Forums

RuneScape Authenticator & JAG

Quick find code: 294-295-312-65407796

Mod William

Mod William

Jagex Moderator Forum Profile Posts by user

RuneScape Authenticator & JAG

We’ve seen an incredible response to the introduction of RuneScape Authenticator - the new and simpler way to secure your RuneScape account - with over 25,000 signups on the first day.

We introduced RuneScape Authenticator as JAG was underused and complex – in reality, only 22% of active players were protected by it. In addition, RuneScape Customer Support received 354 queries in regards to JAG issues last week - and just under 17,000 requests regarding JAG over the course of a year.

Authenticator is a safer, more straightforward solution to account security. You no longer need to wait for an email or answer security questions each time you log in. All you need is a code from your Authenticator.

We previously stated that JAG would be disabled later this summer, however, some players have expressed concerns over the new way to secure their account.

We have taken your feedback on board, in particular from those of you without smartphones. With this in mind, JAG will be sticking around for the time being, for use by accounts who have already set it up. It will be reviewed at a later date.

We still recommend that all users upgrade to Authenticator as soon as possible. To ensure the highest levels of account security, some future RuneScape features will only be available to those who have enabled RuneScape Authenticator.

Any new accounts or accounts that do not currently have JAG enabled will only have access to RuneScape Authenticator for an additional layer of security.

If you choose to remove JAG from your account, or you contact our Customer Service team and they need to disable it to help you gain access to your account, you will not be able to reactivate it. You will still be able to secure your account using the RuneScape Authenticator.

To keep your account safe, always remember the golden rule: if it sounds too good to be true, it probably is. Never use your RuneScape password anywhere else – especially not for your email account. Every password you use should be unique, and never shared with anyone, even family members. For more security tips, take a read through the Safety Centre .

If you want a little more information on how RuneScape Authenticator works and how it can keep your account protected, take a look at our Authenticator launch news post .

The RuneScape Team

26-Jun-2014 10:56:37 - Last edited on 26-Jun-2014 10:56:57 by Mod William

Ferenc2017

Ferenc2017

Posts: 9,575 Rune Posts by user Forum Profile RuneMetrics Profile
This is great news!

A big ty from me and all the supporters!

2 things i would like to see for the authenticator to make it as safe as JAG is are, give it the security questions back. You will only need them when you activate the authenticator on a device or when you want to remove it.

To make them easier to remember, let us make or own questions and recommend people to write it down on a piece of paper (Not on your computer!)

And what about giving players a small reward when they activate authenticator like you did the the email register.

On this way much more people will have a secured account!

Ty for listening to the community :D !

Ferenc2017 :)
Ferenc2017
-
The Gamebreaker
:) Raise max cash! Click here to support!

26-Jun-2014 11:57:09 - Last edited on 26-Jun-2014 12:04:47 by Ferenc2017

Proselyte

Proselyte

Posts: 120 Iron Posts by user Forum Profile RuneMetrics Profile
Could you explain how

­­Authenticator is a safer , more straightforward solution to account security­­

While Authenticator is a very good system and it should suffice, it's weaker than JAG. If you have JAG, an attacker would need your secret word, access to your email account AND your recovery questions. With Authenticator, having your secret word and access to your email account is enough since they can reset Authenticator through your email.

If your email account is compromised, then JAG still (somewhat) protects you by the security questions, while with Authenticator your account is done for. How is it more secure?

Of course we should have 2-factor authentication on our emails, and if we do, Authenticator is great and I think replacing JAG is a great idea but we should be accurate in what we say :p

26-Jun-2014 11:59:47 - Last edited on 26-Jun-2014 12:04:46 by Proselyte

Mister Ruse

Mister Ruse

Posts: 2,278 Mithril Posts by user Forum Profile RuneMetrics Profile
Tip to any of those without smartphones: Get the windows authenticator app winauth (or equivalent for non windows) and either put it on a usb stick or on a cloud service such as dropbox, you can then use it on any pc without needing a smartphone.

Btw is there any problem with having both Auth and JAG enabled at once? I just left JAG on when I set up Auth cause I thought why not :P

@ Proselyte Ko

They say it's more secure because in theory you need your phone to log in, where with JAG they could in theory guess your questions, but you're right in the sense that if they get access to your email, with JAG they still need to guess your questions, but with Auth they can just disable it.

The ease in which you can disable it is a little concerning and maybe they should make you need to answer questions in order to disable it. The problem is I think the point is they want to move away from questions because they're so easy to forget and it probably takes a lot of their customer service time.

26-Jun-2014 12:02:49 - Last edited on 26-Jun-2014 12:08:58 by Mister Ruse

Arataki ltto
Mar Member 2021

Arataki ltto

Posts: 5,032 Rune Posts by user Forum Profile RuneMetrics Profile
Jamzi said :
boooo......just get rid of JAG.


So hackers can have a cakewalk with accounts? HAH NTY...

- The
ZAROISAN

ZAROS is back, Look BUSY!
-
Vyrelord
of Vamp**ium

"I will follow Vanescula till the end! Hissss!"
I lurk on twitter! @Vyrelord - Come say hi!

26-Jun-2014 12:45:45

Mod Rascasse

Mod Rascasse

Jagex Moderator Forum Profile Posts by user
Mister Ruse said :

Btw is there any problem with having both Auth and JAG enabled at once? I just left JAG on when I set up Auth cause I thought why not :P


No, both will work together but you'll probably find it becomes quite annoying to have to wait for the JAG email, answer all your security questions and then also enter the code from your code generator app.
Mod Rascasse

26-Jun-2014 13:05:15

War tortoise
Sep Member 2011

War tortoise

Posts: 9,487 Rune Posts by user Forum Profile RuneMetrics Profile
Mod Rascasse said :
Mister Ruse said :

Btw is there any problem with having both Auth and JAG enabled at once? I just left JAG on when I set up Auth cause I thought why not :P


No, both will work together but you'll probably find it becomes quite annoying to have to wait for the JAG email, answer all your security questions and then also enter the code from your code generator app.


So we can do both at once? :D

But I have my JAG set as perm would that be a problem?

I wouldn't mind having both set as once.
Lost Woods numba 1, (NOT EE, Those scrubs are liars ;p)

*~War Tortoise

26-Jun-2014 13:14:30

Quick find code: 294-295-312-65407796 Back to Top