RuneScape Forum Archive | RuneScape Authenticator

Hoppeeee

Posts: 1,540 Mithril Posts by user Forum Profile RuneMetrics Profile

Jordanious77 said :
Watch someone make an app called "jagex authenticator" that steals your details and hacks all the people that use it.

Authenticator is forcing people to use software not developed by jagex and therefor takes security out of jagex' hands.

And it's clear the reason Jagex are removing JAG (without a poll) is because JAG requires more money and time to run therefor they're vindicated (just as they were with EOC & SOF) to install an untested update without much warning and stuff over a good part of the community.

It's also interesting to see jagex are also ignoring the people with genuine concerns.

Notice that the people who can't afford a smartphone probably can't afford to buy spins either (or buy membership with bonds) therefor they no longer matter.

Jagex 2k14

I do have to agree with you, that it does take the security out of Jagex's hands to some extent. Jagex, please endorse a few specific authenticators - and be extremely clear, so that scamming of this sort does not occur!

Keep in mind though, that this sort of scamming may not even be a possibility. It is stated on the FAQ that: "The codes will be generated on your device, so even if any hijackers know the pass-word on your account, they will not be able to get access to your game account."

Although, I suppose, a hacker could design a program that sent codes to your device, instead of generating them on your device.

23-Jun-2014 23:31:41 - Last edited on 23-Jun-2014 23:56:45 by Hoppeeee

Asellus5

Posts: 63 Iron Posts by user Forum Profile RuneMetrics Profile

This is total bull. I don't have a telephone, let alone a smart telephone, and I'm not buying an extra computer just for this.

You don't make many bad calls, Jagex, but this is a huge one, like bringing back PKing, and the Squeal of misfortune.

23-Jun-2014 23:37:44

Feb

2012

Karmoi

Posts: 2,716 Adamant Posts by user Forum Profile RuneMetrics Profile

Jadzi1 said :

What if I have my authenticator on my comp at home, and I try to play somewhere else, at a friend for example ? How can I get the code when it changes in every 30 seconds ? It's not something I can remember, since it keeps changing.

And your other argument, that we still have our normal pass to protect us...that was the point of adding bonus security, that our pass is not considered safe enough. With JAG, if someone somehow got your pass, still couldn't use your account since it could only be reached from trusted computer. Now if the hacker gets your pass, and gets your email too (which is very likely, much easier than to get the RS pass), he can turn off the authenticator in a sec and boom, your account is gone forever. The authenticator is much much less safe than JAG, since JAG required the hacker to physically sit at your trusted comp which was very unlikely.

This is all exactly correct and shows quite clearly the flaws of this new security setup. The Authenticator itself is susceptible to Trojans and "man in the middle" security attacks. These issues were handled very well by JAG. As has been mentioned, Authenticators have been subject to successful attack previously on competing game platforms. The update is a good one for people with the interest/ access/ willing to take the risk. However, JAG should remain for those less tech savvy or inclined.

In essence this update is Jagex handing off security of their own content and the welfare and security of their players (paying customers) to third party vendors. Jagex controls the game and content as well as access to that content. Jagex alone is responsible for the security of their paying customers, not third party vendors running open-source apps like Google Authenticator.

This is quite obviously a money grab and cost cutting measure at it's core.

Music in the Soul can be heard by the Universe

-

Use RS-Linkify

-

Karma comin' at ya

23-Jun-2014 23:37:45 - Last edited on 23-Jun-2014 23:41:30 by Karmoi

Apr

2009

Feray

Posts: 176 Iron Posts by user Forum Profile RuneMetrics Profile

Worst Idea EVER. JAG was better.

23-Jun-2014 23:39:20

Oct

2008

Spocko7

Posts: 825 Gold Posts by user Forum Profile RuneMetrics Profile

i created a thread entitled

keep jag vote

lets inundate them with yes votes in favor of keeping jag .and enlighten them as to why this should have been voted on by the players to be implemented into game

23-Jun-2014 23:40:33

Hoppeeee

Posts: 1,540 Mithril Posts by user Forum Profile RuneMetrics Profile

Jadzi1 said :

What if I have my authenticator on my comp at home, and I try to play somewhere else, at a friend for example ? How can I get the code when it changes in every 30 seconds ? It's not something I can remember, since it keeps changing.

