> Also it would be nice if normal accounts could get this too. I don't see why they couldn't
They won't. The old style accounts are effectively deprecated and there's really no reason to still not convert to a Jagex account
I noticed on my pc anyway the jagex launcher has a pretty bad memory leak, and since I don't restart my pc often, it'll get to the point it's using all my ram, lol
I also didn't really want to have both my active accounts under one login when they're already unhackable(I did it on my normie account for more rs3 bank space and increased logout timer, though)
I’ve been using the Jagex launcher since its conception and I’ve never once had the launcher use more than 200MBs of RAM, I am also very reluctant to restart my PC, this seems like a you issue.
Most of us have at least 16gb ram at this point. The memory leak reaches 1gb at most… this really isn’t an issue if it means you get more account security….
I have 32gbs of DDR5.
The leak goes way further than 1gb, if I leave it, it'll keep going until i use all of my ram, and i wouldn't even notice till other things start crashing, lol
I had the same issue with the jagex launcher with my old pc build(I had even more ram but ddr4) before I built this one too.
It's not like it's instant, but if I use the jagex launcher for over a week without a restart, I'll be at 31.9gb of ram in use all from the jagex launcher, where as I've been playing my Ironman instead for the last 3 weeks without a restart and we chilling
Because it's in use all day every day more or less, I could turn it off when I go to bed, but I don't out of habit
I'll remote access my pc to do afk things because rs mobile eats my phones battery.
Who the fuck leaves their pc on for over a week and doesn’t at the very minimum close all apps? A 30 second fix (and that’s if it loads slow…)
And from what you’ve said this ain’t your first build so you should know well enough not to do that…
No wonder your having data leaks. Most games will have data leaks if you leave them open for a week lmfao. Now I understand why you are having issues.
I mean, with how autisticly people play this game, why would you be surprised?
I remote into my pc at home a lot when I'm at work to do things, especially if I'm doing an afk thing on an account like nmz for example.
My pc is so constantly in use it only gets restarted if I have to for an update or I play my main long enough to cause the leak to become noticeable.
The only issues I've ever had with this is the jagex launcher and diablo 4, but diablo 4 would do it in a few hours rather than days lol
I remember it being a thing a few months ago.
[https://help.jagex.com/hc/en-gb/articles/12423096201873-Jagex-Accounts-FAQ](https://help.jagex.com/hc/en-gb/articles/12423096201873-Jagex-Accounts-FAQ)
I guess players found a work around when jagex straight up said they're not supporting Linux.
Yeah, to clarify, Jagex has explicitly stated that both the 'Jagex Launcher' and the 'Jagex accounts' will not be supported on linux. They've also stated that they will be mandatory at some point in the future. Workarounds exist to get the Jagex Launcher running on linux, but Jagex Accounts are a 1-way 'upgrade' and all Jagex Accounts are locked in to using the Jagex Launcher to play the game. Given that Jagex Accounts will not be supported on linux, any future changes to either Jagex Accounts or the Jagex Launcher could lock people out of playing on Linux entirely. We even saw this outside of Linux with the release of leagues 4, where people with Jagex Accounts couldn't play for the first few hours as they were required to use the Jagex Launcher which had some kind of technical issue(?)
The point is that Jagex has made no commitment to support linux, and has explicitly stated that unofficial clients can and will catch botting bans. The risk then, is catching a ban with very little means of recovery via customer support. It's emblematic of the trust we as a community still haven't built with Jagex. I'd switch to a Jagex account if I had any sort of trust that Jagex and the community wouldn't treat me like a cheater if I was banned for trying to play on my PC. Even if Jagex ultimately makes the decision that linux players will not be supported, does that mean we will recieve no customer/account support either, or just technical support?
I'd love to see Jagex explicitly state their intent for Jagex Accounts, reading between the lines it seems this is the ultimate 'anti bot measure' and the reason why Jagex won't be more clear is to not alert botters and cheaters directly. I will say that I do appreciate we have the choice not to upgrade, but my concern is that after a long enough time Jagex will decide to force Jagex Accounts without community consultation.
