I have been trying to talk about this issue with account security... Jagex has encouraged people to switch using Jagex account claiming it to have higher security, but (in my opinion) this is a lie. Email-based 2fa does not provide you any kind of security if it's your email that got compromised. Instead that gives the hijacker all the keys to your kingdom. Just few days ago someone was shouting for help in forums due to email being hijacked and runescape account stolen.
But the main issue is, that with the introduction of Jagex accounts, we no longer have a choice of using any other means of 2fa, other than the russian roulette with our emails.
Not to mention all the inconveniences the email-based 2fa introduces in combination of Jagex account. (this going a bit off the track though, I know)
You are using mobile client? You want to change a world? Oh, but the world happened to be full, or you don't have the required total lvl to access the world? Here, we'll deliver a full logout to your account, and require you to reauthenticate the account via a code delivered to your email. Not your main email? Log in to a different email to check the authentication code, and log back to your main email. You want to change world again, that happened to be full again? Switch email and reauthenticate, even though you just reauthenticated 2 minutes ago. You want to check your other account on mobile client briefly? Switch and reauthenticate. You want to log back in to your previous account? SwItCh AnD ReAuThEnTiCaTe. Oh, this account hasn't been playing for months, possibly phone got stolen or something and suddenly someone wants to log in? Sure go ahead, no authentication required.
All I'm asking, GIVE US BACK THE CHOICE OF SAFER 2FA'S, and please, fix the full log out-issue related to a failed login attempt to a full world or world with too high total lvl requirement.
05-Oct-2023 15:22:00
