forums.rs

Forums

Multi Factor Authentication

Quick find code: 278-279-251-66239382

JayPar16

JayPar16

Posts: 444 Silver Posts by user Forum Profile RuneMetrics Profile
I appreciate the effort to make the game more secure by allowing multi factor authentication, but why does it need to be entered every thirty days? This is my computer, nobody else uses it, and I will erase all data before I dispose of it, so I don't understand why the code should be required every month. I don't know how many times I've tried to log in, only to find that the thirty days were up, and I just didn't get to play since my phone was on the charger in another room. Allow a "permanently remember" please! Thanks!

15-Dec-2021 15:44:35

2_Tron

2_Tron

Posts: 22,959 Opal Posts by user Forum Profile RuneMetrics Profile
That is not going to happen ...
SmartPhones are easily hooked-up to a computer by a USB-port to be able to get your SmartPhone charged, thus you your computer and your phone can be in the same room on the same table/desk so you have quick access to RuneScape Authenticator.

15-Dec-2021 16:24:06

Corder
Oct Member 2017

Corder

Posts: 27,892 Sapphire Posts by user Forum Profile RuneMetrics Profile
If your device some day gets infected, I like to compare the time it takes to recover the account and its wealth to the time it takes to load authenticator on the occasional uncharged phone!
Is it worth it, this is subjective but I don't think it is :(

The good news is there are some things you can do to avoid the hassle.
(2_Tron posted a nice one!)

1) Link a social network account with your RS account in account settings - linked accounts.
These bypass passwords and authenticators.
This can be a Google / Facebook / Steam account etc. Just make sure they have the appropriate security measures in place so they are as secure as can be!

2) Scan the authenticator QR code across multiple devices.
See Brian's answer at:
https://answers.microsoft.com/en-us/outlook_com/forum/all/authenticator-on-multiple-devices/628e227a-2292-4b2f-8b66-e5879d5c869e


3) Get authenticator for a PC device - these include WinAuth, Authy and some Chrome extensions - but, I'd rather authenticate through a secondary device like my phone. Life is like a camera: Just focus on what's important, capture the good times, develop from the negatives, and if things don't work out, take another shot !

15-Dec-2021 16:32:47

Acushnet
Dec Member 2011

Acushnet

Posts: 14,144 Opal Posts by user Forum Profile RuneMetrics Profile
You have to understand what security is. Security is not a guarantee of protection. It's a compromise of convenience. The goal of security is to make it as inconvenient as possible for unauthorized people to access whatever it is being protected while minimizing that inconvenience to authorized individuals.

In this case, your account is what is being protected. The more convenient it is for you, it becomes exponentially more convenient for the unauthorized actors. A month is a good compromise in my opinion... I've worked for places that required 2FA for literally every single log in. That's not so bad because the additional factors were a physical card and assigned pin, so it was more or less plug and play. I didn't have to unlock a device, find an app, open the app, and THEN access the final piece of the authentication. (Actually... there was a place I had to do that, and my phone was not allowed to be in that place... SUPER inconvenient... Fortunately, that was only until they could get the tokens previously mentioned.)

Tl;dr: The 30 days is a compromise and based on risk/reward. It could always be worse and from a security perspective is already fairly gracious. Just trust me.

19-Dec-2021 13:03:48

Quick find code: 278-279-251-66239382 Back to Top