Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

RuneScape Authenticator Guide (Windows PC with pictures)

Featured Replies

Took me a bit to get this straightened out so I thought I'd help out others, I hope this helps.

 

Step 1) Download WinAuth you can get this Googling 'WinAuth' under the Download section scroll down to where it says WinAuth 3.0 and click where it says WinAuth 3.0.21 to start downloading it.
 
Step 2) Locate the WinAuth file you downloaded, open up it's folder and drag the program out to your desktop. You should see a blue icon.
Picture of the icon that will appear on your Desktop:
JZAUOZL.png
 
Step 3) Go to the RuneScape Home Page mouse over where it says 'Account' at the top right corner of the page and click on Authenticator. Once you are on the RuneScape Authenticator page, click the 'Set Up Now' button and Log In.
Picture of what the page looks like after you click 'Authenticator' and Log In:
SsZxOQB.png
 
Step 4) You should now see 'Step 1: Get The App' pay that no attention. Under Step 2 it should say 'Code Won't Scan?>' click on that and it will say Enter 'Random 16 Digit Code' and choose Time Based.
Picture of what the page looks like at the 'Step 1, Step 2 and Step 3' on the RuneScape Authenticator Page:
X2gqb4R.png
 
Step 5) Copy the 16 Digit Code you got from the 'Code Won't Scan?>' section. Now open up WinAuth on your PC and click on 'Add' and choose Google. Under Name enter the RuneScape Account Name you will be setting up this Authenticator for. Underneath Number 1 paste in the 16 Digit Code and click Verify Authenticator, you should then see a 6 Digit Code under 3 with a Green Loading Bar, click 'OK'. You will then be prompted to enter a P-Word to protect your authenticator in case your computer is compromised, this is optional I clicked cancel personally myself.
Picture of the 16 Digit Code and where to paste it in to WinAuth:
xkIrYW0.png
 
Step 6) On the WinAuth screen you will see 'RuneScape Account Name' and 6 Digit Numbers. After about 30 seconds or so the code will expire and become invalid. So what you do when it runs out and becomes nothing but dash symbols ----- right click the Loading Arrow and enable Auto Refresh, this will give you a new 6 Digit Code that will last 30 or so seconds before it will expire and give you a new one.
Before and After Picture of an expired code showing up as dashes '-----' and after you enable Auto Refresh showing a new code to be entered.
RLUYiJi.png
 
Step 7) What you might want to do next to make it easier if you cannot quickly remember things is to split your Web Browser Window on one side of your monitor and your WinAuth Program on the other side so you can see them both. Then go back to the RuneScape Authenticator Page you opened up and under Step 3 type in the 6 Digit Code before it expires and click Finish.
In this picture is my screen split with RuneScape on one side, WinAuth on the other so you can quickly enter the code before the timer runs out.
jBdE9Wz.png
 
Please Note: The next time you log in to RuneScape you will log in as normal and it will prompt you for a 6 Digit Code. This is where you open up WinAuth to get your code each time upon log in and enter it. Or you can choose to Trust Your Computer for 30 days and you will not be prompted for another code within those 30 days.
Pictured here is the screen that asks for yoru 6 Digit Pin after logging into the game. Also shows the option to Trust your computer for 30 days.
6sw2vYz.png
 
If you have more than one account then you will want to repeat the same steps, just rename the other accounts accordingly how you like. This is so when you log in you will know which Toon you are getting the log in code for.
 
--TearGod.
xxteargodxx.png

Good job on the guide.

 

Honestly it wasnt too hard until you grasp the concept of it.



Maxed [February 14, 2012] | Completionist [October 25, 2012] | Trimmed Completionist [in Progress]

Visit my Blog!


u_rza.png

  • Author

Good job on the guide.

 

Honestly it wasnt too hard until you grasp the concept of it.

