forums.rs

Forums

Two-factor Authentication

Quick find code: 380-381-62-65435576

of 26
Saxo
Mar Member 2020

Saxo

Posts: 7,687 Rune Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.



So what you're telling me is, unlike JAG that you have to answer 5 of your questions correctly to disable it, you can just go into your email and "disable" it without having to do anything? Not even having to provide any information at all, you can just click "disable" and confirm it in email. I don't see how this is secure, if someone gets your email with JAG you're more secured with that than this authenticator thing. I think it'd be a good idea to just keep JAG and add-in the authenticator instead of taking it off or at least make it so that you have to do something, besides going to your email, to disable it. At least some type of security question like your typical "what was your first dog's name".

Just keep your email secure, it's really not * Well if you're ratted (the most common virus among RS players they can just control your PC and use the QR code reader app.. Or if your PC breaks with this set up then you're ****** out of not only your RS account but your email. Same goes for if your phone breaks or whatever too.

I do prefer this way as part of the reason I never set up JAG was incase I lost the answers to my questions (I'd fill in a load of crap so that it's not easy to guess).. But I don't see how this is any more secure.

23-Jun-2014 18:49:38 - Last edited on 23-Jun-2014 18:50:51 by Saxo

Wee Lamm
Jun Member 2020

Wee Lamm

Posts: 1,272 Mithril Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.
Can you log in to 07 with authentication beeing disabled? or u must enable it to log in can login disabled

Is there any reason why there's a 30 day expiry on it? Should be able to set it for however long you want, per device imo. Forcing people who can keep their accounts and such secure to reverify their account every month is pretty dumb.

Personally I think 30 days is too long, by having us to update at least every 30 days, encourages us to not take account security for granted. Most corporate networks require a forced pass change at least as frequently as every 30 days.

Edit: To correct stars to read pass.

23-Jun-2014 18:51:34 - Last edited on 23-Jun-2014 18:52:13 by Wee Lamm

Saxo
Mar Member 2020

Saxo

Posts: 7,687 Rune Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.
Can you log in to 07 with authentication beeing disabled? or u must enable it to log in can login disabled

Is there any reason why there's a 30 day expiry on it? Should be able to set it for however long you want, per device imo. Forcing people who can keep their accounts and such secure to reverify their account every month is pretty dumb.

Personally I think 30 days is too long, by having us to update at least every 30 days, encourages us to not take account security for granted. Most corporate networks require a forced ******** change at least as frequently as every 30 days. I don't see why someone who has never been hacked, knows about viruses and how to keep their accounts and PC secure should be forced to reverify though.. It's just an extra hassle and adds another reason to why I won't bother setting it up. I can keep my accounts safe, I wouldn't say no to a tiny bit extra security but at the cost of being pestered every month to verify I am who I say I am? No thanks. It's supposed to stop hackers from gaining access to your account, not yourself.

23-Jun-2014 18:53:28 - Last edited on 23-Jun-2014 18:54:51 by Saxo

C0BB

C0BB

Posts: 82 Iron Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.



So what you're telling me is, unlike JAG that you have to answer 5 of your questions correctly to disable it, you can just go into your email and "disable" it without having to do anything? Not even having to provide any information at all, you can just click "disable" and confirm it in email. I don't see how this is secure, if someone gets your email with JAG you're more secured with that than this authenticator thing. I think it'd be a good idea to just keep JAG and add-in the authenticator instead of taking it off or at least make it so that you have to do something, besides going to your email, to disable it. At least some type of security question like your typical "what was your first dog's name".

Just keep your email secure, it's really not * Well if you're ratted (the most common virus among RS players they can just control your PC and use the QR code reader app.. Or if your PC breaks with this set up then you're ****** out of not only your RS account but your email. Same goes for if your phone breaks or whatever too.

I do prefer this way as part of the reason I never set up JAG was incase I lost the answers to my questions (I'd fill in a load of crap so that it's not easy to guess).. But I don't see how this is any more secure.

If you have a RAT on your PC they can just wait for you to log into your RS account and force you to drop all your stuff anyway. Or capture your email login, look at your email etc for security answers....

If your PC or phone breaks you can choose to turn the authenticator off and set it up when you have a working device

23-Jun-2014 18:55:35

Wee Lamm
Jun Member 2020

Wee Lamm

Posts: 1,272 Mithril Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.



