Jump to content

RuneScape Authenticator Guide (Windows PC with pictures)


XxTearGodxX

Recommended Posts

Took me a bit to get this straightened out so I thought I'd help out others, I hope this helps.

 

Step 1) Download WinAuth you can get this Googling 'WinAuth' under the Download section scroll down to where it says WinAuth 3.0 and click where it says WinAuth 3.0.21 to start downloading it.
 
Step 2) Locate the WinAuth file you downloaded, open up it's folder and drag the program out to your desktop. You should see a blue icon.
Picture of the icon that will appear on your Desktop:
JZAUOZL.png
 
Step 3) Go to the RuneScape Home Page mouse over where it says 'Account' at the top right corner of the page and click on Authenticator. Once you are on the RuneScape Authenticator page, click the 'Set Up Now' button and Log In.
Picture of what the page looks like after you click 'Authenticator' and Log In:
SsZxOQB.png
 
Step 4) You should now see 'Step 1: Get The App' pay that no attention. Under Step 2 it should say 'Code Won't Scan?>' click on that and it will say Enter 'Random 16 Digit Code' and choose Time Based.
Picture of what the page looks like at the 'Step 1, Step 2 and Step 3' on the RuneScape Authenticator Page:
X2gqb4R.png
 
Step 5) Copy the 16 Digit Code you got from the 'Code Won't Scan?>' section. Now open up WinAuth on your PC and click on 'Add' and choose Google. Under Name enter the RuneScape Account Name you will be setting up this Authenticator for. Underneath Number 1 paste in the 16 Digit Code and click Verify Authenticator, you should then see a 6 Digit Code under 3 with a Green Loading Bar, click 'OK'. You will then be prompted to enter a P-Word to protect your authenticator in case your computer is compromised, this is optional I clicked cancel personally myself.
Picture of the 16 Digit Code and where to paste it in to WinAuth:
xkIrYW0.png
 
Step 6) On the WinAuth screen you will see 'RuneScape Account Name' and 6 Digit Numbers. After about 30 seconds or so the code will expire and become invalid. So what you do when it runs out and becomes nothing but dash symbols ----- right click the Loading Arrow and enable Auto Refresh, this will give you a new 6 Digit Code that will last 30 or so seconds before it will expire and give you a new one.
Before and After Picture of an expired code showing up as dashes '-----' and after you enable Auto Refresh showing a new code to be entered.
RLUYiJi.png
 
Step 7) What you might want to do next to make it easier if you cannot quickly remember things is to split your Web Browser Window on one side of your monitor and your WinAuth Program on the other side so you can see them both. Then go back to the RuneScape Authenticator Page you opened up and under Step 3 type in the 6 Digit Code before it expires and click Finish.
In this picture is my screen split with RuneScape on one side, WinAuth on the other so you can quickly enter the code before the timer runs out.
jBdE9Wz.png
 
Please Note: The next time you log in to RuneScape you will log in as normal and it will prompt you for a 6 Digit Code. This is where you open up WinAuth to get your code each time upon log in and enter it. Or you can choose to Trust Your Computer for 30 days and you will not be prompted for another code within those 30 days.
Pictured here is the screen that asks for yoru 6 Digit Pin after logging into the game. Also shows the option to Trust your computer for 30 days.
6sw2vYz.png
 
If you have more than one account then you will want to repeat the same steps, just rename the other accounts accordingly how you like. This is so when you log in you will know which Toon you are getting the log in code for.
 
--TearGod.
  • Like 4
xxteargodxx.png
Link to comment
Share on other sites

Good job on the guide.

 

Honestly it wasnt too hard until you grasp the concept of it.

