A Password is a set of characters which is used to gain access to an account. It is recommended that your password does NOT relate to anything close to you, such as a favourite animal or the address of your house. Rather, it is more recommended that you name your password after a famous person's birthday or something similar that can be re-looked up in the case you forget. A combination of letters and numbers will make a good password.
Never tell your password to anyone. Anyone that attempts to ask about your password should immediately be reported for Rule 3. There is also a system that prevents any IP address from accessing any RuneScape or FunOrb account if five or more incorrect passwords are tried in succession, doing that can be recognised that you are on a hacking attempt.
The chat censor filters any text that has your EXACT password included in the text. If you do so the words will not appear as usual in the chat box and on top of your character's head. Instead, this dialogue pops out in the chat box: You appear to be telling someone your password - please don't! If you are not, please change your password to something more obscure! However, the filter cannot filter your password if you say it backwards, or with a space in-between the letters.
Your password is NOT blocked on the forums. Your password is also not blocked on RuneScape Classic.
To change your password hover your mouse over "Account" on the bar located just below the advertisement on the Runescape or Funorb home pages, then select Account Management option from the drop down box that will appear. An option to change your password will then be shown. When selected, this will redirect you to a Jagex site where you will be asked to enter your present password as well as your new password. Once accepted, the new password takes effect immediately.
It is strongly advised to run virus protection software prior to changing your password, especially if you suspect your computer might be infected by a keylogger or you have any other security concerns, or use a different computer of which you know it is secure.
The following uses content directly from the RuneScape website.
DO NOT pick any word or number which has a connection to you, so don't pick your favourite animal or your house number.
DO NOT use your phone number or any personal information as your password. This can be easily guessed by a friend or relative.
DO NOT just use a number at the end of a word, such as apple1.
DO NOT use common number and letter substitutions e.g. 4 as the word 'for', 1 as 'L' or 'I', 5 as 'S'
DO NOT use repeating characters 'bbbbbbbbbb' or series of characters such as 'kbkbkbkbkbkb' or also something like 'rs2rs2rs2rs2'.
DO NOT use your real name, account name or name of an item either forwards, backwards or divided up.
DO NOT use a series of characters off any keyboard such as 'adfsghd', 'lkjhgf' or 'qazwsxedc', as these are very common and hijackers will look for these.
DO NOT fall for users saying that the system will censor your password.
DO NOT give your password to anyone. This includes any friends, relatives, or other player. If asked in-game for it, report the player under Rule 3 - Password Scamming.
DO NOT use a password that you've previously used on your account.
DO NOT combine your RuneScape password with other things such as your E-mail account. If the password for one is discovered, access to your RuneScape account becomes much easier for hijackers.
DO NOT use your RuneScape password a second time for an account on another website, or for secondary RuneScape account.
Be careful about keeping your RuneScape password in places where it may be accidentally discovered, like in a Microsoft Word document.
Passwords should range from 5 to 20 characters. The more characters there are, the likelihood of having an account stolen is significantly reduced.
Passwords should not be entered if there is someone directly behind you. Long passwords with no discernible pattern of words and numbers like "ag955gop233xz521" are very difficult to memorise at a glance. Do not use ag955gop233xz521 as your password, since this might be guessed by an account hi-jacker.
Jagex moderators will never ask you for your RuneScape password. Any player who claims to be Jagex staff should be reported either for Rule 3 - Password Scamming, or Rule 5 - Jagex Impersonation.
Passwords should never be entered on any website besides runescape.com, runescape.co.uk, jagex.com, stellardawn.com, waroflegends.com, 8realms.com and funorb.com. Many non-legitimate websites have keyloggers, which record and steal players' passwords. The same rule applies to RuneScape fansites as well - including the RuneScape Wiki.
It is advisable to change your password every 3 to 6 months, so long as you keep it safe.