forums.rs

Forums

Security issues

Quick find code: 86-87-326-66145243

in the Game
Dec Member 2017

in the Game

Posts: 194 Iron Posts by user Forum Profile RuneMetrics Profile
So, a recent problem came up with a person close to me (irl); this persons phone just suddenly reset itself and the person lost access to phone + authenticator

^this of course resulted in a small panic about losing rs account (along with losing other stuff)
-BUT-
We then came to find out that you can disable authenticator with access to email only.

[now after background to the actual post]
Since authenticator can be disabled with mere access to email which can be stolen pretty easily, and log in password changed from the same place, COULD WE PLEASE MAKE AN ACTUAL SECURITY PROTECTION FOR THIS GAME?

here's how to make it so:
-"forgot your password" to be switchable to "reset with text message only" if player wants to
-pin code sent to phone number on every log in from new ip before any access to gameplay

[!] I'll post the same without background to the game content suggestions. You're in the game...

29-Feb-2020 17:59:38

Pescao6
Aug Member 2007

Pescao6

Posts: 9,075 Rune Posts by user Forum Profile RuneMetrics Profile
I personally advise people to use Authy as their authenticator app. It syncs to your phone number so if you ever change phones, you can retain all of your authentication codes without needing to go through that annoying disabling and re-enabling authenticator process. Plus you can also use it on multiple devices like on your computer at the same time.

As for someone disabling the authenticator, if you have 2-step verification on your email people shouldn't be able to access your email.

But yeah... once they get into your email RIP. Your last barrier of protection is having the bank pin and assuming that as good practice you bank your stuff before logging out. Note that your bank pin might be good for 3 or 7 days depending on what setting you put when you talked to a banker npc.

If your email has been compromised, your email provider most likely has some kind of guide for securing it. You'd want to check for things like trusted devices, auto-forwards and email filters and remove any that have been added. Changing your email password should log out all devices. But if you no longer trust that email, you can always change your registered email .

Worst case scenario, submitting a password reset can be used to both disable the authenticator if you don't have access to your email or if your accoung to hijacked.
*
Pescao6
of
El Imperio Latino

Hola Noob! Klk? What's up?
~
Discord: Pescao6#0001

13-Mar-2020 20:18:01

War tortoise
Sep Member 2011

War tortoise

Posts: 9,487 Rune Posts by user Forum Profile RuneMetrics Profile
in the Game said :
Bank pin should be asked on WILDERNESS ENTRY so they cant steal the gear you wearing without needing to bypass bank pin

theres a toggle for that in settings, its on for me, but off on my skiller. Lost Woods numba 1, (NOT EE, Those scrubs are liars ;p)

*~War Tortoise

04-Nov-2020 00:58:47

Quick find code: 86-87-326-66145243 Back to Top