And your other argument, that we still have our normal pass to protect us...that was the point of adding bonus security, that our pass is not considered safe enough. With JAG, if someone somehow got your pass, still couldn't use your account since it could only be reached from trusted computer. Now if the hacker gets your pass, and gets your email too (which is very likely, much easier than to get the RS pass), he can turn off the authenticator in a sec and boom, your account is gone forever. The authenticator is much much less safe than JAG, since JAG required the hacker to physically sit at your trusted comp which was very unlikely.

18. What if I don’t have my authentication device on me?

If you are trying to login from a new PC but do not have your device with you, simply click on the ‘disable authenticator’ link on screen and an email will be sent to your registered email containing a link to disable the authenticator. With the authenticator disabled, you’ll be able to access your account, but we strongly recommend that you re-enable the authenticator when you get your device back.

23-Jun-2014 23:40:38

Oct

2012

T r e

Posts: 1,466 Mithril Posts by user Forum Profile RuneMetrics Profile

Hoppeeee said :
Jadzi1 said :

What if I have my authenticator on my comp at home, and I try to play somewhere else, at a friend for example ? How can I get the code when it changes in every 30 seconds ? It's not something I can remember, since it keeps changing.

And your other argument, that we still have our normal pass to protect us...that was the point of adding bonus security, that our pass is not considered safe enough. With JAG, if someone somehow got your pass, still couldn't use your account since it could only be reached from trusted computer. Now if the hacker gets your pass, and gets your email too (which is very likely, much easier than to get the RS pass), he can turn off the authenticator in a sec and boom, your account is gone forever. The authenticator is much much less safe than JAG, since JAG required the hacker to physically sit at your trusted comp which was very unlikely.

18. What if I don’t have my authentication device on me?

If you are trying to login from a new PC but do not have your device with you, simply click on the ‘disable authenticator’ link on screen and an email will be sent to your registered email containing a link to disable the authenticator. With the authenticator disabled, you’ll be able to access your account, but we strongly recommend that you re-enable the authenticator when you get your device back.

The fact that an individual has to willingly leave their account unprotected to log in somewhere else while away from their main computer isn't really a great selling point. ^-^

23-Jun-2014 23:45:05

Hoppeeee

Posts: 1,540 Mithril Posts by user Forum Profile RuneMetrics Profile

Karmoi said :

In essence this update is Jagex handing off security of their own content and the welfare and security of their players (paying customers) to third party vendors. Jagex controls the game and content as well as access to that content. Jagex alone is responsible for the security of their paying customers, not third party vendors running open-source apps like Google Authenticator.

This is quite obviously a money grab and cost cutting measure at it's core.

The applications coming from a third party is one thing that does bother me a bit. If Jagex had its own authenticator, I'd be a little more comfortable using this!

However, I don't think your concerns about "money grab" are really all that valid. I mean, if they can keep our accounts secure using less money, I'm all for it. Though I completely agree that the implementation wasn't the best thought out, and I'm all for improvements to the system.

23-Jun-2014 23:47:09 - Last edited on 23-Jun-2014 23:48:42 by Hoppeeee

Hoppeeee

Posts: 1,540 Mithril Posts by user Forum Profile RuneMetrics Profile

T r e said :

The fact that an individual has to willingly leave their account unprotected to log in somewhere else while away from their main computer isn't really a great selling point.

You're right, it sure isn't! If they haven't already, hopefully they will create an email option to temporarily turn the authenticator off (for x number of hours or days), instead of permanently.

But it did answer his question.

23-Jun-2014 23:48:02 - Last edited on 23-Jun-2014 23:54:18 by Hoppeeee

Ladycougar58

Posts: 231 Silver Posts by user Forum Profile RuneMetrics Profile

Don't see the point in this for all of us that don't own a smart phone or do not trust what ever you want us to load well we are just out of luck then. Why don't you at Jagex as us ask users what we want not just walk all over us.
Technology is wounderful when it woks but as it is now with all this hackers I don't trust anything anymore. My 2 anti virus program and the anti spyware programs will be my protector from now on you sure won't protect us Jagex, shame on you.

23-Jun-2014 23:49:17

Forums

RuneScape Authenticator