Account Security Matters More Than Ever

In 2026, OSRS accounts with max gear can be worth thousands of dollars. This makes them prime targets for hackers, phishers, and social engineers. Every year, thousands of players lose billions of GP to preventable security breaches. Do not be one of them.

This guide covers every security measure you should have in place to keep your account safe.

Essential Security Steps

1. Authenticator (MANDATORY)

Enable the Jagex Authenticator on your account. This adds two-factor authentication (2FA) requiring a code from your phone every time you log in from a new device. Without this, anyone who knows your password can log in.

Use an authenticator app like Google Authenticator or Authy. Do NOT use SMS-based 2FA as it can be SIM-swapped.

2. Bank PIN

Set a 4-7 digit bank PIN that is different from any other PIN you use. This protects your items even if someone logs into your account. They cannot access your bank, trade your items, or drop your gear without the PIN.

Important: There is a 3-7 day delay to change or remove your bank PIN. This means even if a hacker gets in, your items are protected while you recover the account.

3. Unique Email + Email 2FA

Use a dedicated email address that you only use for OSRS. Enable 2FA on that email as well. Many account hacks start with compromising the linked email address.

4. Strong, Unique Password

Use a password that is at least 12 characters with a mix of letters, numbers, and symbols. Do NOT reuse your OSRS password on any other site. Use a password manager like Bitwarden or 1Password.

Common Threats

Phishing

Fake emails and websites that look like Jagex but steal your login. Always check the URL. Jagex will NEVER email you asking to log in through a link. The real website is always oldschool.runescape.com or secure.runescape.com.

Fake Streams

Twitch streams claiming "double XP" or "free membership" with links to phishing sites. OSRS never has double XP events. Any stream claiming this is a scam.

Discord Scams

Fake Discord bots or DMs claiming you won a giveaway. Never click links from unknown Discord users. Real OSRS staff will never DM you first.

Malware

Fake RuneLite downloads, "auto clickers," and "bot clients" that contain keyloggers. Only download RuneLite from runelite.net. Never download OSRS-related software from random websites.

Social Engineering

Scammers in-game who try to trick you into entering your details on fake sites, luring you to the Wilderness for PvP kills, or trust trading scams. If it sounds too good to be true, it is.

Recovery Security

Remember your original creation details: ISP, creation date, payment info
Keep old payment receipts for membership purchases
Note your first ever passwords (store securely offline)
These details are used by Jagex to verify account ownership during recovery

Safe Trading Practices

Always check the second trade window carefully before accepting
Never drop items or trade items to "prove" they work
Use the Grand Exchange for most trades to avoid scams
For high-value trades, double-check item names and quantities
When buying services, use trusted, reviewed marketplaces with buyer protection

Trading Safely With MyPvM

When buying OSRS services or items, always use trusted providers. MyPvM is the safest OSRS marketplace with 6,200+ 5-star reviews on Google and Trustpilot, with verified boosters and Security Plugin and security measures protection, verified boosters, and our Security Plugin for account protection during services.

Browse Our Services | Read about our Security Plugin and security measures for safe service delivery.

Save on Every Order: MyPvM+ members get up to 3% permanent discount, monthly lootbox points worth up to $625, exclusive flash sales, and 10-15% monthly coupons. Plans start at just $4.99/month. Learn more about MyPvM+ Membership.