Account Security Matters More Than Ever
In 2026, OSRS accounts with max gear can be worth thousands of dollars. This makes them prime targets for hackers, phishers, and social engineers. Every year, thousands of players lose billions of GP to preventable security breaches. Do not be one of them.
This guide covers every security measure you should have in place to keep your account safe.
Essential Security Steps
1. Authenticator (MANDATORY)
Enable the Jagex Authenticator on your account. This adds two-factor authentication (2FA) requiring a code from your phone every time you log in from a new device. Without this, anyone who knows your password can log in.
Use an authenticator app like Google Authenticator or Authy. Do NOT use SMS-based 2FA as it can be SIM-swapped.
2. Bank PIN
Set a 4-7 digit bank PIN that is different from any other PIN you use. This protects your items even if someone logs into your account. They cannot access your bank, trade your items, or drop your gear without the PIN.
Important: There is a 3-7 day delay to change or remove your bank PIN. This means even if a hacker gets in, your items are protected while you recover the account.
3. Unique Email + Email 2FA
Use a dedicated email address that you only use for OSRS. Enable 2FA on that email as well. Many account hacks start with compromising the linked email address.
4. Strong, Unique Password
Use a password that is at least 12 characters with a mix of letters, numbers, and symbols. Do NOT reuse your OSRS password on any other site. Use a password manager like Bitwarden or 1Password.
Common Threats
Phishing
Fake emails and websites that look like Jagex but steal your login. Always check the URL. Jagex will NEVER email you asking to log in through a link. The real website is always oldschool.runescape.com or secure.runescape.com.
Fake Streams
Twitch streams claiming "double XP" or "free membership" with links to phishing sites. OSRS never has double XP events. Any stream claiming this is a scam.
Discord Scams
Fake Discord bots or DMs claiming you won a giveaway. Never click links from unknown Discord users. Real OSRS staff will never DM you first.
Malware
Fake RuneLite downloads, "auto clickers," and "bot clients" that contain keyloggers. Only download RuneLite from runelite.net. Never download OSRS-related software from random websites.
Social Engineering
Scammers in-game who try to trick you into entering your details on fake sites, luring you to the Wilderness for PvP kills, or trust trading scams. If it sounds too good to be true, it is.
Recovery Security
- Remember your original creation details: ISP, creation date, payment info
- Keep old payment receipts for membership purchases
- Note your first ever passwords (store securely offline)
- These details are used by Jagex to verify account ownership during recovery
Safe Trading Practices
- Always check the second trade window carefully before accepting
- Never drop items or trade items to "prove" they work
- Use the Grand Exchange for most trades to avoid scams
- For high-value trades, double-check item names and quantities
- When buying services, use trusted, reviewed marketplaces with buyer protection
Trading Safely With MyPvM
When buying OSRS services or items, always use trusted providers. MyPvM is the safest OSRS marketplace with 6,200+ 5-star reviews on Google and Trustpilot, with verified boosters and Security Plugin and security measures protection, verified boosters, and our Security Plugin for account protection during services.
Browse Our Services | Read about our Security Plugin and security measures for safe service delivery.
Save on Every Order: MyPvM+ members get up to 3% permanent discount, monthly lootbox points worth up to $625, exclusive flash sales, and 10-15% monthly coupons. Plans start at just $4.99/month. Learn more about MyPvM+ Membership.