Forums

Account security news please!

Quick find code: 278-279-257-66162862

Maynne

Maynne

Forum Moderator Posts: 52,416 Emerald Posts by user Forum Profile RuneMetrics Profile
Mod Lyon said :
Maynne said :
An admirable goal you have there I believe.

I'm not really comfortable of suggesting this, as I want discussions to be made here in RSOF, but my practical side wins this time around than my idealistic mind. I think you will get better chance of receiving a Jmod feedback, if you raise that concern in Runescape Reddit or Facebook page.


False. As I have consistently stressed, the best place currently for the web team to see feedback, issues or suggestions is in this forum. I read every thread and every post that is made. If not here, as I indicated in the thread OP linked to, Twitter if someone would prefer.



With the quote above pasted here, I wish to call the attention of Mod Lyon.

I hope your team already read the statements made by Arch in page 1 of this thread, which was posted last May 29.

May you give feedback please? Or should I again repeat my previous statement above that maybe Arch should reach-out for a Jmod in Social Media?

09-Jun-2020 14:27:01 - Last edited on 09-Jun-2020 14:45:54 by Maynne

Mod Lyon

Mod Lyon

Jagex Moderator Forum Profile Posts by user
Maynne said :


[snip]

With the quote above pasted here, I wish to call the attention of Mod Lyon.

I hope your team already read the statements made by Arch in page 1 of this thread, which was posted last May 29.

May you give feedback please? Or should I again repeat my previous statement above that maybe Arch should reach-out for a Jmod in Social Media?


I was expecting this was what you were hinting at. As you'll note on social media as well, the people who originally communicated this haven't done so on this subject there either. They are aware the community would like an update, and I have no information I am able to share on the matter myself.

You are welcome to go to social media, if you feel the response would be better and I wish you luck.

For what its worth, yes I noted this as it was posted but as it was forwarded on by our CM team to those relevant people and I have nothing to share as described above, felt there was nothing for me to add.
Jagex Web Team

Twitter - @JagexLyon

09-Jun-2020 15:47:57 - Last edited on 09-Jun-2020 15:57:51 by Mod Lyon

Hmm
Jan Member 2016

Hmm

Posts: 13,000 Opal Posts by user Forum Profile RuneMetrics Profile
I feel that that since that blog post, there has been some progress on the suspicious login detection front. Twice now I've accidentally triggered this account being locked, the first time for logging in from Switzerland as an account 99.9% based in the UK, and the second time I'm not too sure, but I do funny things with the client for dev purposes, so perhaps I should expect a few when I sometimes log in 30 times an hour.

I don't think it's something Jagex would make an absolute statement about, because if that defense mechanism is triggered, it is triggered usually in response to either a false positive, which is a bad scenario, or a true positive, which is, also a bad scenario. People would see it as a bad thing every time, even though the false positives are understandable and rare, but then you lead into the second problem.

People don't seem to understand the true positives, that someone has had the correct account confidentials, actually suggest a compromise. I don't know if there's efforts to combat that UX problem, but I've seen people in the account help forum get saved by this defense but fail to understand the full ramification of it, that they WERE compromised but saved by the suspicious login AI. They see it instead as, Jagex systems are dumb, rather than, check for keyloggers, you've been phished, etc.

So my question really is, is this behaviour actually new (since last May), or is it just I've only recently strarted noticing it based on my own flaggings and other peoples (perceptive bias). Or has it always existed?

I can understand Jagex not wanting to bring this one to light in particular, it is the worst case scenario to rely on heuristics like this to defend against a compromise and so not something you want to brag about (it'll make mistakes every side). but I think it would be beneficial to have a support article that more explicitly states that it does exist, and how bad the situation could have been without it being there.

09-Jun-2020 17:08:45 - Last edited on 09-Jun-2020 17:09:39 by Hmm

Mexk
Aug
fmod Member
2006

Mexk

Forum Moderator Posts: 19,605 Opal Posts by user Forum Profile RuneMetrics Profile
Thanks for the message, Lyon.
¸,.•
Mexk
•.,¸

Stand up for what is right, even if you stand alone
¨`'°«„¸¸„»°'
.............................
'°«„¸¸„»°'´¨

11-Jun-2020 10:52:48

Applejuiceaj
Nov
fmod Member
2011

Applejuiceaj

Forum Moderator Posts: 44,941 Sapphire Posts by user Forum Profile RuneMetrics Profile
Today's June edition of the Old School Gielinor Gazette again includes an 'update' but it is very similar to the past one:

Account Security and Login Issues: Last year we explained that we'd like to make significant changes to the account security features that we offer. These remain high on the list of studio priorities, but our tech teams are currently focused on delivering long-term solutions to the sustained malicious attacks that at times render the game unplayable.

11-Jun-2020 19:51:22

Conformed
Oct Member 2023

Conformed

Posts: 2,901 Adamant Posts by user Forum Profile RuneMetrics Profile
Applejuiceaj said :
Today's June edition of the Old School Gielinor Gazette again includes an 'update' but it is very similar to the past one:

Account Security and Login Issues: Last year we explained that we'd like to make significant changes to the account security features that we offer. These remain high on the list of studio priorities, but our tech teams are currently focused on delivering long-term solutions to the sustained malicious attacks that at times render the game unplayable.


Thanks for the information. It would be nice to hear the details of what they're thinking about doing in the future.
-- Con
for
med --

12-Jun-2020 15:40:47

Maynne

Maynne

Forum Moderator Posts: 52,416 Emerald Posts by user Forum Profile RuneMetrics Profile
What Arch asked in this thread is a fair question, given that we still have people posting here in RSOF regarding their accounts getting hacked.

Any promised additional features that can increase players security needs to be delivered, as that is a fair deal. I myself was very vocal, and loud when it came to making RSOF an https:// everywhere website - it took many years for it to happen - with many criticisms hurdled against me (one example was when someone fully disagreed, because he claimed that he is using dial-up, and https will ruin his foruming experience), but I am glad Jagex yielded at the end.

When it comes to technologies that secures this runescape website as a whole, Jagex should never let itself behind the curve. It is good PR for the company, if they have the best of the best security technologies in-place.

Btw, while at it - I hope Jagex implements TLS 1.3 for Runescape. It is currently using 1.2 as per SSLlab test.

19-Jun-2020 04:32:58 - Last edited on 19-Jun-2020 04:37:42 by Maynne

Quick find code: 278-279-257-66162862 Back to Top