Forums

Remove catpatchakThread is locked

Quick find code: 278-279-793-66111678

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
jagex still enforcing CAPTCHA on their website when there is no restriction on the in game client, nor the companion app before it was removed

meanwhile we literally have 2 factor authentication enabled and no way to log in using 2fa?

ok
bring back the lumbridge pig pit

20-Jul-2019 19:09:10

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
Mod Lyon said:
Going to keep this short, we are never going to remove reCaptcha.

so jagex does not care that they are preventing chinese users from using their site.

the website already blocks IPs from logging in after multiple failed attempts. what is the purpose of captcha then?

this provides no benefit to users and the website already has a system in place to deal with bots trying to log into accounts.

we also have a 2fa method of securing our account which is literally unused on the website.

Mod Lyon said:
Original message details are unavailable.
the companion app could be used for the longest amount of time thru a web ui

One of the many benefits to removing the companion app.

companion app required google authenticator to log in. there was no need for captcha on it, because you needed 2fa to log in. this response makes no sense. why would having a web ui to log into a web app be a bad thing? did you even use this app?

Mod Lyon said:
The game is another story, and comes with a huge amount of UX & UI problems, of which are no small pieces of work.

this is my point. even the GAME and companion app have 2fa but the website does not.



the website hasn't been updated in forever and the latest update you guys do just makes it harder for people to use?
bring back the lumbridge pig pit

23-Jul-2019 10:14:35 - Last edited on 23-Jul-2019 10:27:36 by Immortalized

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
Mod Lyon said:
Jagex cares about protecting the majority of our users by enabling as many security precautions as reasonably possible for our most critical systems.

how about enabling 2fa then instead of talking about it

Mod Lyon said:
reCaptcha is another level of security, which allows us to stop bots from having X number of "free" attempts to log into an account. A user with a large botnet would be able to evade our IP blocking extremely easily. We are not going to remove levels of security from the website and will always work to ensure the balance between user experience and account security is met.

the current user experience is anyone living in the largest country in the world cannot log into runescape.com

let me just play hypothetical here. I am a botnet trying to hack immortalized's account. first I need to know their email address, which somehow I have miraculously obtained. now I need to send hundreds of bots on a quest to attempt to guess millions of times. so when your login server receives a million attempts to log into immortalized from hundreds of different IP addresses you do nothing? I mean I guess if captcha is your crutch from actually developing a real plan here then you guys should just admit it. my bank will lock my account if too many failed attempts are made, maybe you should take note from a more secure institution's plan.

and they do not use captcha, which is not "secure" as there are literal paid services that solve captchas for you

I am currently graced in my browser as not needing to solve a captcha anymore. what is stopping me from running a browser script to bruteforce now?

Mod Lyon said:
As already mentioned, 2FA on the website is something we have already committed to doing.

until it happens this is all talk. we have had 2fa for years and the only update made to the website is some useless captcha that blocks china
bring back the lumbridge pig pit

26-Jul-2019 07:58:35

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
the real kicker here is that captcha is just free machine learning for google, disguised by false impression that it is providing you any security

filtering out bots should not be your plan for account security, it is just an excuse not to provide a better system

currently my account is vulnerable if REAL people are trying to log into it across the globe, because instead of locking my account jagex is hoping the only aggressors are bots

and the only security to resolve this is 2fa, not captcha. and 2fa eliminates the need for captcha
bring back the lumbridge pig pit

26-Jul-2019 08:03:08

Immortalized

Immortalized

Posts: 32,823Sapphire Posts by user Forum Profile RuneMetrics Profile
there is absolutely no purpose whatsoever for captcha if a user uses 2fa to log in

absolutely none

by the way, just repeating yourself "we aren't going to do it" is a pointless tactic to end any discussion of this poor judgment that provides no additional security for anyone using 2fa

have some credibility
bring back the lumbridge pig pit

26-Jul-2019 12:06:28 - Last edited on 26-Jul-2019 12:07:03 by Immortalized

Quick find code: 278-279-793-66111678Back to Top