So what you're telling me is, unlike JAG that you have to answer 5 of your questions correctly to disable it, you can just go into your email and "disable" it without having to do anything? Not even having to provide any information at all, you can just click "disable" and confirm it in email. I don't see how this is secure, if someone gets your email with JAG you're more secured with that than this authenticator thing. I think it'd be a good idea to just keep JAG and add-in the authenticator instead of taking it off or at least make it so that you have to do something, besides going to your email, to disable it. At least some type of security question like your typical "what was your first dog's name".

Just keep your email secure, it's really not * Well if you're ratted (the most common virus among RS players they can just control your PC and use the QR code reader app.. Or if your PC breaks with this set up then you're ****** out of not only your RS account but your email. Same goes for if your phone breaks or whatever too.

I do prefer this way as part of the reason I never set up JAG was incase I lost the answers to my questions (I'd fill in a load of crap so that it's not easy to guess).. But I don't see how this is any more secure.

This tool is like a digital thumb print, that identifies you as being allowed to add/remove trusted devices. By also securing your email this way, it is your unique thumbprint that verifies you are entitled to read the email.

23-Jun-2014 18:57:17 - Last edited on 23-Jun-2014 19:01:17 by Wee Lamm

Saxo
Mar Member 2020

Saxo

Posts: 7,687 Rune Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.


If your PC or phone breaks you can choose to turn the authenticator off and set it up when you have a working device how do you turn the authenticator off without having access to your email?

23-Jun-2014 18:58:01

C0BB

C0BB

Posts: 82 Iron Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.


If your PC or phone breaks you can choose to turn the authenticator off and set it up when you have a working device how do you turn the authenticator off without having access to your email?

How would you play RuneScape if your PC is broken?

23-Jun-2014 19:01:11

Saxo
Mar Member 2020

Saxo

Posts: 7,687 Rune Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.


If your PC or phone breaks you can choose to turn the authenticator off and set it up when you have a working device how do you turn the authenticator off without having access to your email?

How would you play RuneScape if your PC is broken? Obviously I was meaning if you got a new PC or fresh installed windows, you wouldn't be able to get into your email to cancel authentication (Jagex highly recommends setting this up for your email too) thus also locking you out of your RS account.

23-Jun-2014 19:02:32 - Last edited on 23-Jun-2014 19:03:01 by Saxo

C0BB

C0BB

Posts: 82 Iron Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.


If your PC or phone breaks you can choose to turn the authenticator off and set it up when you have a working device how do you turn the authenticator off without having access to your email?

How would you play RuneScape if your PC is broken? Obviously I was meaning if you got a new PC or fresh installed windows, you wouldn't be able to get into your email to cancel authentication (Jagex highly recommends setting this up for your email too) thus also locking you out of your RS account.

You would contact your email provider and explain the situation

23-Jun-2014 19:07:57

Saxo
Mar Member 2020

Saxo

Posts: 7,687 Rune Posts by user Forum Profile RuneMetrics Profile
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.
Original message details are unavailable.


If your PC or phone breaks you can choose to turn the authenticator off and set it up when you have a working device how do you turn the authenticator off without having access to your email?

How would you play RuneScape if your PC is broken? Obviously I was meaning if you got a new PC or fresh installed windows, you wouldn't be able to get into your email to cancel authentication (Jagex highly recommends setting this up for your email too) thus also locking you out of your RS account.

You would contact your email provider and explain the situation From previous experience with contacting hotma!l in attempt to recover my account I can tell you it's not as easy as it sounds lol. Well unless you want to wait roughly ~2 weeks for a response back, and even then you get denied half the time. It takes long enough to get a response from Jagex half the time regarding your own accounts, let alone something like hotma!l or gmail which millions of users use, not thousands lol

Jagex are kind of recommending locking people out of playing RS for 2 weeks which if you ask me is kinda silly.. like I said I do prefer this method to JAG since you don't need to remember 5 stupid security questions but yeah, it's in no way better or more secure.

23-Jun-2014 19:12:05 - Last edited on 23-Jun-2014 19:13:39 by Saxo

Quick find code: 380-381-62-65435576 Back to Top