RuneScape Forum Archive | New Jagex accounts and bank?

Mar

2024

Superfury

Posts: 170 Iron Posts by user Forum Profile RuneMetrics Profile

I notice that accessing your bank when upgraded to a Jagex account you can't use anything other than a bank pin anymore (so no more authenticator-based protection or the like).

Doesn't that actually make the bank storage itself less secure than it was with the older system that had non-static pins? Or is there actually a reason for this 'downgrade' if that's actually what's happening?

Sure, the new Jagex accounts have the support on login (as does any Runescape account), but banks themselves had such a function as well. Theoretically, that would make it more secure because it requires two different ones in that case?

Btw, I don't know exactly if this falls under this forum tho, but it looks that way, since it's a recent update to the game.

21-Mar-2023 00:13:03 - Last edited on 21-Mar-2023 00:17:54 by Superfury

Dec

2011

Archaeox

Posts: 53,469 Emerald Posts by user Forum Profile RuneMetrics Profile

I have never been asked to use, or had it suggested that I use, my authenticator to access my RS3 bank. Ever.

~~~~ Just another victim of the ambient morality ~~~~

~~ Founder of the Caped Carousers quest cape clan ~~

!! Slava Ukraini - heroyam slava !!

21-Mar-2023 07:49:55

Jun

2014

Trewavas

Posts: 28,499 Sapphire Posts by user Forum Profile RuneMetrics Profile

How helpful.

On the face of it, it's probably what could be referred to as a 'cosmetic' downgrade of sorts. The authenticator effectively acted as an override for bank PINs, which meant that if you disabled your authenticator at any time, your account would simply revert back to the PIN. So, the PIN was sorta kinda still there in the background. This meant that the authenticator was a useful tool for convenience and for protecting streamers, but other than that, you could argue that it didn't really provide any additional security. Maybe another small layer, but eh.. I like my PINs.

If anything, you could argue that without the PIN remaining in the background, sole reliance on the code would be a security issue itself if your authenticator was removed by a hijacker, not to mention what would happen if a hijacker actually had access to your mobile device. For me, a PIN has always been a last line of defence.

As far as I am aware, there were some issues in the beta relating to this. They might add it back in the future, but I think a good tradeoff at the moment is the enhanced security a Jagex account provides.

21-Mar-2023 11:12:28 - Last edited on 21-Mar-2023 11:14:02 by Trewavas

Mar

2024

Superfury

Posts: 170 Iron Posts by user Forum Profile RuneMetrics Profile

Just have been thinking. What if you can set the option to do BOTH (of course protected as well).

So ask for both a PIN (what you know) and authenticator (ofc w/ each attempt of the authenticator code being successful, it's no longer allowed to be the same on subsequent attempts to use it, preventing stuff like extremely fast logins to enter one code and immediately entering the protected part within the timespan the authenticator code isn't expiring yet).
Wouldn't that give the best security of both worlds combined? So essentially performing the same method as during Jagex account login, but with the bank pin (what you know) instead of password (also 'what you know') on the account security as well)?

11-Jun-2023 12:40:18

Forums

New Jagex accounts and bank?

Superfury

Archaeox

Trewavas

Superfury