here still playing on a 2010 iMac
Jagex is focusing on the vast vast majority of players which is windows/mac.
This is no longer likely to be true, with recent steam surveys showing that linux has surpassed (and is now roughly double) the mac player count.
That is steams user base. Jagex I am sure knows what the majority are on.
...except they aren't prioritizing mac either, because the launcher only runs under rosetta compatibility mode in M1 and later macs. ...and because Jagex didn't actually make the launcher, so they aren't prioritizing anything.
pretty sure those people aren't actually Linux users because the fix is literally either using proton or using an open source front-end alternative, both things actual linux users should know very well and be very happy to try, but they treat it as if those aren't even options I think the linux thing is the astroturf the rule-breakers who don't want jagex accounts are using currently
That's a very tin foil take. I think the more obvious issue is the huge popularity of the steam deck a Linux platform sold to people who might have very basic technical skills.
the steam deck is literally built on using proton to make games work, i refuse to believe a steam deck user would be against the idea of using proton
The average steam deck user doesn't know what proton is. That's the issue. It's not about being against anything it's about not being knowledgeable.
You gotta get out of the cave man, not every Linux user is a power user believe it or not there are people out there using stuff like Ubuntu that don’t know how to use command line.
you literally don't even have to touch the command line for this except a singular copy and paste from the RuneScape website directly, Jesus Christ
Linux users when the DIY operating system is a DIY operating system
DIY =/= outside companies intentionally making it harder to access a thing that was previously platform agnostic.
"Companies intentionally making it harder" is weaselly wording that is at best misleading, at worst attributing malice to a decision better attributed to other reasoning, Occam's Razor style. Additionally, whether companies work to natively support the DIY operating system with their application does not change whether or not the DIY operating system is DIY. Users of the DIY operating system are reasonably expected to overcome obstacles of using the DIY operating system instead of a far more popularly used operating system, and by all accounts I've read it is not very difficult of a workaround to get the Jagex Launcher to work on Linux anyway -- certainly not on the scale of difficulty some other applications many users would want to use might have.
Nope, it just wasn't possible when it released right away and Jagex wasn't going to natively support I wrote it off for a while and have been primarying Windows anyway for games my friends wanted to play that haven't enabled Proton support for their anticheat The narrative of Linux users being bastions of cheating is a pervasive myth that doesn't align with the realities of how botting works. It's an industry. Players pay development teams or individuals money for access to the scripts and if you want the best chances at not being detected you pay them more for a specific script to be written for you sometimes even using your inputs during a "real" session And crucially - these cheats are developed for the platform that the customers who buy these cheats are on... AKA Windows It isn't easier to do this on Linux, outside of how Linux is nice for development work in general but they're not PLAYING from Linux - the cheats are made for Windows! I do wish the knowledge of the other community projects that make Jagex accounts work on Linux was more widespread but when you go from Runelite which has a native Linux client to that it put a sour taste in our mouths :(
I'm an arch user who _does_ have a Jagex account and is using a workaround. I bitch about it constantly because I shouldn't have to use a workaround to use the _launcher_ for a Java based game. I'm worried that many of the workarounds that exist will be unintentionally closed off by the developer of the launcher -- who is not actually Jagex. I'm not sure what sort of contract Jagex has with them, but if that company is in charge of maintaining the launcher, it's not unfeasible that they decide to do that on their own without Jagex's input to serve bigger clients. Or, in some sort of worst-case scenario, since Jagex is so awful at bans, they start flagging unusual behavior in the launcher/alternative launcher that comes from using those workarounds and people get banned for what they believe is some kind of hacked client. This hasn't happened in Runescape, but it has happened with games on Linux before.
There is no reason to think that Jagex is going to intentionally stop the workarounds, and there are 2 Flatpak that are being maintained that would fix any issues that may occur. There is also Bolt which is a third party launcher that wouldn’t be affected by any change to the Jagex launcher.
My issue with using the workarounds is that if it's not officially supported an update from Jagex could break it. And if it's not supported Jagex can just go "eh, it's a workaround good luck" and since I have to use the launcher I'd be locked out of my account.
It’s very unlikely that it would break, and there are two different Flatpak that are maintained that would fix this if it were to happen. There is also Bolt which is a native launcher, so it won’t have this issue to begin with.
