Backup Codes for OSRS Logins
Instead of opting for an authenticator delay, Jagex has decided that using backup codes would make for more optimal account security.
When setting up the authenticator on your account, you’ll receive a backup code via email. This code will only be used for removing the authenticator should you ever lose access. If you misplace this code, you can request another one upon the successful passing of the authenticator and login.
However, in the event of losing both the authenticator and the backup code, the process of receiving a new code was detailed as being “strict” and the amount of evidence that the account is yours that’s required to bring to the table as “very high”. Although Jagex did not go into the nuts-and-bolts of receiving a new code, it’s easy to imagine that it will be a tough process and will require a long waiting period.
The backup code system should provide many advantages over the previously-request authenticator delay. One of the biggest is not having to respond if a malicious attack is being attempted. With a backup code, no action is needed, as an account hijacker cannot remove the authenticator any other way.
Backup codes are set to be added at some time in 2020. If players aren’t worried about this additional layer of security, there’s no need to worry: this failsafe is not required. Yet, Jagex (and myself!) heavily recommend it!