More and more services out there are moving towards mandatory multi-factor authentication because it is more secure (Github moved to that model this year too as an example) - having to provide both something you know (your password) and something you have (access to email or auth app in the case of Jagex Accounts) makes it much harder for someone to break into an account. They might have your password, but they will never have access to your phone generating codes every 30 seconds. Having multi-factor authentication be mandatory is part of why the 'all accounts in one' approach isn't as big of an issue as it would have been if Jagex used the existing account system with that model.
Manual recovery is gone with Jagex Accounts - that too is a security benefit. No more gaming the system, and those 20 year old details that got leaked on the internet some time ago are irrelevant now.
If you set up 2 factor auth via an authentication app and disable email codes, the issue RuneScape accounts had with 2 factor authentication being able to be bypassed is resolved - someone with your email can change your password, but they can't get any further.
The end goal of Jagex Accounts is you have one set of secure credentials that requires multi-factor authentication, that are only entered into a single login portal (the website, which can employ better protection against malicious attacks) and gives you access to all of your characters. While we as RuneScape players tend to be sensitive to change, this one really is only a 5 minute setup process that doesn't change anything about your in-game experience, it just tweaks the login process slightly.
31-Oct-2023 01:41:54
