RuneScape Forum Archive | RuneScape Authenticator & JAG

Dec

2020

Khazad Sanci

Posts: 36 Bronze Posts by user Forum Profile RuneMetrics Profile

Yotuul said :
I'm very disappointed JAG won't be removed. It means JAGEX is going to expend a lot of hardware and resources which will be wasted on an antiquated system of security. Why? All because there are people in the community who:

A) Can't read the post JAGEX made about what authenticator really is, how it works, and that you don't need a smartphone. Just about every response I've seen includes this "I don't have a smartphone" response, which immediately indicates to me they didn't properly read about the topic of the authenticator.
B) Don't understand security in the least, and make these uneducated posts about how JAG is this unhackable security system better than current industry standard security policies.

This isn't an antiquated system of gameplay -- that's different. If people want different gameplay, so be it. That's part of what they're selling.

Security is a different matter though, all together. It does not, or should not, require the opinion of the community like this. The only requirement it should have, is that it works and protects users. That's it.

I really hope JAGEX reconsiders, and decides to get rid of JAG when they re-evaluate this at a later date.

I personally don't have a smartphone, though I hope to reconcile that soon. However, I have installed winauth on one of my computers, and thus activated the Runescape Authenticator, meaning I have both JAG and RA.

While I see how RA can be beneficial, via ease of access, the overall true security is not as high as JAG (though it does seem as if it should be enough. If someone has both your email information and account information, then you need to learn how to protect your information). The reason it is not as secure as JAG is that, as previously stated by others, JAG requires knowledge of security questions on top of email, whereas RA does not.

Proud Member of Sparta LHL: Love, Honour, Loyalty

Scholar, Zarosian, Lore Fanatic
~Omnis Finis Est Novum Principium~

26-Jun-2014 20:56:08

Dec

2020

Khazad Sanci

Posts: 36 Bronze Posts by user Forum Profile RuneMetrics Profile

On the flip side, I also see how RA is beneficial. I recently forgot my JAG questions, and had to hunt down the piece of paper I have them on (which they do offer to email you so you can print). JAG can be cumbersome at times, and is more complex, meaning more required support.

However, I overall prefer JAG, because w/o a smartphone, it is harder to accurately use RA (though not impossible), and because I feel as if I am both more secure and more expedient using JAG.

I personally hope that they keep both JAG and RA, as they are both quality systems with their own strengths and weaknesses. This year is supposed to be Power to the Players, and the most power we can have is the power of choice. My vote is to leave both systems up and running, allowing players to choose whether they want JAG, RA, or both.

*Khazad Sanci

Proud Member of Sparta LHL: Love, Honour, Loyalty

Scholar, Zarosian, Lore Fanatic
~Omnis Finis Est Novum Principium~

26-Jun-2014 21:01:01

Jun

2014

Star SAN

Posts: 1,816 Mithril Posts by user Forum Profile RuneMetrics Profile

As I said on Twitter - many thanks for doing a great job with Authenticator

Incredible add-on to account's security, as well as the setup is very user-friendly! And what is more, the setup of Authenticator and removal of JAG took exactly two minutes, just as it was stated in the initial news' article! *giggles*

Great work there, thanks!

[R*]SAN

26-Jun-2014 21:34:18

Oct

2005

Whyte Fyre

Posts: 638 Steel Posts by user Forum Profile RuneMetrics Profile

don't use authenticator. it simply does not work on a second pc. it says authenticator already active and won't let you log in.
do not use this piece of crap, it is dangerous

26-Jun-2014 22:10:00

Mayllene

Posts: 1,074 Mithril Posts by user Forum Profile RuneMetrics Profile

Authenticator works great, and i use authenticators for my email and other services. Nice to see that Jagex has finally joined other companies in up to date security technologies, and hopefully they do remove Jag and sell a physical key token for ppl that are only capable of typing runescape into their browser, in order for it to be accessible to everyone.

Keep up the good work

26-Jun-2014 22:19:33

Lucine

Posts: 12,636 Opal Posts by user Forum Profile RuneMetrics Profile

Nvm. It is better to fail in originality than to succeed in imitation. ~Herman Melville

26-Jun-2014 22:41:56 - Last edited on 26-Jun-2014 22:43:52 by Lucine

Zechariah827

Posts: 952 Gold Posts by user Forum Profile RuneMetrics Profile

I'm happy to see that you're allowing those who are responsible to keep using JAG.

