Bank PIN
A Bank PIN (short form for personal identification number) is a security feature that players can use to protect their banks. It was introduced in the Bank PIN update on 19 September 2005.
Trying to find out someone's bank PIN goes against Rule 3 - Password Scamming (see Rules of RuneScape). It is also good to note that an unsuccessful attempt in gaining one's bank PIN is also against the rules and that one can get reported for doing such act.
| “ | Asking for someone's bank PIN is just as serious as asking for an account password... Under no circumstances should you tell another player your password, PIN number or any other personal details of your account. | ” |
— Rule 3 - Password Scamming Rules of RuneScape
|
Obtaining a bank PIN
To get a bank PIN, players may talk to a banker and say that they would like to check their PIN settings. Once they have done this, they may then set a 4-digit PIN. The Bank PIN may be cancelled before it is put to use.
Their bank will then have a bank PIN in 7 days.
Unlike the Authenticator, the PIN is game-specific. Setting a PIN in Old School RuneScape will not automatically set it in RuneScape and vice versa.
Removing a bank PIN
To remove a bank PIN, simply talk to the Banker, click "I'd like to check my PIN settings", and then press "Delete PIN". Based on player's discretion, the PIN will be removed in either 3 or 7 days.
Using a bank PIN
When a player has a bank PIN, they must then click on the 4 numbers they set it to. Once they have done this, they will have access to their bank account. The bank stays unlocked until the player logs out or loses their connection. The numbers on the keypad shift around after being clicked on, and the numbers move around within their red boxes. This is to prevent spyware that tracks mouse movements from compromising the PIN.
After two failed attempts to enter the bank PIN, the system locks the player out for 10 seconds and tells them to use the "cancel" option if they have made a mistake in entering their PIN. After another failed attempt the system locks the player out for 15 seconds. Once four fail attempts are made, the player must wait 10 minutes before trying again.
Players can also choose whether bank PINs should stay unlocked for 5 minutes after logging out by speaking to a banker and opening the PIN settings menu. This allows players to hop worlds or take a quick break without having to re-enter the bank PIN when logging back in. However, if players appear to be logging in from a different IP address or computer, the bank PIN will always re-lock itself immediately.
Advantages
Besides having an extra 20 bank spaces available when active, bank PINs serve as a form of damage control against account thieves. Accounts can be stolen if an attacker obtains the login name and the associated password. If a computer is infected with a key-logger, it is possible for a thief to learn the login name and password combinations. Even without such malware infections, weak passwords might be guessed.
If an account thief is armed with only a username and the password, they will not be able to access the items stored away in the account's bank. Additionally, a keylogger cannot easily obtain the PIN, because players have to click on the numbers instead of typing them.
Bank PINs are the best things players can have to protect their bank account and it is strongly recommended to have one. In addition, players are well advised to only access their account from a trusted and non-infected computer. A non-obvious password and periodic password changes also help to prevent unauthorized access to accounts.
The Bank PIN system also appears when attempting to enter the player-owned house in building mode for the first time after logging into the game. This helps protect the player-owned house from vandalism and/or theft from the Costume Room.
Weaknesses
Bank PINs cannot protect against more advanced hijacking software. Programs that take a screen shot every time the user clicks the mouse will obtain a screen where only the PIN key is made blank. The surrounding keys still show their number, so the PIN key can be deduced from the captured screen. Hence, bank PINs cannot always prevent item loss as a result of hijacking, although they provide a decent additional layer of security. Fortunately, this weakness can be countered by running regular virus scans on your device, and being cautious of what websites you visit, or email links you click (see Suspicious Emails).
Choosing a PIN
Some of these things are told in the Stronghold of Security, while others are just helpful to know. Here are some PINs that players should avoid using:
- Their own birthday - many players use this, but it is not advised, as those who know the player may know their birthday.
- A real life PIN - Jagex cannot absolutely guarantee the security of their database, and if it were compromised then players could be at risk of losing real-life money.
- The last 4 digits of a national identification number (such as SSN or NINO) - If anyone finds the PIN to be a SSN, the player may be in trouble in real life
- The last four digits of a telephone number - someone might know this information.
- Pins such as 4,4,4,4 (4 same digits), 3,4,5,6 (4 digits in sequence) and 8,7,6,5 (in reverse sequence) cannot be used.
Good PIN choices
- A random number - be sure to memorise this well
- Spell a word using the telephone keys
- Player may also use a calculator (e.g. the calculator in Windows) to add random numbers together
Situations requiring a PIN
- Accessing the bank
- Accessing the Seed Vault
- Trading at the Grand Exchange
- Entering Building mode in a Player-owned house
- Opening/searching stored items in a Player-owned house Costume Room or Menagerie
- Accessing the Party Room chest
- Accessing a player's Miscellania funds
- Accessing the Slayer reward points interface
- Accessing a STASH unit
- Using the Nightmare Zone coffer
- Redeeming an Old school bond
- Accessing a Tool Leprechaun[1]
- Using the Blast Furnace coffer
- Adding ore to the Blast Furnace conveyor belt
- Changing your Display Name
- Fishing from the Reward pool
- Opening the Loot Chest with a loot key
- Searching the Rewards Guardian
- Accessing the Last Man Standing Shop
- Accessing the Quest speedrun reward shop
- Accessing the Leagues Reward Shop
- Accessing fossil storage
- Accessing clan settings
- Viewing the Arena recruitment board
Further reading and advice on account security
Players who wish to be extra cautious can choose to deposit their items in the bank when they are done playing for the day, however, keeping your account secure with RuneScape Authenticator is crucial in protecting your account from hijackers. Having 2 step authentication on your email as well adds even more security.
Changes
| Date | Changes |
|---|---|
| [[{{#explode:16 April 2015| |0}} {{#explode:16 April 2015| |1}}]] [[{{#explode:16 April 2015| |2}}]] (update) |
Logging out no longer resets bank pin lockout counters. |
| [[{{#explode:30 October 2014| |0}} {{#explode:30 October 2014| |1}}]] [[{{#explode:30 October 2014| |2}}]] (update) |
Bankpin sounds have been reverted to their original audio. |
| [[{{#explode:13 October 2014| |0}} {{#explode:13 October 2014| |1}}]] [[{{#explode:13 October 2014| |2}}]] (update) |
Mod Ash has re-vamped the bank PIN system to make it much more responsive. |