Thanks, yeah a lot of common problems people are having with it at least folks I've spoken with (That are older people in their late 40's early 50's). They get to the point of setting it up and forget that the 6 Digit Code expires every 30 or so seconds. So they say 'Well let me write that down then go punch in the numbers'. Not kowing (Or forgetting) the code has expired and when they enter it it tells them it is invalid. Then they keep trying the code and end up getting locked out of their account. I'm making a Google Docs of the guide now to pass along to Jagex Moderators on Twitter so they can hopefully spread it around and help people out.

xxteargodxx.png

Still a lot more hassle than JAG. :x

 

But thank you very much, I really appreciate your work!

Yeah but they said this worked with osrs too

 

I haven't tried yet, though.

Anyone knows how does it work on blackberry phones? I have downloaded Google Authenticator, but the codes don't seem to work

_p3_minato_arisato_signature__by_x0sandylicious0x-d3hnk6v.png

Anyone knows how does it work on blackberry phones? I have downloaded Google Authenticator, but the codes don't seem to work

You need to make sure that you match the 16 didget code shown to you on the runescape site to the authenticator account. This is how jagex knows you, the owner, logged in on the site and set up the authenticator. You might have done what i did by creating an account for your gmail instead of your runescape account.

 

Try creating an authenticator account with the 16 didget code. Then name it as your runescape account. After that wait for it to reset the pin and quickly enter in the new pin.



Maxed [February 14, 2012] | Completionist [October 25, 2012] | Trimmed Completionist [in Progress]

Visit my Blog!


u_rza.png

 

Anyone knows how does it work on blackberry phones? I have downloaded Google Authenticator, but the codes don't seem to work

You need to make sure that you match the 16 didget code shown to you on the runescape site to the authenticator account. This is how jagex knows you, the owner, logged in on the site and set up the authenticator. You might have done what i did by creating an account for your gmail instead of your runescape account.

 

Try creating an authenticator account with the 16 didget code. Then name it as your runescape account. After that wait for it to reset the pin and quickly enter in the new pin.

 

 

Yeha, I created an account for my gmail first, then tried creating a second one with the code from jagex, but to no avail. It keeps refreshing the code but it doesn't work, whoever the one from my PC does

 

EDIT: Figured it out, turns out my phone's clock was off the time by 3 minutes, apparently that has something to do with it

_p3_minato_arisato_signature__by_x0sandylicious0x-d3hnk6v.png

 

 

EDIT: Figured it out, turns out my phone's clock was off the time by 3 minutes, apparently that has something to do with it

 

 

That's exactly it - the code you're given is created by running the current time through a hash, then taking 6 digits from that (probably the last, but don't quote me on that). Your phone and Jagex's servers calculate the current digits separately, so if your time is off, you're never going to get the right one. 

 

This is a pretty good guide - simple is really good. I have mine set up with Google Authenticator on my phone, since I don't always use the same computer, and it's technically safer to have the code be on a separate device; any malware that gets into your computer would be able to get access to both your password through keylogging and could steal your encryption key from the app, which would allow them to predict the digits from here to eternity. However, if the computer is the only thing that you can use for the authentication, it's better than not having the second factor.

 

EDIT: Corrected a small error I made.

Edited by Mischlings

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

Yeah time is a key factor for these authenticator things, they generally rely on the fact phones and computers can self-set the time these days so shouldn't ever be wrong.

Plv6Dz6.jpg

Operation Gold Sparkles :: Chompy Kills ::  Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA Rewards

Dragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue

So, this is more or less them putting out the little RSA token they were talking about five years ago, except instead of the token, we use our phones.

Runescape player since 2005
Ego Sum Deus Quo Malum Caligo et Barathum


 

So, this is more or less them putting out the little RSA token they were talking about five years ago, except instead of the token, we use our phones.

Bingo. No cost for any hardware.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

 

 

Anyone knows how does it work on blackberry phones? I have downloaded Google Authenticator, but the codes don't seem to work

You need to make sure that you match the 16 didget code shown to you on the runescape site to the authenticator account. This is how jagex knows you, the owner, logged in on the site and set up the authenticator. You might have done what i did by creating an account for your gmail instead of your runescape account.

 

Try creating an authenticator account with the 16 didget code. Then name it as your runescape account. After that wait for it to reset the pin and quickly enter in the new pin.

