Forums

Passwords and Case Sensitivity

Quick find code: 185-186-178-66062754

Conqueress
Feb Member 2019

Conqueress

Posts: 2,054Mithril Posts by user Forum Profile RuneMetrics Profile
Hey everybody, this has been weighing a little heavy on me for a while, so I figure I'd share my thoughts with each and every single one of you wonder people.

As you all may or may not know, throughout the early years of RuneScape, account security has been pretty limited in regards to the resources in the steps and precautions to take, and it has been highly encouraged, time after time, preached about in the forums as well as the guides. Unfortunately many people have fallen victim to having their accounts stolen due to the lack of authenticity to their password creations, and still to this day it seems like some people do, however, part of this is due to other reasonings, but this is a separate subject. It's highly recommended to have a password that has numbers as well as letters, but what about case sensitive passwords along with special characters?

At first if I remember correctly, after the account recovery questions that we've been able to change regularly through the earlier years once our accounts have been stolen or if we've forgotten our passwords, we were able to answer the security questions to regain access of our accounts, and after this, the Stronghold Security came into play (which hasn't been updated in forever), followed by this, we were given the option of added security by saving our trusted source of Internet IP address along with adding our Emails to our account incase we get suspicious login attempts.

Now forgive me if this post has been made before as I've been away from the game for a while, and I apologize if this may seem like a repeat for some who have posted a topic about this before if it's been discussed, but I cannot emphasize enough how urgent it is that we maintain an increased security on our accounts. I'm sure that myself along with other players out here do change our passwords regularly, just to keep the sense of security alive within our accounts.

- Continue on below -

23-Nov-2018 16:58:13 - Last edited on 25-Nov-2018 22:25:23 by Conqueress

Conqueress
Feb Member 2019

Conqueress

Posts: 2,054Mithril Posts by user Forum Profile RuneMetrics Profile
Recently I logged in and out of my account by testing a theory, mind you it's been sitting in my head for the past couple of years because I figured it would not go noticed or even supported due to the current methods of security we have, and have assumed that it would be disregarded.


TESTED:


1. ALL CAPS PASSWORD - Login
successful


2. lowercase password - Login
successful


3. mIxEd LoWeR aNd UpPeR pAsSwOrD - lOgIn
SuCcEsSfUl


4. Adds special character to password -
Unsuccessfully able to change password
....BihhWhat? O_o (Sorry can I say that?)


We're only allowed letters A to Z, number 0 to 9. A lot of other sites, highly encourage, if not, REQUIRE you to have a case sensitive password, in combination with having special characters along with it. Now don't get me wrong, I do love the Authenticator and the extra sense of security it gives us, but wouldn't it also be good to know that you have the option of creating your passwords with some sensitivity added along with it? I would really love to have some knowledge on why this hasn't gone into place.

With change like this, I can imagine that it would probably involve tweaking around with the servers in order to get this to become a thing, and I'm aware of mixing up a password with numbers and letters, which can create some spice to the authenticity, but if we're not able to add specialized characters like "@ ! # % $" etc., let's do the talk about at least adding capital letters? I do strongly believe that this can and will become a thing for us.

Feedback is highly encouraged.

23-Nov-2018 16:58:46 - Last edited on 25-Nov-2018 22:29:34 by Conqueress

Jasseh
Feb Gold Premier Club Member 2017

Jasseh

Posts: 2,719Adamant Posts by user Forum Profile RuneMetrics Profile
I just discovered this by accident and was shocked. Hit caps lock while typing my password and fully expected the login to fail and force me to try again... Successfully logged in.

This is poor, password security should be improved so that at the very least it becomes case sensitive, though enforcing mixed case and at least 1 special character would be better.

02-Jan-2019 19:21:52 - Last edited on 02-Jan-2019 19:22:16 by Jasseh

Daibhi
Sep Member 2017

Daibhi

Posts: 830Gold Posts by user Forum Profile RuneMetrics Profile
Jasseh said:
I just discovered this by accident and was shocked. Hit caps lock while typing my password and fully expected the login to fail and force me to try again... Successfully logged in.

This is poor, password security should be improved so that at the very least it becomes case sensitive, though enforcing mixed case and at least 1 special character would be better.


Just logged out after reading your comment, put caps on and typed my password and the account still signed in - I thought the client wouldn't accept attempts without being exactly like how I had set the password up to be. I'm genuinely surprised that it doesn't work like that.

Special characters doesn't surprise me though things like are exclusive to the Irish language. Although being able to use them would strengthen passwords even more combined with caps, lowercase and numbers.

02-Jan-2019 19:44:42

Jasseh
Feb Gold Premier Club Member 2017

Jasseh

Posts: 2,719Adamant Posts by user Forum Profile RuneMetrics Profile
Daibhi said:
Jasseh said:
I just discovered this by accident and was shocked. Hit caps lock while typing my password and fully expected the login to fail and force me to try again... Successfully logged in.

This is poor, password security should be improved so that at the very least it becomes case sensitive, though enforcing mixed case and at least 1 special character would be better.


Just logged out after reading your comment, put caps on and typed my password and the account still signed in - I thought the client wouldn't accept attempts without being exactly like how I had set the password up to be. I'm genuinely surprised that it doesn't work like that.

Special characters doesn't surprise me though things like are exclusive to the Irish language. Although being able to use them would strengthen passwords even more combined with caps, lowercase and numbers.


In terms of password security "special characters" means things like ? ! # @ etc. that aren't alphanumeric.

08-Jan-2019 18:27:11

Only1Bader
Jul Member 2018

Only1Bader

Posts: 9,706Rune Posts by user Forum Profile RuneMetrics Profile
Daibhi said:
Jasseh said:
I just discovered this by accident and was shocked. Hit caps lock while typing my password and fully expected the login to fail and force me to try again... Successfully logged in.

This is poor, password security should be improved so that at the very least it becomes case sensitive, though enforcing mixed case and at least 1 special character would be better.


Just logged out after reading your comment, put caps on and typed my password and the account still signed in - I thought the client wouldn't accept attempts without being exactly like how I had set the password up to be. I'm genuinely surprised that it doesn't work like that.

Special characters doesn't surprise me though things like are exclusive to the Irish language. Although being able to use them would strengthen passwords even more combined with caps, lowercase and numbers.


I was also shocked when i tried my password differently. Case sensitivity should be there for added toughness to passwords.

16-Jan-2019 10:37:43

Conqueress
Feb Member 2019

Conqueress

Posts: 2,054Mithril Posts by user Forum Profile RuneMetrics Profile
Hey all, sorry for the super late posts! I appreciate each and every one of your feedbacks wholeheartedly. I'd like to see case sensitive passwords become a thing one day.

20-Jan-2019 23:43:32

Quick find code: 185-186-178-66062754Back to Top