However, I'm curious what this exclusive future content is? Please fix or tell us how to fix the issue with our computers not being recognized for 30 days with Authenticator before you implement something like that.

26-Jun-2014 22:56:19

Sovexe21

Posts: 757 Gold Posts by user Forum Profile RuneMetrics Profile

KittyChrissy said :
So.... This really does leave a lot of people without security. Not everyone has a smart phone and can download things on to their computer. Very few people even own a flash drive.

maybe in like 2003...I have 10 flash drives within arms reach right now ranging from 4GB-64GB

I mean you can get small ones for free online even!

26-Jun-2014 23:47:47 - Last edited on 26-Jun-2014 23:48:46 by Sovexe21

Mar

2012

Shojo Dagger

Posts: 544 Steel Posts by user Forum Profile RuneMetrics Profile

Ferenc2017 said :
This is great news!

A big ty from me and all the supporters!

2 things i would like to see for the authenticator to make it as safe as JAG is are, give it the security questions back. You will only need them when you activate the authenticator on a device or when you want to remove it.

To make them easier to remember, let us make or own questions and recommend people to write it down on a piece of paper (Not on your computer!)

And what about giving players a small reward when they activate authenticator like you did the the email register.

On this way much more people will have a secured account!

Ty for listening to the community

!

Ferenc2017

Indeed! *High fives Ferenc*

Agree about questions for activation/removal, plus an idea of my own:
Add a shorter length trust option to authenticator.
For example:
When I use a public pc at the library to get online, I don't want it to be trusted for 30 days, because it is a public pc. Plus, the "trusted" computer may not be always be available to me, because it is a public pc, in a public library.
How many library pc's would I end up trusting for 30 days like that? That's not secure at all.
But I don't want to have to "authenticate" every time I get a log in screen either.

So having more temporary option (such as 12 hrs, or 1 day) would add to both security & convenience.

On the other hand, on my personal laptop I might want to set it for 30 days, because my laptop it is not a public pc.

So I think having a short trust time & longer trust time available to choose from would be great!

You also need to explicitly explain in your "official" authenticator spiel that the app you need (WinAuth) doesn't need to be installed & can be run from a USB, even on shared/public pc's.
A misunderstanding of the software involved seems to be a major source of the ire about switching to authenticator & removing JAG.

What we obtain too easily, we esteem too lightly, it's dearness only that gives everything it's value.

26-Jun-2014 23:52:38

Mar

2012

Shojo Dagger

Posts: 544 Steel Posts by user Forum Profile RuneMetrics Profile

Sovexe21 said :
KittyChrissy said :
So.... This really does leave a lot of people without security. Not everyone has a smart phone and can download things on to their computer. Very few people even own a flash drive.

maybe in like 2003...I have 10 flash drives within arms reach right now ranging from 4GB-64GB

I mean you can get small ones for free online even!
The WinAuth exe file is only about 3.5 mb in size, the smallest flash drive I've seen is 16 mb, and that was like 10 yrs ago when flash cards were just becoming popular for using with digital cameras.

Now the cheapest flash memory at walmart is 8gb usb drives for just under $5.
So a one time purchase of $5 for a USB drive is hardly a bank breaker for anyone really. Hell, a McD's Happy Meal costs more than that!

And on eb*y I found a " USB 2.0 4.5V-5.5V Red 1GB Fire Extinguisher USB Flash Drive " for 1.99 "buy-it-now" with free shipping.
1 gb is way more space than needed to run WinAuth from, and even if you got it just to run WinAuth from, $2 is damn cheap.
A one time purchase of an inexpensive portable media is much different than an expensive smartphone with on-going expensive bills, and portable media is extremely available, whereas smartphones are still fairly exclusive.

Jagex could even choose to offer RS printed usb drives in their shop, maybe even buyable with bonds, just to make them extra available. What we obtain too easily, we esteem too lightly, it's dearness only that gives everything it's value.

27-Jun-2014 00:43:27

Forums

RuneScape Authenticator & JAG