 

 

Yeha, I created an account for my gmail first, then tried creating a second one with the code from jagex, but to no avail. It keeps refreshing the code but it doesn't work, whoever the one from my PC does

 

EDIT: Figured it out, turns out my phone's clock was off the time by 3 minutes, apparently that has something to do with it

 

In google authenticator, there's an option to re-sync the clock, if you press menu button.
  • Author

Tweeted out my guide last night via Twitter to a few Jagex Mods and @RuneScape as well. Got plenty of favorites and retweets and thanks from people who used it. I just wish Jagex would have made it more clear on the Authenticator set up page that you can use Windows PC's and wish they had made a set up guide for it before hand of releasing it. Similar to how they made a video guide of clearing your RuneScape Cache.

xxteargodxx.png

Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness that most frightens us. We ask ourselves, 'Who am I to be brilliant, gorgeous, talented, fabulous?' Actually, who are you not to be?~ Marianne Williamson

 

For account help/issues, please follow this link:

Account Help

. If you need further assistance, do not hesitate to PM me or post here.

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

Zanty.jpegsigquotes.png

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

 

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

 

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

 

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

 

You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month.

Obtained quest cape and base 92 before obtaining any 99s! Currently finishing out my 99s with the (long-distant) goal of comp cape.
Sorator.png
260pifq.jpg

gMIy8.jpg

 

You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month.

 

 

Wow, that was a big error in reading comprehension - thanks for pointing it out. I blame it on the topic talking about using the authenticator on the computer itself, as well as the fact that I'm currently researching the guts of the Google Authenticator app, so I'm really in that mindset at the moment. 

 

Also, it says pretty clearly that it saves for 30 days, but I guess some people might miss it. 

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

 

 

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

 

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

 

You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month.

 

So it's the same code every time?  Or will that have to be generated every month?

Zanty.jpegsigquotes.png

 

 

 

When you authenticate your computer will you ever have to re-authenticate the same computer in the future? (In other words, does the authentication expire?)

 

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

 

You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month.

 

So it's the same code every time?  Or will that have to be generated every month?

 

 

Every 30 seconds, the authenticator generates a new 6 digit code. You have to enter that each time you log in, unless you check the box to remember you on that computer for 30 days. After those 30 days, your next login will require you to enter the 6 digit code that is showing on the authenticator when you log in.

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

A positive element of this is that it will introduce the concept of multi-factor authentication to a large number of people who will then hopefully implement it on their email accounts and social media sites. I have used the authenticator for years for Gmail, LastPass, Dropbox, Facebook and more.

 

I don't know why Jagex didn't enable the authenticator to login to the website though which is a bit odd. You can still do a lot of damage to an account by posting malicious things on the RSOF which could get someone banned. Usually when 2-step is enabled you need it all the time, it's a good start though.

 

I still don't understand why despite now implementing a really robust method of authenticating you still can't use case sensitivity or symbols in passwords.

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

A positive element of this is that it will introduce the concept of multi-factor authentication to a large number of people who will then hopefully implement it on their email accounts and social media sites. I have used the authenticator for years for Gmail, LastPass, Dropbox, Facebook and more.

 

I don't know why Jagex didn't enable the authenticator to login to the website though which is a bit odd. You can still do a lot of damage to an account by posting malicious things on the RSOF which could get someone banned. Usually when 2-step is enabled you need it all the time, it's a good start though.

 

I still don't understand why despite now implementing a really robust method of authenticating you still can't use case sensitivity or symbols in passwords.

 

It should help with introducing it to people - once I got used to using 2FA with Google, I added it to everything I possibly could.

 

And you don't need it for the website? I assumed that was just because my computer was trusted... Wow, this is going to need some digging into (which I'm working on at the moment).

 

And yeah, their password strength is terrible. I remember when I tried typing in my password without capitals and it went through... my jaw literally dropped that they would be so stupid. I'm trying to figure out why they would do it that way, and none of those ideas are good.

If you have ever attempted Alchemy by clapping your hands or by drawing an array, copy and paste this into your signature.

 

MischlingsSH.png

Would it still be worth having a bank pin?

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.