Forums

Protect User┤s Character Names

Quick find code: 278-279-480-66098079

of 6
NeveráRIP

NeveráRIP

Posts: 1,218Mithril Posts by user Forum Profile RuneMetrics Profile
Mexk said:
DracoáBurnz said:
NeveráRIP said:


Auth is like 1000x more superior protection.

Auth alone in better security than runescape password and pin combined.

Why should forums require any security at all? What's the worst that can happen if someone gets on the forums with ur account?

A bit of spam? Banned from the forums??



Agreed.

Would like to know as well.


Please bear in mind that the OP merely made a very reasonable request to have sensitive areas of the website -- that is, everything concerning account management -- locked behind adequate security exactly like the game. He did not suggest adding anything to the forums, though I would personally not mind getting that either. I do not see how any level of additional security can be considered bad.


U say that but they removed JAG.

Don't argue with me. Go get JAG back.

Please bear in mind that my quote was edited and I was talking to dong.
Skillet? Skill no.

So much moot.

12-May-2019 17:03:52 - Last edited on 12-May-2019 17:44:42 by NeveráRIP

The contents of this message have been hidden

12-May-2019 17:06:46

NeveráRIP

NeveráRIP

Posts: 1,218Mithril Posts by user Forum Profile RuneMetrics Profile
Here's my suggestion to fix this "security" concern...

Just remove the change name section in account settings.

Make it so ya can only change name in game.

Too easy.

No security changes.

Just delete the change name section in account settings.

ya Don't need additional security on something that could just as easily be deleted.
Skillet? Skill no.

So much moot.

12-May-2019 17:23:34 - Last edited on 12-May-2019 18:03:35 by NeveráRIP

NeveráRIP

NeveráRIP

Posts: 1,218Mithril Posts by user Forum Profile RuneMetrics Profile
NeveráRIP said:
DongáUáDead said:
Bank pin is one of the best account safeguards. I wish the Bank pin protected our whole accounts, not just the bank.

Authenticator is good, I don't feel it's perfect though. I don't know why the forums are lacking in account security.

The forums should have better security which would then protect our accounts from this end.


Auth is like 1000x more superior protection.

Auth alone in better security than runescape password and pin combined.

Why should forums require any security at all? What's the worst that can happen if someone gets on the forums with ur account?

A bit of spam? Banned from the forums??

Ps, auth isn't as good as JAG tho :(

I miss JAG </3

I never contacted customer support to help unJAG my account. Why must I be punished for others lack of awesomeness?

Auth is pretty reasonable tho except I hate that jagex has essentially passed the buck on account security to our email providers.


Pretty sure I was addressing dong and not exactly the topic in regards to "character name security".

But go on, hate on me because my quote was changed...

Ps, I like you dong.
Skillet? Skill no.

So much moot.

12-May-2019 17:43:17 - Last edited on 12-May-2019 17:49:38 by NeveráRIP

MilesáPrower
Nov Gold Premier Club Member 2006

MilesáPrower

Posts: 9,338Rune Posts by user Forum Profile RuneMetrics Profile
NeveráRIP said:
^ so u want to increase forum security where nothing is at risk by reducing game security?

And it doesn't work anyway.

What if u delete ur auth that is required to enter the game AND (as I think ure suggesting) Will be required to enter Account Settings so u can remove auth??

Ya can't "require auth" to "remove auth".

This idea is a terrible idea. It doesn't work and it reduces actual game security.


Well then most popular services across the internet are currently adopting this "terrible" idea. I would expect game security to remain the same if Authenticator was implemented across the website as well. Please could you explain why this would not be the case?

In the event that you lose your stored Authenticator code for any reason, backup codes and e-mail verification would return access to your account with no manual Customer Support required. Phone verification for account recovery would also be a massive leap forward.

For the vast majority of players, the Authenticator in its current state is protecting their in-game position and inventory. Their bank is also protected if they choose not to have a PIN in favour of Authenticator. More sensitive data (such as personal details and messages from Jagex) is not currently protected by more than a password layer.
Low on bank space? Click here.

12-May-2019 18:48:11

NeveráRIP

NeveráRIP

Posts: 1,218Mithril Posts by user Forum Profile RuneMetrics Profile
^ because i use my phone for forums and my computer for game. That's two access points for hackers.