You can install the Jagex Launcher in Linux by following the GitHub guide linked on this Jagex support page. https://help.jagex.com/hc/en-gb/articles/13413514881937
Cool! I'll check it out
Well lucky for you, jagex accounts will be required at some point in the future. Might as well just quit now and save us some time.
it literally says “you have successfully changed your password for your jagex account” i’m assuming you haven’t seen the original post of his yesterday or two days ago
He can't how else are we going to get people complaining about terrible account security??
I upgraded to a Jagex account after being hacked in January and they still have access to my account, even though the Jagex account uses a different email, randomly generated passwords, and 2fa. Can’t figure it out. They have access to the account but not the bank pin. I’m clueless.
Steam account might be linked. Worth checking
Do you know how to check that?
Log in on the website, go to your account settings and look for linked accounts. If you see anything, remove it! https://support.runescape.com/hc/en-gb/articles/6813469869969-Link-third-party-account
Can a mod confirm if this link is safe? I'm trying to avoid getting hacked at all costs, I have so much gp.
Bro it’s literally support.runescape.com Write it out in a piece of paper then type it in manually if you’re that paranoid
"linked accounts" in the runescape account settings as far as I know
Now I’m invested in the story. Did you find out if steam was linked
I just got home and checked. YES it was linked to steam! The initial hack was 100% on me with my email not being properly secure(Though I'm still unsure how they got my original login name as it was embarrassing and I didn't share it with anyone), but since then I was unable to figure it out. I've locked down everything since, even clicked the "End all Active Sessions" button which I though would be sufficient. The hacker plays the long con and doesn't log in daily, when when I've noticed them log in and quickly out, I'm assuming it was to check the 'last log in' date to judge if they should submit a pin reset request and let me know they still have access. They don't move the account or take anything (I've left 5m in the inventory on purpose to see if they'd take). The extended pin reset timer is a blessing. Hopefully this was how they were getting in, and I can finally unhide my bank from the various locations across Gilenor in the off chance they reset my pin.
Alls well that ends well. Glad you found the issue. Cheers
I’ll still have to be observant in case that wasn’t the issue, but it got me further along than I was before :)
Isn't a bank pin and authenticator enough security?
Yes if you have an average iq
But 2x exp...
Yes, but a Jagex Account is a hell of a lot more secure. As someone who has only ever gotten an account hijacked once and that was over a decade ago; I was weary of getting a jagex account before but now it's just so easy to use. I never have to put passwords in unless I'm making/adding a character to the account.
>weary wary
whilst they probably did mean `wary`, `weary` is perfectly acceptable to use there and makes sense grammatically and contextually
You can't be weary of a process you haven't begun. "I'm weary of visiting France" when one hasn't visited France doesn't make sense. It is only correct if one is in France visiting or previously visited.
In your example you are correct. In the context of OP's sentence, you are not. I am weary of getting a Jagex accout - I am tired of it, the process, the ads, the insistence from Jagex that it's somehow safer despite the fact that VPNs do not work with it. That's the context it works in. Yes, I'm not saying its the *perfect* word to use, just that it, by chance, does work here
Gramatically? Yes. Contextually? No. Weary is something you are when you're either currently doing something, or when you're unwilling to do something you previously have done, again. Wary is when you have fears about something. Regardless of if you've done it before. OP, at that stage he's describing, was WARY of making a jagex account, because he hasn't tried it before, nor was he in the process of making one. If he had however been in the process and, for some reason, found it to be too much work for him to complete, he would have been weary of making one.
It must be exhausting to be this insufferable; it makes me weary just thinking about it.
[удалено]
Off the top of my head, Jagex account security is improved from: * getting a chance to set your account to a new email (potentially worthless, but huge if you originally used your general purpose email. This is a chance to make an email that's completely unique to your account, lowering the risk of your email getting compromised from data leaks.) * forced 2fa * passwords can be longer and are now case sensitive (i.e., previously, passwords weren't sensitive and were pretty short, so a hypothetical password of "HunTeR2" was simply "hunter2". Having case sensitivity makes your potential password many **many** times more difficult to brute force, and if you utilize the extra length, it's not even in the same ballpark. We're talking passwords that can would take several billion years on average to brute force.) * recovery codes (basically lets you easily recover the account if shit somehow _still_ hits the fan) I'm sure I missed some, but even if I did, my point still stands: Jagex accounts are legit. If you care about account security and you're not a linux player, you should really consider the upgrade. You should honestly consider it even if you _are_ on linux, but those players have to jump through a lot of hoops to play with it, since they're not supported natively, so I understand why they wouldn't.
