forums.rs

Forums

blog:Account Security Features

Quick find code: 294-295-396-66126612

of 4
Tagakhlo
Sep Member 2014

Tagakhlo

Posts: 1,119 Mithril Posts by user Forum Profile RuneMetrics Profile
I recall that some time - several months ago, perhaps not during the current attack on your servers, but during a previous one, or, more likely, right at the very beginning of that attack - noticing that there were problems, and it seemed that once again there was a DDoS attack going on.

It is very unfortunate that some people seem to have nothing better to do than engage in destructive activities like that.

Oh, and incidentally: I have never had my account hijacked, but I have used Authenticator nearly all the time from the beginning. But then, that's because I had a smartphone; in fact, I was using it to connect to the Internet so I could play RuneScape. I wish I had the option of securing my account with security questions for changing the password as well, like the old Account Guardian. It may not be a highly secure system, but it would be an additional layer of protection.

24-Oct-2019 16:28:13 - Last edited on 24-Oct-2019 16:33:30 by Tagakhlo

Roddy Piper
Jan Member 2011

Roddy Piper

Posts: 13,751 Opal Posts by user Forum Profile RuneMetrics Profile
" you can get a password manager and just remember the main password for that if you're really struggling that bad"

I'm not struggling with anything. Just stop trying to ask me to do more than what I already am. I will deal with the consequences or lack thereof. I'm not going to fall into the trap of fearmongering, that is for sure.

24-Oct-2019 16:30:36

Tagakhlo
Sep Member 2014

Tagakhlo

Posts: 1,119 Mithril Posts by user Forum Profile RuneMetrics Profile
Roddy Piper said :
I'm not going to fall into the trap of fearmongering, that is for sure.

It is not a trap of fearmongering when the problem is a real one. People do have their accounts hijacked, and it's been happening even to people who weren't careless, and far too often.

24-Oct-2019 16:36:57

Iron Felice
Oct Member 2014

Iron Felice

Posts: 101 Iron Posts by user Forum Profile RuneMetrics Profile
Tagakhlo said :
Roddy Piper said :
I'm not going to fall into the trap of fearmongering, that is for sure.
It is not a trap of fearmongering when the problem is a real one. People do have their accounts hijacked, and it's been happening even to people who weren't careless, and far too often. Don't worry, he has alternatives for when his Runescape account is hijacked.

24-Oct-2019 16:57:37

Roddy Piper
Jan Member 2011

Roddy Piper

Posts: 13,751 Opal Posts by user Forum Profile RuneMetrics Profile
Iron Felice said :
Tagakhlo said :
Roddy Piper said :
I'm not going to fall into the trap of fearmongering, that is for sure.
It is not a trap of fearmongering when the problem is a real one. People do have their accounts hijacked, and it's been happening even to people who weren't careless, and far too often. Don't worry, he has alternatives for when his Runescape account is hijacked.



I already said that. Get over yourselves and stop trying to be offensive. Alternately, you might try looking into a dictionary to improve your reading comprehension.

24-Oct-2019 17:13:04

The contents of this message have been hidden.

24-Oct-2019 20:53:40

Star SAN
Jun Member 2014

Star SAN

Posts: 1,816 Mithril Posts by user Forum Profile RuneMetrics Profile
Nice to see authenticator on forums. Thanks.

Maybe one short suggestion/reflection. I am using incognito mode to browse as I do not want any history/cookies of RS on my browser. As a result, even if I tick "remember this browser for 30 days" I have to enter 2FA code on the same computer every time I open up RS website and try to log in.

It's not extremely user friendly as you have to find your phone, unlock it, open up authenticator app and enter 6 digits (: Would it be feasible to have something similar to Google Prompt where you get a notification on a phone and you have to click "yes, it is me" to approve the log-in / have something similar to Smart ID Solutions that requires you to enter your PIN on your smartphone (basically used for e-banking authentification) to confirm your identity/approve signing-in.

Such solutions require you to approve log-in via your phone, rather than entering the details from the phone to the browser and I would say is a little bit more user friendly :)

24-Oct-2019 20:53:46

The contents of this message have been hidden.

24-Oct-2019 20:55:37

Quantum Evil
Oct Member 2013

Quantum Evil

Posts: 4,689 Adamant Posts by user Forum Profile RuneMetrics Profile
There is a logic problem to how Jagex is trying to increase security. Jagex is trying to rely on email and standard authentication via Smartphone, These methods naturally require the user to be, by definition, secure all around. Jagex is relying on people to keep their Email accounts secure but that makes no sense since those same people where not secure in their game accounts.

Using smartphone authentication has security problems as well, namely SIM jacking and security vulnerabilities in the phone it's self. Ultimately, Jagex could find it's self adding more and more layers to cover for users that are inherently insecure in their internet activities.

There are a number of ways to deal with all of this but Jagex needs to get away from email and authentictor . A Blockchain security system might help with this but it would take time to develop and implement.

24-Oct-2019 21:00:20 - Last edited on 24-Oct-2019 21:01:52 by Quantum Evil

Quick find code: 294-295-396-66126612 Back to Top