Thanks, yeah a lot of common problems people are having with it at least folks I've spoken with (That are older people in their late 40's early 50's). They get to the point of setting it up and forget that the 6 Digit Code expires every 30 or so seconds. So they say 'Well let me write that down then go punch in the numbers'. Not kowing (Or forgetting) the code has expired and when they enter it it tells them it is invalid. Then they keep trying the code and end up getting locked out of their account. I'm making a Google Docs of the guide now to pass along to Jagex Moderators on Twitter so they can hopefully spread it around and help people out.

xxteargodxx.png
Link to comment
Share on other sites

Anyone knows how does it work on blackberry phones? I have downloaded Google Authenticator, but the codes don't seem to work

You need to make sure that you match the 16 didget code shown to you on the runescape site to the authenticator account. This is how jagex knows you, the owner, logged in on the site and set up the authenticator. You might have done what i did by creating an account for your gmail instead of your runescape account.

 

Try creating an authenticator account with the 16 didget code. Then name it as your runescape account. After that wait for it to reset the pin and quickly enter in the new pin.



Maxed [February 14, 2012] | Completionist [October 25, 2012] | Trimmed Completionist [in Progress]

Visit my Blog!


u_rza.png

Link to comment
Share on other sites

 

Anyone knows how does it work on blackberry phones? I have downloaded Google Authenticator, but the codes don't seem to work

You need to make sure that you match the 16 didget code shown to you on the runescape site to the authenticator account. This is how jagex knows you, the owner, logged in on the site and set up the authenticator. You might have done what i did by creating an account for your gmail instead of your runescape account.

 

Try creating an authenticator account with the 16 didget code. Then name it as your runescape account. After that wait for it to reset the pin and quickly enter in the new pin.

 

 

Yeha, I created an account for my gmail first, then tried creating a second one with the code from jagex, but to no avail. It keeps refreshing the code but it doesn't work, whoever the one from my PC does

 

EDIT: Figured it out, turns out my phone's clock was off the time by 3 minutes, apparently that has something to do with it

_p3_minato_arisato_signature__by_x0sandylicious0x-d3hnk6v.png

Link to comment
Share on other sites

 

 

EDIT: Figured it out, turns out my phone's clock was off the time by 3 minutes, apparently that has something to do with it

 

 

That's exactly it - the code you're given is created by running the current time through a hash, then taking 6 digits from that (probably the last, but don't quote me on that). Your phone and Jagex's servers calculate the current digits separately, so if your time is off, you're never going to get the right one. 

 

This is a pretty good guide - simple is really good. I have mine set up with Google Authenticator on my phone, since I don't always use the same computer, and it's technically safer to have the code be on a separate device; any malware that gets into your computer would be able to get access to both your password through keylogging and could steal your encryption key from the app, which would allow them to predict the digits from here to eternity. However, if the computer is the only thing that you can use for the authentication, it's better than not having the second factor.

 

EDIT: Corrected a small error I made.

Edited by Mischlings

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

Link to comment
Share on other sites

Yeah time is a key factor for these authenticator things, they generally rely on the fact phones and computers can self-set the time these days so shouldn't ever be wrong.

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

Link to comment
Share on other sites

So, this is more or less them putting out the little RSA token they were talking about five years ago, except instead of the token, we use our phones.

Runescape player since 2005
Ego Sum Deus Quo Malum Caligo et Barathum


 

Link to comment
Share on other sites

So, this is more or less them putting out the little RSA token they were talking about five years ago, except instead of the token, we use our phones.

Bingo. No cost for any hardware.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

 

 

Anyone knows how does it work on blackberry phones? I have downloaded Google Authenticator, but the codes don't seem to work

You need to make sure that you match the 16 didget code shown to you on the runescape site to the authenticator account. This is how jagex knows you, the owner, logged in on the site and set up the authenticator. You might have done what i did by creating an account for your gmail instead of your runescape account.

 

Try creating an authenticator account with the 16 didget code. Then name it as your runescape account. After that wait for it to reset the pin and quickly enter in the new pin.