The main improvement is removing the account recovery process, which previously would allow people who had enough information to recover your account to do it over and over, whenever they wanted. If you got compromised once, your account was as good as gone forever.
Mandatory two factor authentication, allows for longer and more complex passwords, "improved brute force protection" presumably meaning it locks out attack bots after fewer attempts, it emails you if there's a login from a new location, and if you do get hacked you can use backup codes to regain access without needing to go through this password reset process and hackers can't themselves use the recovery process to keep stealing your password.
It's probably enough, but there's no downside to upgrading to a Jagex account and it prevents anyone from attempting to fraudulently recover your account, so it's still worth doing.
I have (had?) a bank pin and authenticator and my account got hijacked yesterday. Didn’t click on any phishing links or give my info to anything. Hijacker upgraded my account to a jagex account, but somehow to a different email address than the one linked to my account.
No
yes it's more than good enough if you're not ratted (you have bigger things to worry about than your rs account atp) 2FA your email, 2FA your account, and make sure any linked accounts (steam, FB, etc.) are either removed or secured. if you'd like to prove otherwise lmk
The primary benefit of a Jagex account is that it disallows the legacy recovery process. With a Jagex account a bad actor can't submit a fraudulent recovery request for your account.
ermm actually the primary benefit is the 3-5 count check lamps and bank space I've gotten B) my point was most people (who haven't bought their accounts) are low-profile enough to get away with just 2FAing everything. Only Jagex has the numbers to say what % of account resets come through compromised email vs unsecured steam vs accepted account recovery vs whatever else I'm forgetting
If this happens to a jagex account he literally can't get it back. And they are no more secure than normal accounts. Its a strict downgrade. If they can phish his email they phish his jagex account. Not to mention the bi-monthly fuckery where jagex account players can't even play the game for hours, like missing the start of leagues lmao.
> If this happens to a jagex account he literally can't get it back. That's not true, it's significantly easier to recover because you just need a saved recovery code instead of going through the old recovery process and trying to remember payment details from 2004. > And they are no more secure than normal accounts. Its a strict downgrade. If they can phish his email they phish his jagex account. They remove a massive vulnerability by disallowing the recovery process. That alone is a huge upgrade. They aren't particularly more secure otherwise as long as you have 2FA on your legacy account, but it's still worth it just to remove the chance that someone could submit a fake recovery request for your account. > Not to mention the bi-monthly fuckery where jagex account players can't even play the game for hours, like missing the start of leagues lmao. Other than leagues, when has this happened? I haven't had any issues playing since I upgraded.
GothGirlsGoodBoy always has consistently bad takes on this sub lol
The legacy password recovery system is a hundred times more insecure than email 2FA codes, and you can turn those off and use an app anyway.
This is wildly inaccurate
When I actually got to log in, it said last logged in 1day and 12 hours ago…..so as you can guess my bank was wiped, but I’m still happy to have my account back. My Authenticator and bank pin were disabled. I’m still not sure how it happened. Thanks for all the helpful comments that helped me get this account back.
If they disabled your bank pin your pc is 100% compromised.
They also disabled my Authenticator too, I’ve been planning on getting pc for awhile now
You don't need a whole now PC. You can just factory reset the drive or at the worst just replace the drive altogether.
You're going to want to use a USB installer to re-image your drive to ensure removal of viruses as they can persist through a factory reset.
This is just false information and dumb logic.. you say a factory reset won't fix but to make sure to use the USB installer to re-image after a reset? Which is it? Completely wiping your PC and reinstalling windows will remove 99% of malware as they exist as an executable file. You can download the operating system directly from Microsoft/ Apple safely if you don't have the USB.
Looks like someone’s a bit confused between a factory reset and a total system reformat. A reset isn’t wiping the slate clean it often keeps a bunch of data, unlike a fresh OS install via USB, which scrubs almost everything. And sure, downloading from Microsoft or Apple is safe, but let’s not mix simple resets with thorough cleanses.
Reading comprehension is a fundamental skill.
"Removes 99% of malware" The 1% of malware: "reset to factory bro, you're safe"
i believe when your account is recovered it wipes the 2fa and bank pin
No you just have to wait 3 days, not sure how long he lost access to the account but you don’t need the pin to disable it
Yeah I think I misread that comment and thought there was a 12hr gap between op last logging out and the account being compromised
So is this a jagex account or not?
The email? Yes the email is a real jagex email
https://www.jagex.com/en-GB/accounts This. Do you have this?
