I feel that that since that blog post, there has been some progress on the suspicious login detection front. Twice now I've accidentally triggered this account being locked, the first time for logging in from Switzerland as an account 99.9% based in the UK, and the second time I'm not too sure, but I do funny things with the client for dev purposes, so perhaps I should expect a few when I sometimes log in 30 times an hour.
I don't think it's something Jagex would make an absolute statement about, because if that defense mechanism is triggered, it is triggered usually in response to either a false positive, which is a bad scenario, or a true positive, which is, also a bad scenario. People would see it as a bad thing every time, even though the false positives are understandable and rare, but then you lead into the second problem.
People don't seem to understand the true positives, that someone has had the correct account confidentials, actually suggest a compromise. I don't know if there's efforts to combat that UX problem, but I've seen people in the account help forum get saved by this defense but fail to understand the full ramification of it, that they WERE compromised but saved by the suspicious login AI. They see it instead as, Jagex systems are dumb, rather than, check for keyloggers, you've been phished, etc.
So my question really is, is this behaviour actually new (since last May), or is it just I've only recently strarted noticing it based on my own flaggings and other peoples (perceptive bias). Or has it always existed?
I can understand Jagex not wanting to bring this one to light in particular, it is the worst case scenario to rely on heuristics like this to defend against a compromise and so not something you want to brag about (it'll make mistakes every side). but I think it would be beneficial to have a support article that more explicitly states that it does exist, and how bad the situation could have been without it being there.
09-Jun-2020 17:08:45
- Last edited on
09-Jun-2020 17:09:39
by
Hmm