 

 

Yeha, I created an account for my gmail first, then tried creating a second one with the code from jagex, but to no avail. It keeps refreshing the code but it doesn't work, whoever the one from my PC does

 

EDIT: Figured it out, turns out my phone's clock was off the time by 3 minutes, apparently that has something to do with it

 

In google authenticator, there's an option to re-sync the clock, if you press menu button.
Link to comment
Share on other sites

Tweeted out my guide last night via Twitter to a few Jagex Mods and @RuneScape as well. Got plenty of favorites and retweets and thanks from people who used it. I just wish Jagex would have made it more clear on the Authenticator set up page that you can use Windows PC's and wish they had made a set up guide for it before hand of releasing it. Similar to how they made a video guide of clearing your RuneScape Cache.

xxteargodxx.png
Link to comment
Share on other sites

Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness that most frightens us. We ask ourselves, 'Who am I to be brilliant, gorgeous, talented, fabulous?' Actually, who are you not to be?~ Marianne Williamson

 

For account help/issues, please follow this link:

Account Help

. If you need further assistance, do not hesitate to PM me or post here.

Link to comment
Share on other sites

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

 

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

Link to comment
Share on other sites

 

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

 

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

 

You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month.

Obtained quest cape and base 92 before obtaining any 99s! Currently finishing out my 99s with the (long-distant) goal of comp cape.
Sorator.png
260pifq.jpg

gMIy8.jpg

Link to comment
Share on other sites

 

You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month.

 

 

Wow, that was a big error in reading comprehension - thanks for pointing it out. I blame it on the topic talking about using the authenticator on the computer itself, as well as the fact that I'm currently researching the guts of the Google Authenticator app, so I'm really in that mindset at the moment. 

 

Also, it says pretty clearly that it saves for 30 days, but I guess some people might miss it. 

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

Link to comment
Share on other sites

 

 

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

 

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

 

You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month.

 

So it's the same code every time?  Or will that have to be generated every month?

Zanty.jpegsigquotes.png

Link to comment
Share on other sites

 

 

 

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

 

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

 

You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month.

 

So it's the same code every time?  Or will that have to be generated every month?

 

 

Every 30 seconds, the authenticator generates a new 6 digit code. You have to enter that each time you log in, unless you check the box to remember you on that computer for 30 days. After those 30 days, your next login will require you to enter the 6 digit code that is showing on the authenticator when you log in.

  • Like 1

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

Link to comment
Share on other sites

A positive element of this is that it will introduce the concept of multi-factor authentication to a large number of people who will then hopefully implement it on their email accounts and social media sites. I have used the authenticator for years for Gmail, LastPass, Dropbox, Facebook and more.

 

I don't know why Jagex didn't enable the authenticator to login to the website though which is a bit odd. You can still do a lot of damage to an account by posting malicious things on the RSOF which could get someone banned. Usually when 2-step is enabled you need it all the time, it's a good start though.

 

I still don't understand why despite now implementing a really robust method of authenticating you still can't use case sensitivity or symbols in passwords.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

A positive element of this is that it will introduce the concept of multi-factor authentication to a large number of people who will then hopefully implement it on their email accounts and social media sites. I have used the authenticator for years for Gmail, LastPass, Dropbox, Facebook and more.

 

I don't know why Jagex didn't enable the authenticator to login to the website though which is a bit odd. You can still do a lot of damage to an account by posting malicious things on the RSOF which could get someone banned. Usually when 2-step is enabled you need it all the time, it's a good start though.

 

I still don't understand why despite now implementing a really robust method of authenticating you still can't use case sensitivity or symbols in passwords.

 

It should help with introducing it to people - once I got used to using 2FA with Google, I added it to everything I possibly could.

 

And you don't need it for the website? I assumed that was just because my computer was trusted... Wow, this is going to need some digging into (which I'm working on at the moment).

 

And yeah, their password strength is terrible. I remember when I tried typing in my password without capitals and it went through... my jaw literally dropped that they would be so stupid. I'm trying to figure out why they would do it that way, and none of those ideas are good.

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.