Forums

Too Much Security

Quick find code: 278-279-833-65955536

of 3
djh101

djh101

Posts: 2,172Mithril Posts by user Forum Profile RuneMetrics Profile
Jagex has always been over the top when it comes to account security. Given the value of MMOPG accounts, this is understandable for actions that could compromise a player's account (logging in, changing account settings, etc.), but is posting on the forums really a top security priority?

What I am referring to is the fact that to post on the forums I must have the correct session key in the URL and a previously correct session key becomes invalid as soon as I log in elsewhere. How this usually goes is I first open the forums and subsequently open a handful of threads into their own tabs. While reading a thread I decide that I want to reply and then log in. Then while reading another thread I log in again since I opened this tab prior to logging in before and it doesn't have a URL session key. But now I must log in again on the previous thread because that session key is now invalid.

Suggestion:
Get rid of URL keys on the forums. Having to log in every time I wish to reply to a thread is very irritating. Jagex is the only company that I know of that uses such extreme security measures solely for the purpose of posting on a public forum. Keep using them for high security (i.e. login blocked) pages but this is overkill for something as benign as the forums.
Old School Update Priority: Fix Broken Skills > Revitalize Dead Minigames > Everything Else

06-Oct-2017 04:55:51

Thunder†Jinx
Feb Member 2010

Thunder†Jinx

Posts: 13,478Opal Posts by user Forum Profile RuneMetrics Profile
I've never had issues with needing to log in again, do you by chance open threads and wait over an hour before making your reply?
Darkness rises when silence dies.

Save time and money
join
Fast Sc
friends chat for BXP across many skills!

06-Oct-2017 07:20:44

Post
Jul Gold Premier Club Member 2018

Post

Posts: 18,390Opal Posts by user Forum Profile RuneMetrics Profile
Getting rid of keys is one idea, but you can copy/paste your session code from one browser tab to another.

Alternatively, just log in before you open a bunch of threads. That way, any new tabs will also have the session key.
◊ Aussie
◊ Forum Enthusiast
◊ Minigamer
x
Road to Comp ◊
Serenity Isle CC ◊
Minigames FC ◊

06-Oct-2017 07:34:48

djh101

djh101

Posts: 2,172Mithril Posts by user Forum Profile RuneMetrics Profile
Exaltic said:
as someone with a fairly well known account (i'm pretty famous on twitch) these are the extra layers of security that make me feel secure in playing the game without 2 factor authentication


This would not affect the security of the game or any website features that are currently behind a login requirement. All this would do is remove the requirement to have a valid session ID in your URL in order to post on the forums, using instead session tokens like every other website (i.e. you still have to log in and obtain a valid login token, it would just be stored in a different place).

Thunder†Jinx said:
I've never had issues with needing to log in again, do you by chance open threads and wait over an hour before making your reply?


Nope. I log in, open the forum that I am interested in, and then spam the middle button on my mouse in order to collect the threads that I want to read in their own tabs.

Post said:
Getting rid of keys is one idea, but you can copy/paste your session code from one browser tab to another.

Alternatively, just log in before you open a bunch of threads. That way, any new tabs will also have the session key.


Sure, but it would be much more convenient to simply get rid of the URL token. Copying the token is more of a hassle than logging back in. I could log in as soon as I open the forums, but I don't always remember to do that; often my intent is only to read a couple of threads but certain posts end up changing my mind. Given the amount of security that this feature adds (not much) and the limited amount of damage that could be done by gaining access to someone's forum account, I don't think it is worth the added inconvenience (feel free to rebut if you disagree).
Old School Update Priority: Fix Broken Skills > Revitalize Dead Minigames > Everything Else

06-Oct-2017 08:06:51 - Last edited on 06-Oct-2017 08:06:59 by djh101

SORXER
Aug Gold Premier Club Member 2012

SORXER

Posts: 563Steel Posts by user Forum Profile RuneMetrics Profile
there should be 2 different passwords, one for the game, one for the forum. so if hacker finds out forum he still cant do damage to the player, only write stupid comments :-P

13-Oct-2017 00:51:14

Quick find code: 278-279-833-65955536Back to Top