But how would u get into account security in order to request the email to disable auth, if auth is required to enter Account security?

I completely disagree that messages from jagex are "more sensitive " than access to my in game bank account. In fact, I would post all jagex interactions in my message centre to a public "try to hack me" forum. There is no personal data imo.

Also, currently, I have auth on my phone and emails on my computer... I don't want them together in case I lose one or the other. I dont want any of my divices to have my user name, email, passwords, and auth all saved in one device in order to protect my user name, at the risk of l doing my actual in game security.

Furthermore, I suggested a solution for OP. Delete "change name" option in account security. Only allow name changes in game.
Skillet? Skill no.

So much moot.

13-May-2019 00:43:03 - Last edited on 13-May-2019 00:50:32 by NeveráRIP

MilesáPrower
Nov Gold Premier Club Member 2006

MilesáPrower

Posts: 9,338Rune Posts by user Forum Profile RuneMetrics Profile
NeveráRIP said:
^ because i use my phone for forums and my computer for game. That's two access points for hackers.


Please could you elaborate?

NeveráRIP said:
But how would u get into account security in order to request the email to disable auth, if auth is required to enter Account security?


You would follow the normal account recovery process via e-mail just as you can now even if Authenticator is enabled. The e-mail account you are linking to your Jagex account should also be secured using similar methods.

NeveráRIP said:
I completely disagree that messages from jagex are "more sensitive " than access to my in game bank account. In fact, I would post all jagex interactions in my message centre to a public "try to hack me" forum. There is no personal data imo.


You may have no sensitive data in your inbox. People contact Jagex for different reasons such as for Billing enquiries. Your in-game items do not contain any PID.

NeveráRIP said:
Also, currently, I have auth on my phone and emails on my computer... I don't want them together in case I lose one or the other. I dont want any of my divices to have my user name, email, passwords, and auth all saved in one device in order to protect my user name, at the risk of l doing my actual in game security.


A robust recovery process offering you multiple ways to verify yourself would address these concerns. This is why companies using Authenticator usually give you a set of backup codes - and it's up to the user whether they wish to save them or not.

NeveráRIP said:
Furthermore, I suggested a solution for OP. Delete "change name" option in account security. Only allow name changes in game.


While you are correct that this would mitigate this particular concern, it comes at the expense of convenience.
Low on bank space? Click here.

13-May-2019 07:52:54

NeveráRIP

NeveráRIP

Posts: 1,218Mithril Posts by user Forum Profile RuneMetrics Profile
^ id rather not get too far off topic.

But there's the correct way to remove auth and that is log in to account settings and click remove auth. And then there's the nooby way which is account recovery - please don't force us all to be a noob like u r trying to do..
Skillet? Skill no.

So much moot.

14-May-2019 00:17:38 - Last edited on 14-May-2019 09:49:43 by NeveráRIP

MilesáPrower
Nov Gold Premier Club Member 2006

MilesáPrower

Posts: 9,338Rune Posts by user Forum Profile RuneMetrics Profile
NeveráRIP said:
^ id rather not get too far off topic.

But there's the correct way to remove auth and that is log in to account settings and click remove auth. And then there's the nooby way which is account recovery - please don't force us all to be a noob like u r trying to do..


In that case I shall continue to support the "nooby way" and remain of the opinion that this would be the best way to protect against unwanted character name changes via the website. ^_^
Low on bank space? Click here.

14-May-2019 17:39:03

NeveráRIP

NeveráRIP

Posts: 1,218Mithril Posts by user Forum Profile RuneMetrics Profile
MilesáPrower said:
NeveráRIP said:
^ id rather not get too far off topic.

But there's the correct way to remove auth and that is log in to account settings and click remove auth. And then there's the nooby way which is account recovery - please don't force us all to be a noob like u r trying to do..


In that case I shall continue to support the "nooby way" and remain of the opinion that this would be the best way to protect against unwanted character name changes via the website. ^_^


At the risk of ur actual game account*

It seems u support jagex losing all security control of our accounts. And want it so emails providers have complete control over our game security.

No support for reduced game security.

Bring back JAG.
Skillet? Skill no.

So much moot.

15-May-2019 00:15:24

Quick find code: 278-279-480-66098079Back to Top