forums.rs

Forums

Authy & LastPass User Advice?

Quick find code: 408-409-661-66269849

of 2
Pinguicula

Pinguicula

Posts: 10,433 Opal Posts by user Forum Profile RuneMetrics Profile
So, bad news for Twilio Authy users, plus more bad news for LastPass users. I have a situation here and not sure what if anything can be done. I hesitate to go in to full detail on the forums. Is there any way I can communicate in a more private method with someone who can help?

23-Dec-2022 03:11:30

Malua
May Member 2006

Malua

Posts: 43,113 Sapphire Posts by user Forum Profile RuneMetrics Profile
Pinguicula
:)

As the issues you want to report are already getting internet attention, I suspect Jagex is probably aware of them.

It is difficult to get a direct contact.
[email protected] email isn't just a "dob in a player" email and can be used for your purpose.
Do you have any JMod followers in Twitter? If so, you could dm them.
I was going to recommend the 'Contact Us' button on the Website issue support page but I am not so sure if it is appropriate.

Two days before Christmas is probably a bad time for chasing someone down about this. :|
Forum Community Helper -
Information about Moderators and Community Helpers

23-Dec-2022 08:48:15

2_Tron

2_Tron

Posts: 23,025 Opal Posts by user Forum Profile RuneMetrics Profile
@Pinguicula, both are 3rd party programs (Twilio Authy & LastPass) and issue that arise within these software programs can not be solved by Jagex/JMods although they will monitor what is happening. If those programs have security issues (backdoors) of any kind best thing is to get back to what Jagex/JMods do offer us in the first place.
I strongly would recommend to make sure that RuneScape Authenticator is running on your account and that your security measures are as tight as possible. Evenso on your computer and other devices, keep your software up to date and standard security always running to the max.

23-Dec-2022 09:28:34

Pinguicula

Pinguicula

Posts: 10,433 Opal Posts by user Forum Profile RuneMetrics Profile
Unfortunately I have no J-mod contacts in any form. I guess I should go ahead and post my reason for concern even if I might be painting a target on my back.

Way back when I set up 2FA on my RS account I didn't have a phone so I utilized Authy on my PC. I'm not sure if it is still here but there was a guide on this website for setting it up on a PC. Then at some point I lost access to the email tied to my RS account so I had to do a full recovery to assign a new email. That didn't go smoothly but eventually I succeeded in proving ownership of this account. Not wanting to do that again I took a screenshot of the info used in the successful appeal and typed it in text form, too. Then knowing how this info can sometimes fall in to the wrong hands if saved as a file on a computer or printed on a paper I wanted to secure it. Since I was using LastPass to manage my passwords, plus some other important things, I saved the recovery info in my LastPass account. Famous last words: I trusted the cloud.

Now, in a twist, even if I change the passwords and change the authenticator app for my two RS accounts, due to my earlier efforts to keep my accounts secure and not lose them, if the data stolen from LastPass is ever decrypted, my accounts will be recoverable by someone else. I have two accounts. The other one hasn't ever been recovered but after my experience recovering this one I started recording important info for the other one and saving it in my LastPass account. I wouldn't be surprised if I am not the only one in this situation but there probably aren't a lot of us.

24-Dec-2022 01:44:46

Lansthegreat
Oct Member 2020

Lansthegreat

Posts: 207 Silver Posts by user Forum Profile RuneMetrics Profile
I use a different auth to use for my account, and also diffently don't trust saving any important information on the cloud as it can be easy for someone to try and get onto it. But I hope you will get everything figured out.

24-Dec-2022 16:25:03

Pinguicula

Pinguicula

Posts: 10,433 Opal Posts by user Forum Profile RuneMetrics Profile
Might adding my two accounts to a new Jagex account work? Seems the sticking point is the current recovery system. I don't know if migrating the two accounts to a new Jagex account would make it impossible for a hijacker to take over the accounts by using the recovery system.

24-Dec-2022 18:10:40 - Last edited on 24-Dec-2022 18:11:09 by Pinguicula

Applejuiceaj
Nov
fmod Member
2011

Applejuiceaj

Forum Moderator Posts: 45,000 Sapphire Posts by user Forum Profile RuneMetrics Profile
From what I understand, yes - once a character is added to a Jagex account, it can only be logged into via using that Jagex account, and cannot be recovered using the recovery system anymore. That sounds like it should resolve the concern you have.

That comes out sometime early next year to my knowledge.

24-Dec-2022 19:59:19

Pinguicula

Pinguicula

Posts: 10,433 Opal Posts by user Forum Profile RuneMetrics Profile
More bad news from LastPass

https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/

Any chance I can get in on the closed beta for the Jagex accounts before it is too late for me?

Seems wrong but do I need to sign up for Twitter and tweet a security J-mod about this? Who do I tweet at?

28-Feb-2023 06:17:30 - Last edited on 28-Feb-2023 06:20:23 by Pinguicula

Quick find code: 408-409-661-66269849 Back to Top