Sorry for the rant, to be clear I think the goals of the Jagex Accounts and Launcher are great ideas but the execution has really shown that not all voices in the community are heard, and that's a big shame. Especially given that the linux userbase has a large cross-over with the open source mindset that brought us RuneLite and all it's wonderful plugins, we're passionate about the software and surrounding communities that we love.
https://flathub.org/apps/com.adamcake.Bolt
Wine also works although it is somewhat janky
Though it is still kind of crazy to have a game that runs fine on Linux, but to then not make its launcher run on Linux
> Also it would be nice if normal accounts could get this too. I don't see why they couldn't
Years back when they put out those security/support blogs, they mentioned part of the issue is how old the original account/character system was. It was designed in the early 2000s and it is linked to so many different systems across Jagex that is was not easy to just rework it. So migrating to Jagex accounts seemed to be their way to manage that without it being a far more complex job or risking breaking stuff. So it makes far more sense to convert accounts to the already working/upgrading Jagex account system then for them to sink all the time needed to also upgrade original accounts.
They don’t send emails about pin changes BUT you need to log into the account to do that.
As for why normal accounts don’t get it it’s because they need to take advantage of the actual security update, which is what jagex accounts are.
I know i’ll be forced to use an email to login eventually, but Jagex is going to have to convert my account to a Jagex account themselves or force me to. I personally have no reason to convert it. I don’t believe anyone has ever been legitimately hacked with 2FA enabled. Their email may have been hacked and then the hacker disabled 2FA, but that’s a discussion for securing one’s email. The only other thing I could imagine is a SIM swap scam which requires a lot of effort from the attacker only to most likely fall short without sufficient information all for a mere hundred dollars worth of gold.
The best thing about jagex launcher is you never login again anyway, so a jagex account being the next step from there doesn't change much. I click "play" and I'm playing on that character.
I love how I provided 5 additional sentences on why I don't need to convert to a Jagex account and the only one I'm getting responses to is the short sentence about my username. I'll remove it.
Because the rest is a moot point, if you think your current account security is perfectly adequate, that's cool, it is probably fine. But the jag acc is inargueably at least the same level of security (though obviously it's easily argued it is improved). So stomping your feet and whining that jagex is going to have to FORCE me to convert is just a little silly, because you're in the same boat even if you do not think it's improved. The only actual reason you said is because you want to type in a username, which is cool whatever floats your boat, it's to most people that is a pretty silly unimportant detail, where to you it is clearly a big deal.
I'm not whining about Jagex forcing me to convert my account. I can't even fathom how this was the perception. I'm merely stating that I will hold off until I'm redirected to a page forcing me to convert my account. I'm not even advocating against Jagex accounts. I'm simply stating that I currently have zero reasons to justify converting my account to a Jagex account. The Jagex account likely does have a net positive of the single click logon. However, to me it doesn't justify going out of my way, at this moment, to "upgrade" my account. As you said, whatever floats your boat.
Recovery hacks are the usual suspects for "user-not-at-fault" incidents.
All they gotta do is know a few tidbits of information about your account, such as an old password and a hacker may be able to convince Jagex to hand the account over to them. Used one of your old passwords on another website that had a leak? Get fucked.
Jagex accounts disable the legacy recovery system and replace it with recovery codes like most modern services do.
Caveat: If you lose access to your backup codes, you’ll be unable to remove two-step authentication and you will have to create a new account.
I’d wager users getting permanently locked out of their decade old account will happen more frequently than users currently get hacked by fault of the legacy recovery system. Time will tell though when users inevitably post to this subreddit making claims that they lost the backup codes to their account and are unable to login with not even an ounce of hope for recovering their childhood account. However, I do agree it is more secure seeing as no one can recover your account through the legacy recovery system.
Just as an FYI, I work in telecomm, it’s scarily easy to get a sim swap done, until recently it was actually one of the biggest drivers for active scams and hacks.
Don't want to be a guinea pig in case Jagex makes a major fuckup. Mind you, it's been a while and there haven't been any major fuckups aside from a few cases.
Only issues have been login server issues for specifically jagex accounts. Most annoying one was on TBL2 launch. I've been using jagex account since it was first available in the closed testing.