I did not have a jagex account at the time of being hacked, I made one in the process of panicking when I couldn’t log in Saturday night. Speaking of this tho, I still never imported my account but I will rn.
You're double fucked if you don't learn how to set up better security. Bank pinks take a minimum of 3 days to remove, so they've been on your account for a while. Do you not have Windows Defender running?
This guy isn’t bright. He said he wanted to buy a new pc when warned his current one is compromised
No offense meant but not everyone knows the same things that doesn’t inherently make them dumb.
Triple check the connections settings on the website. Make sure it's not connected to a steam account or something that lets them bypass 2FA. If you see any device you don't recognize, remove it. If you accidentally remove one of yours, well all you gotta do is log back in. Check your PC for keyloggers/malware in general. If you're still on the edge, back up personal files (pictures, videos, etc) Do not back up .exe files or any system files, and do a fully clean install of windows.
No, I think they mean a Jagex account vs a Runescape account, are you familiar?
**something tells me he has no idea what it is**
Getting hacked was the only clue needed
Please log into your account management and check “linked account” happened to me before and those fuckers link steam or whatever
Make sure there isn't a steam account linked to it that isn't your own.
Congratulations on getting your account back! -PantsRtight
check your e-mail address, change password to a unique phrase and check for MAIL FORWARDING. hackers can forward mails to their own addresses to keep control of your accounts. Also, install a password manager and don't re-use passwords
I have already changed all of my passwords, but how to check for email forwarding?
can only speak for gmail, other services prob are similar. click cog wheel -> show all settings then in settings theres a tab for "forwarding and ..." its the top setting, there could be a email address linked there.
Ahh thank you, I will definitely check it out
How did you get hacked
Welcome back and a fat GL on the rebuild!
same thing just happened to me about a month back and got cleaned for my entire 1.7b bank. kind of okay with it in a weird way as my desire to play is non existent and it’s made me realize how much time i was wasting in the game.
everything is a waste of time just depends on if you mind wasting it
i generally agree with that sentiment but even still, there’s better ways for me to waste my time lol. not gonna sit here and be one of those “you could be a ceo or learn a new language if you put as much time into irl” bros, but really…runescape is just on a different level of sunk cost fallacy time wasting and for what? there’s no grand over arcing story line that is super intriguing or anything. the most enjoyable parts of the game(mini games, pvp) are dead in lieu of efficiency scape. idk. i guess i just had my eyes opened a bit and the thought of rebuilding seriously made me ask, “for what?”.
Yeah for sure. That's why you're browsing /r/2007scape lmao.
i mean it still shows up on my reddit feed, unsure how me commenting here is relevant to my statement anyways
It’s not relevant. People here just lose their shit if you say anything that doesn’t praise this game lol
It’s actually worse than that, they themselves will shit on the game while they log 14 hours a day in it, but if you tell them 14 hours a day is probably too long to do something they aren’t even enjoying they’ll suddenly get a PhD in Philosophy and debate with you about the meaning and purpose of life so they can feel less bad that they play runescape 14 hours a day.
This community is shit. They can't handle criticism at any level.
lmao, what is the "criticism"? gz if you or they don't want to play -- spend your time how you want to. A "for what" doesn't need to exist to enjoy playing the game.
I feel like he didn’t say anything that crazy? You don’t always have to be a cunt online you know.
>and for what? It's fun.
almost happened to me too.. was on a random hiatus from the game but i'm too paranoid and keep checking in on my account now and then. Randomly log on one day and check my bank to see 1 day remaining on pin removed ... authenticator was still active btw
Yea I might end up in the same boat, I was already barely playing for the last year when I had my bank. We will see when winter comes(normally play a lot more in winter). The challenge of rebuilding seems like I could get me to dive back in, but at the same time I don’t wanna just lose everything again.
Just make an Iron. It'll fix everything.
irons can still get hacked and all their items dropped?
just buy bonds with irl money an sell them. isn’t that what main accounts do anyways?
Did you have 2fa enabled in a phone app?
Gg
Dont click "Double XP Weekend" on the Twitch next time.
I only risk my account for triple xp weekends
I have 4 big streamers about to give me their fortune 8) only wanted my acc info and bank pin so they can log into it and trade those billions. Sad to see so many content creators leaving but that money will go to good use ^^
Gz on the drop
How in this day and age are 20-30+ year olds that play this game allow them selves to be phished. Crazy.
Xanax, computer illiteracy, regular illiteracy.
