Leaderboard

Introduction Greetings RuneHQ users, and welcome to my second guide on account security. If you haven't already, then please read my original guide which is stickied at the top of this forum! In this thread, I will be taking you through a method which I can guarantee will protect you from hackers, even if they have keylogged your passwords! On top of this, I will also point out things which you should avoid at all costs in order to keep your account secure! For security, I will direct you to where you need to go, instead of posting URL links. Contents Creating a Google Mail account 2-Step Verification with Gmail Setting up JAG Summary of what would happen! Creating a Google Mail account Google Mail (or Gmail) will provide the backbone to your account security. It is actually this step will could potentially provide a 100% immunity to hackers. When creating a google mail account, try to make the account name nothing related to your runescape account's name, but still try to make it memorable. Again with the password of your account, it must be complex but not the same password used for any other password. Bad Examples of passwords include: - Runite - Dragon - Edd Good Examples of passwords include: - Egg384tuna10noob - January953snow1 (PLEASE DO NOT ACTUALLY USE THESE) If you can understand how bad examples of passwords are easy to guess, and where good examples of passwords are very hard to guess, then you've taken your first step to enforcing your account's security. 2-Step Verification with Gmail This is where the magic begins. 2-Step verification is process where you assign a secondary device to confirm that the person who is trying to access your Gmail account really is you! To do this, go to your account section, and then select security before finally selecting "2-Step verification". From here you can assign your mobile phone device to receive a text message which contains a random 6 digit code (just like an authenticator!) which you must enter to gain access into your Gmail account. I cannot emphasise the importance of this step, it will be the trap that the hacker gets caught in, without it, a hacker will proceed straight into your Gmail account and authorize his computer using JAG. Setting up JAG! JAG will be what completes your account immunisation. This system can be accessed by logging into your Runescape account on the main page, select "Account Settings" before finally selecting "Jagex Account Guardian". What does JAG actually do? Locks your account specifically to the computer you are using. Denies access to your account by hackers without e-mail confirmation When setting up JAG, bear in mind that this WILL replace your recovery questions. Knowing this, you want to make the answers to your questions as hard to guess as possible, try randomly adding numbers or even just make up completely silly answers that no-one would eve guess (make sure YOU remember them!) Finally, once JAG is set up, you will be prompted to add your device to it's allowance list, add your computer to it "permanently". A list of your computer name, and your IP address will be shown and your account will only be accessed from that, unless you use JAG to permit other devices. Summary of what would happen Oh no, you've click on a link and a keylogger has your passwords! Here's exactly what would happen, and how you've just stopped a hacker without even trying! The hacker will enter your details on Runescape in an attempt to log in. The hacker will not have access until JAG confirms this. JAG has just sent a confirmation e-mail to your Gmail account! The hacker has your e-mail and password and attempts to log into your Gmail Do you hear that? Your phone sent you a text containing a 6-digit code! Without the 6 digit code, the hacker is HELPLESS. He cannot confirm in your Gmail that he is trying to use your account, therefore he can NEVER get onto your account! The hacker would literally have to steal your mobile phone in real life to gain access, that said keep your phone safe at all times. There's still the JAG questions for the hacker to somehow guess on top of this, but pretty much irrelevant if he can't even get into your Gmail to authorize his computer. If you suspect that... Someone has your passwords Your mobile prompted you a 6 digit code without you logging in Chances are, someone seems to have your details. Perform a complete scan if your computer, make sure your firewall is correctly configured, and if necessary format your HDD (extreme measure). Once this is done, proceed to change your Gmail password and your Runescape password. Check your Gmail, JAG will tell you the IP of the hacker, and you can immediately report it to Jagex! I hope this proves useful, and I highly recommend that EVERYONE has this system, or something similar in place. It is a true life saver!