forums.rs

Forums

Jagex Accounts - Issues? Thread is locked

Quick find code: 14-15-998-66278058

of 14
Sc Jw
Jun Member 2019

Sc Jw

Posts: 1,659 Mithril Posts by user Forum Profile RuneMetrics Profile
SlR said :
If your account is old and people know your original name (used to log-in) then it's worth installing for that alone.
You do not need a separate "launcher" for that. Simply allow or even force people to use something different from their primary account name.

SlR said :
All the stories I have heard of people getting hacked were by people they knew.
Followed closely or even superseded by those using the same email/password for this game as the do on other sites. My email and password are unique to this game and always has been. If I see something come in to that address then I know it was Jagex that got hacked.

SlR said :
And if you couldn't get into the game via launcher, apparently you can link Steam, Facebook, Google etc. and log in that way.
See above about unique credentials per site. It may be convenient to link accounts but it's also a security nightmare. Break one and you get access to everything.

This launcher bit has nothing to do with "security". That could be enhanced simply by allowing people to change their login names and not ignoring case for passwords.

21-May-2023 03:09:04

Sc Jw
Jun Member 2019

Sc Jw

Posts: 1,659 Mithril Posts by user Forum Profile RuneMetrics Profile
Applejuiceaj said :
Roddy Piper said :
Right now the game and website remember my logins, I just have to show up. That is about as user friendly as it can get. All this talk of codes and verifications doesn't entice me.
^^^ This, right here

Applejuiceaj said :
Jagex Accounts have mandatory MFA, unlike RuneScape accounts which had optional MFA. That's the main difference concerning verification codes, some kind of additional verification has to be entered at each login where you are required to enter your email and password.
I just built a new system and as part of that had to go through the process of logging into my bank, credit card, and google business email accounts. Each of those required me to reply with a code that was sent, ONE TIME. That's it.

I am not firing up my email client each time I want to log on during the course of the day, nor will I give Jagex my phone # which _will_ wind up being used for "marketing purposes".

They try to force this and I'm gone, as is my wife and our alt. My xp/month has already dropped to a fraction of what it was, and this is likely to be the first dxp I don't get my hours. This is a show stopper for us.

21-May-2023 03:35:45

Applejuiceaj
Nov
fmod Member
2011

Applejuiceaj

Forum Moderator Posts: 45,000 Sapphire Posts by user Forum Profile RuneMetrics Profile
Sc Jw said :
SlR said :
If your account is old and people know your original name (used to log-in) then it's worth installing for that alone.
You do not need a separate "launcher" for that. Simply allow or even force people to use something different from their primary account name.

[...]

This launcher bit has nothing to do with "security". That could be enhanced simply by allowing people to change their login names and not ignoring case for passwords.

I grouped these two items together since there's a bit more here than what meets the eye.

Firstly, Jagex Accounts and the Jagex Launcher shouldn't be confused for being the same thing, because they are entirely different. Jagex Accounts are meant to be the replacement to the existing account system, since the existing system is 20 years old and simply can't support newer industry standard security mechanisms. For example, if Jagex could have implemented case-sensitive passwords with the existing system, they likely would have done that years ago, since that has been a long standing complaint.

The Jagex Launcher is just how you access the games after you have upgraded, rather than logging in directly through the game as was done before.

The launcher 'does' have something to do with security - by routing all logins through the website (which is what the launcher does), it means that they can use industry standard web security tools to better protect the login portal. This was not possible when logins were entered through the game clients as was done with RuneScape accounts.

24-May-2023 01:30:55

Applejuiceaj
Nov
fmod Member
2011

Applejuiceaj

Forum Moderator Posts: 45,000 Sapphire Posts by user Forum Profile RuneMetrics Profile
Sc Jw said :
I just built a new system and as part of that had to go through the process of logging into my bank, credit card, and google business email accounts. Each of those required me to reply with a code that was sent, ONE TIME. That's it.

I am not firing up my email client each time I want to log on during the course of the day, nor will I give Jagex my phone # which _will_ wind up being used for "marketing purposes".

They try to force this and I'm gone, as is my wife and our alt. My xp/month has already dropped to a fraction of what it was, and this is likely to be the first dxp I don't get my hours. This is a show stopper for us.

So with that in mind...

I've been using the Jagex Account system for a few months now. From the Jagex Launcher, I have needed to log into my Jagex Account (and enter a code from my authenticator app) twice in those few months - once at my original sign-in after I migrated, and once when the launcher updated since that particular update required everyone to re-sign in. I did not need to sign back in when the launcher updated last week.

I have had to enter my Jagex Account info to use the website more than that, but I usually only have to reauthenticate every 2 weeks or so if I sign in from the home page. Needing to enter a code every few weeks is acceptable to me IMO.

