Forums

How To: Authenticator on PCThread is sticky

Quick find code: 408-409-4-65732699

of 12
barsnoop
Jul Gold Premier Club Member 2004

barsnoop

Posts: 1,349Mithril Posts by user Forum Profile RuneMetrics Profile
Hi everyone :-)

So I have added the winauth.exe on a USB and also the winauth.xml
Both files are the only files on the usb disk, and both are on the root.

Tried launching the winauth.exe program on another PC
Winauth launches but I get "invalid password"

I actually get invalid password as soon as I launch the program.
And again once I insert my winauth password.

Any ideas?

Thanks and Merry Xmas :-)
The Lingering Lurker

27-Dec-2017 20:33:09

Asahel Frost
Dec Member 2007

Asahel Frost

Posts: 10,838Opal Posts by user Forum Profile RuneMetrics Profile
Hi barsnoop

Put the USB stick back in the original PC where you set it up, and have a look at the settings to make sure that you do not have the "only usable on this PC" option enabled.

To check the options, start winauth, enter your password, click the cog-wheel, click 'Change protection', and enter your password again.
Glad to be of service :) (Powered by GPP™ - Share and Enjoy!)
Forum Community Helper (info)
Twitter: @JagexHelpFrost
FC: SilverScaper

29-Dec-2017 16:51:29 - Last edited on 29-Dec-2017 17:17:05 by Asahel Frost

Mabae
Feb Member 2018

Mabae

Posts: 7Bronze Posts by user Forum Profile RuneMetrics Profile
I recently purchased a new phone and my authenticater is not up to date. I tried to log in with the stupid thing enabled and it won't let me. It keeps saying it will send an email to me, but I haven't received any email. Yes it is the correct email address. Can somebody help me disable this thing?

12-Jan-2018 21:43:23

Malua
May Member 2006

Malua

Posts: 24,979Opal Posts by user Forum Profile RuneMetrics Profile
Hi there
Mabae


Firstly, check your email settings to make sure that emails from Jagex are not on the blocked sender list.

Secondly, work through the points on the Not receiving emails support page.
Then try sending the 'disable authenticator' email again.

While the 'disable authenticator' email is an automated email and should send straight away, players often experience problems with it.
Either the email travels slowly or the email provider you use is treating is as a spam email and not forwarding it.

If you have worked through all the troubleshooting instructions, sent yourself another 'disable' email and then waited several more hours without success, you probably need to go to Plan B which is to change the registered email.

The links to do this are at the top of the 'not receiving emails' support page.
Try changing the registered email via 'Fix it fast: My account settings' first.
If that doesn't work either (no email arrives), use the 'Fix it fast: Reset my password' button.
If using the 'Fix it fast: Reset my password' method, you need to enter your login then indicate 'No' to the email hint question and you will be taken to a form to fill out.
Information about the Community Helper Team

13-Jan-2018 02:17:36

Real Str
Mar Member 2018

Real Str

Posts: 13Bronze Posts by user Forum Profile RuneMetrics Profile
Does this method extend to the Web Log in too? I have the Authenticator Application on my phone (had it since launch) and I got hacked, cleaned and 'griefed' on OSRS March 5th. I noticed that the Two-Factor does NOT extend on to the website or web login. No I did not share my password or do anything risky. Apparently, whoever hacked me has had my account password since January but since I haven't played since October 2017, I didn't even notice. The only reason why I even know that is because I kept getting emails stating my password change request was denied and I never initiated any requests. I didn't click any links due to Phishing concerns and changed my password on the official Jagex page. After changing my password twice, I logged off with all my stuff and I woke up the next morning with almost nothing but quest items and my void in my bank. If this is supposed to extend to the Web Interface too, this needs to be known on the Account Security page and not the forums.

10-Mar-2018 14:10:22

Malua
May Member 2006

Malua

Posts: 24,979Opal Posts by user Forum Profile RuneMetrics Profile
Hi there
Real Str


Authenticator has never protected an accounts login access to the website.

You can check either in your account management area or in the game lobby whether your Authenticator is still enabled.
If you find it has been disabled, it means the hijacker has access to your email.
When a hijacker has access to the registered email of an account, they can retrieve the new password each time you change it.

Those password change request emails could easily have been phishing emails and I am glad you had the presence of mind to be suspicious of them.
If you still have any, you could forward them to: reportphishing@jagex.com

I suspect your account was 'passed on', maybe even sold.
It just sounds like only the most recent hijacker was able to finally pierce your security.
Information about the Community Helper Team

11-Mar-2018 02:00:35

Quick find code: 408-409-4-65732699Back to Top