An interesting watch...I'm sure as hell changing all my passwords

Very helpful though!  I've always been wary of those surveys people fill out on social media, because they often include security questions.

Also...someone guested in the right place at the right time...

As a previous forum admin it was scarily easy to obtain a full copy of the database through the admin part of the forums. I'm glad Red disabled that functionality so it's only accessible by knowing the actual code to the database.

I strongly suggest to turn on both Authenticator on your rs account and on your registered emails.

MFA on microsoft accounts:
https://support.microsoft.com/en-gb/help/12408/microsoft-account-how-to-use-two-step-verification

Google mail:
https://www.google.com/landing/2step/

You can check if your email is compromised by using this site:
https://haveibeenpwned.com/

I recently changed passwords on 150+ websites with some autogenerated ones, so all of them are different.

How scary! Some great words of wisdom @Rune

I thought of a lot of these things.  I take very special care to hide my passwords.  Most are randomly generated gibberish that mean nothing and I keep track of them by writing them down on paper so they're not saved anywhere online.  Not even on a flash drive.  Just a piece of paper that I keep under a hidden flap on my desk.

I was targetted after Consentus' database breach around 2011 (they got access because one of the Consentus admins used the same password on some other RS fansite that got compromised). I know they targetted me because someone uploaded the chat logs to pastebin where the hacker, who was trying to sell the information, named me as a wealthy player in his selling argument. They never did manage to get into my account, though.

Never use the same password twice on anything that matters to you and you will probably be fine. 2FA on your email accounts. But how do you memorize all your usernames and passwords? Use a password manager! Stronger passwords help in case the database gets breached. If you have a strong password, chances are it will take too long to find its match (if the hashing algorithm is even remotely modern, it's all done through brute force, i.e. trying millions of passwords every second until it's found; often dictionary list based).

Jagex's account recovery system is the most concerning part in all of this, especially if they rely on such basic information such as IP and ISP (they are by no means secret on the internet and you cannot hide it unless you're using a VPN or proxy, which is a security problem of itself), name and country.

Never use the same password twice on anything that matters to you and you will probably be fine. 2FA on your email accounts. But how do you memorize all your usernames and passwords? Use a password manager! Stronger passwords help in case the database gets breached. If you have a strong password, chances are it will take too long to find its match (if the hashing algorithm is even remotely modern, it's all done through brute force, i.e. trying millions of passwords every second until it's found; often dictionary list based).

What password managers do you use or recommend? Mine are currently saved on a USB so nobody has access to them unless it gets stolen which I know isn't the safest method of storing password, lol.

But how secure are these password managing sites and can they handle multiple emails?

Edit:
The video is no longer listed...Wonder what happened :equips tinfoil hat:

In my opinion, being an paranoid as I am and understanding the significant risk like Red does, I save nothing like that digitally like I mentioned early.  But a flash drive would be your safest bet.  I'd personally use a Word document with the website's name and your password, game name, etc - and organize it alpabetically for ease of finding what you're looking for. 

Absolutely use the authenticator for your login.  But I don't recommend using it for your bank PIN like the hijacker in the video stated.  As soon as it's disabled, your bank and your coin pouch are defenseless.  The 4 digit PIN is still your safest bet as you have 3 days for it disable.  You can also switch it 7 days which would be even better.

I work as IT security officer, always use multifactor authentication where possible, trust me it works