Jagex doesn't use SMS for one of their factors, they utilize a TOTP authenticator implementation. Jagex doesn't get your phone number, authenticator apps are entirely 'time based'; they are given a 'seed' and with that seed and using the current time, generate a new 6 digit number every 30 seconds.

24-May-2023 01:30:59

Yanarht
Jul Member 2012

Yanarht

Posts: 278 Silver Posts by user Forum Profile RuneMetrics Profile
Has anyone (or heard about others) had any problems putting their RuneScape accounts into a Jagex Account?

I have that problem. I did everything according to instructions and now I cannot sign into anything, except the forums. Can someone please help?

26-May-2023 00:42:49

MortiisRa
Jan Member 2023

MortiisRa

Posts: 77 Iron Posts by user Forum Profile RuneMetrics Profile
I coupled my main account to my "new" Jagex account last night, now I can no longer use either my old or new credentials to log in to either the Jagex account or Runescape client directly.

It keeps saying my credentials are wrong, even after resetting the password.
Both used the same email address, yet somehow the Jagex account page also suggested importing another character (without name) to my profile.
This may have been old, from before I moved my main from an old insecure address to the current one...

I don't know where it's going wrong, but for now I'm completely locked out.
I hope this can be resolved.

Update: Logging in to my character still works through Steam, so the account isn't locked or anything.

28-May-2023 12:58:12 - Last edited on 28-May-2023 13:19:19 by MortiisRa

Sc Jw
Jun Member 2019

Sc Jw

Posts: 1,659 Mithril Posts by user Forum Profile RuneMetrics Profile
Applejuiceaj said :

I've been using the Jagex Account system for a few months now. From the Jagex Launcher, I have needed to log into my Jagex Account (and enter a code from my authenticator app) twice in those few months - once at my original sign-in after I migrated, and once when the launcher updated since that particular update required everyone to re-sign in. I did not need to sign back in when the launcher updated last week.

I am NOT installing a "authenticator app" on my phone, nor will Jagex ever get my personal cell #. That is an absolute No Go Zone.

Applejuiceaj said :

I have had to enter my Jagex Account info to use the website more than that, but I usually only have to reauthenticate every 2 weeks or so if I sign in from the home page. Needing to enter a code every few weeks is acceptable to me IMO..
My bank doesn't make me do that, and neither do the credit card companies. This is a _game_, why would I want to put up with that kind of crap?

Applejuiceaj said :

Jagex doesn't use SMS for one of their factors, they utilize a TOTP authenticator implementation. Jagex doesn't get your phone number, authenticator apps are entirely 'time based'; they are given a 'seed' and with that seed and using the current time, generate a new 6 digit number every 30 seconds.
I know exactly what it is and how it works. I don't use it for anyone else, and I will not be using it for them. I keep my phone, and the domain I own, locked down tight.

I'm obviously not the only one who feels this way or they wouldn't have to try and "entice" us with next weeks promotion. And if enough stick to their guns it will not become mandatory because there aren't enough players left in RS3 to be able to afford another EOC style debacle.

28-May-2023 22:35:39

Roddy Piper
Jan Member 2011

Roddy Piper

Posts: 13,757 Opal Posts by user Forum Profile RuneMetrics Profile
I don't understand how the login works. I see people saying the login is the same as the website.

But that only has options to login with email or user name. Shouldn't there be an option for Jagex accounts?

How does the login know if you are trying to login to a Jagex account or a player account?

01-Jun-2023 13:24:51

Applejuiceaj
Nov
fmod Member
2011

Applejuiceaj

Forum Moderator Posts: 45,000 Sapphire Posts by user Forum Profile RuneMetrics Profile
Roddy Piper said :
But that only has options to login with email or user name. Shouldn't there be an option for Jagex accounts?

How does the login know if you are trying to login to a Jagex account or a player account?

Jagex accounts also use an email to login. When you enter an email address into the 'user' field, it seems to check if that email is used by a Jagex Account or not.

If you have a RuneScape account, you get a RuneScape themed page to enter your password on (and enter your authenticator details on if you have that set up).

If you have a Jagex account, it sends you through a different flow, asking for the password on the same screen, and then sends you to a different page to select how to provide your MFA details and to enter the appropriate code.

There's a table that shows it a little better on this Support Page:
https://help.jagex.com/hc/en-gb/articles/12423096201873-Jagex-Accounts-FAQ


Scroll down to the 'What's the difference between the Jagex Launcher and a Jagex account?' heading.

The Jagex Launcher uses that same web interface for logins - that's why people say the login is just like logging in through the website, whereas with RuneScape accounts you can enter your login information right into the game client itself.

01-Jun-2023 13:42:03

Quick find code: 14-15-998-66278058 Back to Top