RuneScape Forum Archive | Security Features

Mod Sween

Jagex Moderator Forum Profile Posts by user

This thread is for discussing the latest account security news, found here . Community Manager for Old School RuneScape
Are you looking for a clan? Visit the Clan Directory!

24-Oct-2019 10:42:54 - Last edited on 24-Oct-2019 10:49:39 by Mod Sween

May

2013

Halex

Posts: 1,560 Mithril Posts by user Forum Profile RuneMetrics Profile

I think this is a step in the good direction.

I can definitly appreciate that Jagex cares about account security, in my experience much more so than the other games I've played over the years.

I'm of the mind that password complexity needs to increase sometime as well, as any increase beyond 20 alphanumericals is a significant increase in possibilities.

Thanks
~Halex

24-Oct-2019 14:37:55 - Last edited on 24-Oct-2019 14:49:01 by Halex

Aug

2018

H arry

Posts: 3,852 Adamant Posts by user Forum Profile RuneMetrics Profile

Cool

24-Oct-2019 14:42:37

Mar

2024

Iron Greg

Posts: 5 Bronze Posts by user Forum Profile RuneMetrics Profile

I love the fact that something is being done about account security.

My only concern is that for many people that have accounts that are 10,15 ect years old may have made them at much younger ages using recovery details and creation details that are long forgotten.

As stated in the news post if in the event both authenticator and backup codes are lost then very high quality of information will be required. This is something that for this account I would be confident giving however my original account from many years ago, not so much.

My solution to this would be allowing players to store information against their accounts in the form of passport info, driving licence info, or any other secure photo id that would provide conclusive proof that you are who you say you are in event of recovery being necessary.

Obviously this would come with legal hurdles of how your store this data but I think it would be a really good option for those out there like myself that may have doubts come the time they ever need to use account recovery.

-Greg

24-Oct-2019 16:54:25

Unveil

Posts: 4,149 Adamant Posts by user Forum Profile RuneMetrics Profile

While all of this is well and good, what I am especially concerned about is false perm bans that I'm sure have been raised before.

As some very prominent streamers have discovered for themselves, false positives are a very real thing, even when done through manual means. How can the community be reassured, that these perm bans handed out to regular players are genuine.

My fear is that after investing so much time on my accounts, that someone from jagex might determine my account(s) to qualify for a perm ban without any recourse for the player to appeal, unless ofc they are a high level streamer. How is this being addressed?

I had an account I made a while ago, on which I was afk training range through cannoning. Due to afking for long hours (usually while studying), my account was perm banned for macroing, even tho I have 4 accounts and have never botted on any of my accounts since I started playing through miniclip in 05. What can someone like me, who does not stream or is a famous content creator do to have my false ban looked into.

This is beyond ridiculous

24-Oct-2019 20:00:55 - Last edited on 25-Oct-2019 02:12:30 by Unveil

BennyAlvlen

Posts: 1 Bronze Posts by user Forum Profile RuneMetrics Profile

I understand this. I am disabled and have a lot of time on my hands. I've had one account blocked. I quit one account, that was well advanced and I put a lot of money into, when Jagex decided to force a strange combat style on everyone. That was years ago.

Now, I have opened a new account and really don't like the push for this authentication. I don't like the bank pin idea, either. It's just more buttons to push and more information. It's like they're phishing.

There should be an opt out for these security schemes. Play at your own risk, I suppose.

I believe most problems occur when people run bots or give their login information to others. I have played for many years without any problems. Notably, I do not give out my login info and no one else uses my computer. No problems!

29-Oct-2019 18:34:15

SnoopDogg2

Posts: 80 Iron Posts by user Forum Profile RuneMetrics Profile

It would be nice if Yubikeys could be supported too. They are way more convenient to use than the Authenticator and provide the same if not better account security.

Yubikeys are cheap hardware keys that are used for two-factor authentication, and you plug them in your USB slot and tap a key - done. No more fetching your mobile phone and typing in numbers. As an added bonus they are also phishing resistant.

Backup methods could include another strong 2FA such as a secondary yubikey, the authenticator or backup codes. All major email providers support them and the list of other websites that supports them are growing.

Of course these hardware keys can also be utilized inside the company to prevent phishing attempts against employees, a good number of large companies have already adopted this practice.

Edit: Convenience is important. If a security feature is cumbersome, such as say bank pins for example, people won't use it. And surely we want as many people to use strong security as possible.

Edit 2: Another good reason to add hardware keys is that companies have reported significant savings in user support. And that goes if the method is employed for customers and employees alike.

29-Nov-2019 10:48:13 - Last edited on 20-Dec-2019 12:57:36 by SnoopDogg2

Mar

2024

Mr Oko

Posts: 1 Bronze Posts by user Forum Profile RuneMetrics Profile

Please i need help scammed me player “examiner ppl” date: 18.12.2019 timecca 12:00pm-02:00pm scammed me all item droped all intranete item destroid me house i need help please
Please jagex help me send me email [email protected]
Thx I have a problem scammed me player “examiner ppl” scammed me all bánk all item destroid me housd dáte scammed: 18.12.2019 tíme cca 12:00pm-02:00pm please help me me name player is krcme***

19-Dec-2019 11:45:28

SnoopDogg2

Posts: 80 Iron Posts by user Forum Profile RuneMetrics Profile

Ok. That's a public accusation and public posting of personal details (aka doxxing) all in one. I'm fairly sure that's not how you are supposed to do things.

Seeing as those credentials have been part of at least one known security incident in the past and have been leaked, that leads me to assume I'm actually talking to a random person on a stolen account trying to fool customer support into giving him stuff (which I hear they don't do for this specific reason).

And in the unlikely case I'm talking to the original owner of the account. If you re-use passwords (I'm assuming you do), your email is likely compromised too and you are effed beyond anyone's help at this point, since email is how most people reset passwords. A game account is the least of your problems.

20-Dec-2019 14:25:00 - Last edited on 21-Dec-2019 01:19:05 by SnoopDogg2

Jun

2022

Yolp

Posts: 102 Iron Posts by user Forum Profile RuneMetrics Profile

The updated Security features are a good touch to Runescape/Old school school. Lot of people lose their account not from sharing information or detils. But Hackers are getting smarter and finding ways onto your account with your information. So yes, please do what you can to decrease the accounts that get stolen and hacked.

Have faith in you Jagex! :3

Happy

-Quester-

-07 Player-

-Girl Gamer-

28-Dec-2019 14:53:31

Forums

Security Features - Blog

Mod Sween

Halex

H arry

Iron Greg

Unveil

BennyAlvlen

SnoopDogg2

Mr Oko

SnoopDogg2

Yolp