Forums
Account Security Blog
Quick find code: 380-381-583-66107497
Account security updates are one thing I'm very excited about. Jagex, I hope you guys roll some small changes such as password complexity sooner than later. Capitalization being ignored, which I've confirmed, is pretty crazy. Not being able to use special characters is also pretty insane.
I actually work in the IT industry, so I'm pretty close to this subject myself, and one thing I would love to see while you guys make these changes is support for PASS PHRASES.
The old style Thi$IsMyS3cr3tP@$$word days are long, long gone. Obviously where I work we use Multi-Factor Authentication to access accounts, especially from new systems and outside the trusted network. Before Pass Phrases were implemented we used to get a constant barrage of false authentication prompts, indicating some bot somewhere had guessed a user's password and had tried to use it to log in. After Pass Phrases, this pretty much disappeared entirely. It makes a huge difference and they should be encouraged! Not to mention we get a lot less forgotten passwords as we no longer need a rotating 90 day password expiration.
We also implemented something like what you're talking about to see if a user's password has been compromised elsewhere, part of what we implemented was this:
https://haveibeenpwned.com/API/v2
I myself was alerted of being pwned in the Feb 2018 "MyFitnessPal" breach, luckily I have 2 factor authentication on my email provider
Good luck with the security updates, these are extremely welcome and desired!
Also, one more thing that would make MFA (multi-factor authentication) way better on Quality of Life! If logging in didn't require the code to be typed in but instead allowed us to use the Approve/Deny prompt on the authentication app, SO much easier. Thanks again!
I actually work in the IT industry, so I'm pretty close to this subject myself, and one thing I would love to see while you guys make these changes is support for PASS PHRASES.
The old style Thi$IsMyS3cr3tP@$$word days are long, long gone. Obviously where I work we use Multi-Factor Authentication to access accounts, especially from new systems and outside the trusted network. Before Pass Phrases were implemented we used to get a constant barrage of false authentication prompts, indicating some bot somewhere had guessed a user's password and had tried to use it to log in. After Pass Phrases, this pretty much disappeared entirely. It makes a huge difference and they should be encouraged! Not to mention we get a lot less forgotten passwords as we no longer need a rotating 90 day password expiration.
We also implemented something like what you're talking about to see if a user's password has been compromised elsewhere, part of what we implemented was this:
https://haveibeenpwned.com/API/v2
I myself was alerted of being pwned in the Feb 2018 "MyFitnessPal" breach, luckily I have 2 factor authentication on my email provider
Good luck with the security updates, these are extremely welcome and desired!
Also, one more thing that would make MFA (multi-factor authentication) way better on Quality of Life! If logging in didn't require the code to be typed in but instead allowed us to use the Approve/Deny prompt on the authentication app, SO much easier. Thanks again!
29-Jun-2019 14:55:20
I lost 500m to a rat Lol, but you know what I didn't lose, untradeables, ferocious gloves etc, how about you make it easier, by making gear kits require a bank pin related code to remove it, which users can opt in by speaking to a bank, this would generally be unrelated so in worse case scenario, if they ever try taking your goods and incorrectly type a pin, it locks the account for users to be able to retrieve goods. It's a bummer I lost my stuff but hey, take it on the chin I guess.
Or have designated locations for untradeables to be disassembled like the ferocious gloves.
How I lost my stuff, recieved a rat, "computer went into shutdown mode" I thought w.e must be a bug which never happens, but I dont know if disconnecting my internet would've helped. Lol. I literally got taken for bank whilst sitting on my desktop. I tried locking the account whilst it was logged in but I tried spamming login so the account could possibly get locked out but nothing. Authenticator was removed so easily with just a login. Gmail had an auth but that was no used as it was removed with saved email/pass. You can eliminate this all with having a password removal for the authenticator on rs. Set stuff to private because I know you'll have the odd weirdo looking up your profile
Or have designated locations for untradeables to be disassembled like the ferocious gloves.
How I lost my stuff, recieved a rat, "computer went into shutdown mode" I thought w.e must be a bug which never happens, but I dont know if disconnecting my internet would've helped. Lol. I literally got taken for bank whilst sitting on my desktop. I tried locking the account whilst it was logged in but I tried spamming login so the account could possibly get locked out but nothing. Authenticator was removed so easily with just a login. Gmail had an auth but that was no used as it was removed with saved email/pass. You can eliminate this all with having a password removal for the authenticator on rs. Set stuff to private because I know you'll have the odd weirdo looking up your profile
29-Jun-2019 20:40:17 - Last edited on 29-Jun-2019 20:44:13 by Rbnor
It's nice to see more security being available to accounts, I wish we had that kind of option back in 2007
Anyway, I checked up what changes will be done and it looks like it will only benefit the security. The thing is not to make it too complicated to be locked out of your account yourself, has happened to me after I had to factory reset my mobile phone and didn't have access to my Authenticator. I also hope that there won't be requirements to change my password to be more complicated as I keep forgetting them and I won't trust them to third-party. May password be only in my head - as long as I can remember them.
I noticed that the website will also get a 2-step verification system. Can we also have the Secure tag in front of the website address? I keep getting "Not Secure" when on the forums but the login screen is confirmed for Jagex. Or is that just my problem or Chrome's? The Grumpy Estonian
Anyway, I checked up what changes will be done and it looks like it will only benefit the security. The thing is not to make it too complicated to be locked out of your account yourself, has happened to me after I had to factory reset my mobile phone and didn't have access to my Authenticator. I also hope that there won't be requirements to change my password to be more complicated as I keep forgetting them and I won't trust them to third-party. May password be only in my head - as long as I can remember them.
I noticed that the website will also get a 2-step verification system. Can we also have the Secure tag in front of the website address? I keep getting "Not Secure" when on the forums but the login screen is confirmed for Jagex. Or is that just my problem or Chrome's? The Grumpy Estonian
04-Jul-2019 08:47:27 - Last edited on 04-Jul-2019 08:50:03 by Teff112
Teff112
said
:
It's nice to see more security being available to accounts, I wish we had that kind of option back in 2007
Anyway, I checked up what changes will be done and it looks like it will only benefit the security. The thing is not to make it too complicated to be locked out of your account yourself, has happened to me after I had to factory reset my mobile phone and didn't have access to my Authenticator. I also hope that there won't be requirements to change my password to be more complicated as I keep forgetting them and I won't trust them to third-party. May password be only in my head - as long as I can remember them.
I noticed that the website will also get a 2-step verification system. Can we also have the Secure tag in front of the website address? I keep getting "Not Secure" when on the forums but the login screen is confirmed for Jagex. Or is that just my problem or Chrome's?
I also have the "Not Secure," and am also using Chrome.
It's nice to see more security being available to accounts, I wish we had that kind of option back in 2007
Anyway, I checked up what changes will be done and it looks like it will only benefit the security. The thing is not to make it too complicated to be locked out of your account yourself, has happened to me after I had to factory reset my mobile phone and didn't have access to my Authenticator. I also hope that there won't be requirements to change my password to be more complicated as I keep forgetting them and I won't trust them to third-party. May password be only in my head - as long as I can remember them.
I noticed that the website will also get a 2-step verification system. Can we also have the Secure tag in front of the website address? I keep getting "Not Secure" when on the forums but the login screen is confirmed for Jagex. Or is that just my problem or Chrome's?
I also have the "Not Secure," and am also using Chrome.
10-Jul-2019 05:35:35
Thanks for the blog
18-Jul-2019 04:00:10
Quick find code: 380-381-583-66107497 Back to Top