The Best Methods for Keeping Your Old School RuneScape Account Secure

Get a Stronghold of Security on your account.

OSRS Log in Screen
Image via Jagex

RuneScape has grown and evolved over the years, and Old School RuneScape is no exception to this despite it being the 2007 version of the game. One thing that has stayed the same, however, is the constant threat of people hacking your account. Here’s how to protect your OSRS account.

Keeping your OSRS Account Safe

There are a range of methods that you should incorporate to keep your OSRS account secure. This isn’t one of those times where you should choose one and roll with it. The more security methods that you incorporate, the safer your account will be.

Your Password

Your first line of defense when it comes to keeping unwanted people out of your account is your password. The same rules apply here that apply whenever you are creating a password for any website. Make sure that when you are coming up with a password, it is something that people will not be able to easily guess. We laugh about it, but there are far too many people out there who do in fact use ‘password’ as their password. Even ‘runescape’ is one that people have used. I get it, you want something easy to remember and simple to use. But in doing so, you also make it easy and simple for other people to guess.

Make sure that you include the following in your password.

  • No personal and easily identifiable information
  • Capital letters
  • Special characters (?!$#)
  • A mix of numbers and letters

Having a difficult password is the first step in deterring someone from accessing your account.

A Bank Pin

Having a Bank Pin means that whenever you log into your account and go to access your bank account as well as any other situations where you will be interacting with your in-game items. Such as entering Building Mode in your Player-Owned House, or your Miscellania funds. Everything that can negatively impact your items and gold will be locked behind this pin.

The pin itself is a four-digit code that you can create by interacting with any Banker and choosing the Bank Pin option. Just like a password, it is a good idea to not use a pin that can be linked to your personal information. So, do not use your date of birth or anything that is easily identifiable. You need your last line of defense to be strong.

Two Factor Authentication (2FA)

Two Factor Authentication or 2FA is one of the best ways to secure your account, and it was a game changer when Jagex implemented it for RuneScape. To put it simply, when you have 2FA activated, if you go to log on to your RuneScape account, you will need to enter a six-digit code from an app on your phone before you can do so. This means that a hacker would have to have your password and your phone to be able to log into your account.

If you don’t have a linked device, you can have your 2FA code sent to your email. It’s less secure than a phone that you have in your hand, especially if your email password is the same as your RuneScape password. If it is, you should change it now! But again, it’s an extra step, and the email notification will make you aware that someone is attempting to access your account.

When you log in with your 2FA code, you will have the option of clicking a box to mark the device that you are logging in from as safe for 30 days. If it’s a personal laptop, it’s a good idea if you do not wish to go through the process every single time. A one-time-only login, or a public device are situations where you would not wish to mark it as safe though.

It’s Best to Not Trust Other Players

It is true that OSRS is a social game with an amazing community. But there are still players out there who wish to ruin the enjoyment that one gets from the game by stealing their GP and items. It is best to be overly cautious when it comes to players, especially those that you do not know.

Fake Emails

Whilst not exactly a player, it is important to make sure that whatever email you are receiving has come from Jagex’s official email address. Often scammers will send out emails that look incredibly real, but when you check the email address it is clear that it has come from a fake source.

These phishing emails will often directly ask you for your username and password, stating that there is an issue that needs to be addressed. Or, they can also have a link that you can click that will then collect your details when you interact with it. It’s best to just delete these emails if you are in the unfortunate position where you run into one. As long as you don’t interact with one, you will be safe and have no need to worry.


It is a tale as old as time, you meet an overly friendly player in game who tells you that they can duplicate your item, that your password will be hidden if you put it in chat, that they can trim your armour, or that they need you to follow them into the Wilderness. Of course, these are only a few well-known scams that exist in OSRS and there are plenty more.

If something sounds too good to be true, it probably is. It is always better to err on the side of caution as opposed to interacting with these seemingly overly helpful players. Do not provide anyone with your personal details or follow any links that they may tell you to.

Account Sharing

Yep, it’s against the rules and people still do it. OSRS can be a bit of a grind and it can seem appealing to share your account with another person to take a little bit of the grind off of your back. But it doesn’t always work out that way. If you’re not caught and banned, you still risk the chance that the player that you are sharing with will decide that they want the account for themselves and change the password and other details on you. Completely locking you out of the account forever.

Even if you know the person in real life, it’s really just a situation to avoid completely as it isn’t worth any potential relationship fallout from a split-second wrong decision. Basically, just keep your account and progress to yourself. It will feel that much sweeter when you achieve your goals all by yourself too. I promise.

Using Jagex Accounts

Jagex has been pushing for its players to take up their latest account security option Jagex Accounts. There are multiple reasons why doing so is a logical decision, including many security benefits.

Two Factor Authentication (2FA)

2FA was mentioned above and the basics of how it benefits an account still stand. The only difference between the previously mentioned 2FA and Jagex Accounts 2FA is that unlike the former, this one is mandatory. When you create your Jagex Accounts, you will need to set up 2FA to access it. It is no longer an optional security measure.

A More Complex Password

When you have a Jagex Account, you can incorporate a broader variety of letters, numbers, and special characters into your passwords, which in turn makes them more secure.

You can use the following:

  • All letters in lowercase and uppercase.
  • All numbers
  • All special characters

Backup Codes

When you are working with 2FA and more complex passwords, there is always the chance that one may forget some of the more complex details. Having a Jagex Account means that you can generate backup codes that you can stash away just in case you get into such a situation. Just make sure that you do not lose those as well!


When you have a Jagex Account, you will be notified each time that your account logs into RuneScape. Which may seem like a lot, but also allows you to see any potential log ins that did not come from you. Also, whenever account details are altered, you will receive an email informing you of such.

When utilizing the above safety precautions, your account will be as safe as it could possibly be. If you’re unsure if you have the above active on your account, now is a good time to go back and check. It may take a few minutes, but that is nothing compared to potentially losing hundreds or even thousands of in-game hours to an unsavory individual.

About the Author

Priscilla Wells

Priscilla is both the weekend editor and a freelance writer at Prima Games. She began working at Prima Games in early 2023. Prior to this, she spent nine years writing for both her own personal gaming blog, and other related websites. Priscilla has grown up playing video games, and most often plays her PS5 and Nintendo Switch consoles. You can find her playing Final Fantasy XIV, RuneScape, Pokemon GO, or lost in the latest RPG to release. She is an Australian living in the United States with her American husband, three children, and her Basset Hound. Before moving to the United States, Priscilla obtained a Bachelors of Secondary Education majoring in English and Japanese Language. This allowed her to teach English and Japanese in a high school setting. You can follow her on Twitter/X at @Cilllah