My friend has a masters in cyber security and still got phished
By pirating content without it being credible and safe or clicking on bad emails. Then there’s the raid plugins. Idk how people manage it
Why do you assume it's phishing? It's more likely their email, password, and other info were exposed in some data breach. It's really easy to take advantage of Account Recovery with just that information.
Ayy Grats, now you can finally do that RC levelling you've been putting off for 5k hours
You’re a funny guy, my rc will stay right where it is…
Respect, I would as well- enjoy playing on the account again!
So what did you change it to?
New pw is abc123
Hey congrats! What do you think got it over the line in the end??
If I’m being honest, I think my 1st post got so big that a jmod checked it out themselves. I only say this because my 2nd appeal was denied, and 8mins after that email, I got another to reset my pw.
I am pleased for you mate. Happy scaping!
Ty m8, you too!
Just another tip: Check your email settings if your email doesnt forward any mails to mail X, I was hacked once (way before Jagex account stuff existed) and the hacker had emails forwarded to his mail. Made me wonder why I never got the reset password mails. Found the problem after 2 days. (I know you got your email, but still check!)
How do you check for this?
I have hotmail/outlook and it was in the settings somewhere for me. Probably easier to find on laptop/pc.
I will never understand how people actually get hacked. I've had the same username and password for my account since 2004 and I've never been hacked. No auth, for the longest time no bank pin
i think accs that login with usernames are a lot more secure if you are the only human alive that knows the username, because a compromised email doesnt even let them login
just curious, when logging in or to the osrs website, do you use an email or username?
All hail nose dab
Congrats man! Glad you got it back!
I lost my first account I had as a kid. Of my own forgetfulness. It's been so long now all I remember is my original characters name. Lol, statefarm22.
Congrats on getting your account back!
Make a bank pin, and before you log off, put all of your items inside your bank too.
He’s got no items anymore
Gratz mate. Please secure your email address; properly. Not just your RuneScape account, gl for the future lol
This is why I only play Ironman now. All they can do is drop and ruin the account, but why would they waste their time?
They can also convert the account to a normal account fairly easily if you have not secured the iron status properly. Plus them drop trading all your stuff to their account to sell will certainly hurt an iron a lot more then a main. Some people just want to watch the world burn.
Anyone over 1k total can lock iron status, anything below that isn’t a huge loss unless it’s a special account
yeah i wasn't exact on the specifics but i was aware you could lock in your iron status.
Welcome back. Now put in some hours. You've been out for a couple of days.
©️ 2018???
Lucky sonofabitch They told me to email them what happened so they could document it but still couldn't give me access back because there's no way to verify I'm the owner without an active email and phone number attached to the account
Rip, are you saying you clicked this link and input your details? I’m a little confused because the email looks phishy with @a.jagex.com as the domain. But the context of the post makes it seem like you might have thought this was a sign your already hacked
I knew my account was hacked Saturday when I tried to log in and couldn’t, my 1st post was basically me saying goodbye to the community because I thought I had lost my account. This post is showing me getting access back to my account. All emails in question are real jagex emails, anyone who says they are fake doesn’t know how to read and is stupid for assuming it’s a phish without even trying to look up jagex emails.
You know the rules! You never truly quit. Just take looong breaks.
Nice dude, glad to hear you got it back. What was the new password you set?
Ayyyye! Congrats! I just posted on your previous post! Glad you got it back! The grind continues!!!
Oh nice you got it back, back to the grind :)
Let's goooo, never free from your cycle of self hate. Back to the grind! Glad you got your account back though forreal!
Gz m8
I got hacked again, reseted my password and as i logged back in i got banned for botting lol
I just lost my 19 and 17 year old accounts last week, it was fun guys but my grind is over
What did you download?
noreply@"A".jagex.com? its a scam.?
Ahh yes totally a scam, a scam that got me my account back, a scam from jagex themselves….
That’s the subdomain, so it probably does come from the second level domain which is jagex.com. It is good to look out for that though and I’m not 100% sure that means it’s always secure, but OP is fine in this case. The things to look out for is stuff like jagex.anfoejenskwkdnco.com, and emails with this phishing attack vector typically include some type of button that is like “if this is not you click here to change your password now”
how do you start the process? my account was stolen and banned but i cant even appeal it anymore and i have been without it for months, is there a way to talk to actual suppoet?
No lmao, make a Reddit post and hope that it gets enough attention so someone looks into it….
How is this even possible
Don't bother rebuilding, the hackers now have access to your account forever, take it from me.
Top kek