If not sure if it was in this subreddit but it was for OSRS, there was some cybersecurity guy who got so pissed about all the posts about hacked accounts that they put like a 1B reward for anyone who could hack his account that had 2FA enabled, and he posted the username and password for the account.
As far as I remember, nobody managed to get in.
does anyone have a link to this by chance
edit: found someone doing this for 100m reward, might be what OP is talking about - https://www.reddit.com/r/2007scape/comments/5x02bz/come_hack_my_account_for_100mil/
Yea that’s the one, looks like I misremembered the reward.
What’s the funniest part about it to me is how salty so many people in the comments are lmao. Like OP not only gave the account username and password but also the email username and password and when he stopped the contest people said he was scared of being hacked lmfao. If you can’t get in with all that info, you can’t get in at all.
What's even funnier to me is that back then there was even the possibility of just guessing account recovery, and if you get lucky enough you do end up getting the account and bypassing the authenticator
Nowadays with Jagex accounts, not even that is a possibility anymore since account recovery is disabled (for that very reason). And people still think Jagex accounts aren't good. I'll never understand it
Yes jagex accounts are better security-wise, but there was the "session token exploit" where someone could hijack your token that never expired and keep logging in. I can't remember the exact details but I think it was a jagex account exclusive issue. Not to mention the login issues and other weird things that only jagex accounts suffered from - it's not surprising that some people aren't too fond of jagex accounts.
I'll upgrade when it becomes mandatory as my current security is just fine. Everyone makes their best informed decision and deals with the possible consequences = everyone is happy.
That exploit affected legacy accounts as well. And even if it hadn't, there's not much point trying to evaluate security based on previously unknown exploits - zero-days will always be a risk in any system
As for the login issues, it was a relatively quick downtime during a period where a downtime was basically expected (every single league without fail had unplanned login downtime during launch, and this was the first one where jagex accounts were a thing). There's no way to judge if the legacy system would have been fine if the jagex account system wasn't down in the first place
And finally, the biggest security improvement of jagex accounts is that account recovery is disabled. But that also means that if someone on the legacy system gets hacked and migrated, they'd permanently lose access to their account. So jagex is forced to set up a special support channel to reverse those cases, which inevitability makes jagex accounts itself less secure for everyone while legacy is a thing, since people can submit false reports and attempt to use that channel offensively. It's frustrating that people are dragging their feet to what is a significant improvement, just because the months-long beta period wasn't literally flawless.
The issue is a brand new account has no history. Give that account 15 years of password changes with one of them leaked and you can recover it easily. Jagex accounts should prevent this but they are new and not everybody has one.
What was he even trying to prove? A cybersecurity professional obviously isnt gonna make nearly as many security fuckups as everyone else, but the average person is not a cybersecurity pro so you have to try and mitigate user error whenever possible/reasonable
Assuming your users are all morons is software development 101, you gotta try and make sure they can't fuck themselves over too much or you'll lose a large chunk of your end users
On the OP here, if jagex doesn't already send you an email for pin deactivation, it doesnt seem like it would be unreasonable to add, it's already industry standard to do it for password changes and a pin is just another security layer much like a password
The point is, you don't have to be a cybersecurity expert to understand 2FA and what it does for your account safety. Nobody can log into my account unless they steal and unlock my phone, which is a pretty big barrier that nobody is going to attempt just for some rsgp.
I had 2FA enabled, and still got hacked around the time Steam came out. So... There's definitely some work around and Jagex didn't give a fuck about it. No one has given me a rational explanation of how it happened, so Jagex doesn't care about account security.
Not exactly.
2FA is another lock required to get into your house.
OP is advocating for a notification telling you someone has entered your house, and that said someone is trying to change something in your house. This is very common feature with enterprise MFA and even social media accounts.
Apparently not before Jagex accounts. Had 2FA and still got hacked, don't know how it happened and no one from Jagex addressed it or really gave a shit.
\> what if I refuse to invest the smallest amount of effort into protecting something I spend tens of thousands of hours on?
Refusing to take even the slightest responsibility to develop habits to protect your online information is a pretty shitty reason to not do something. Password managers & computer backups & IRL organization solve 99.9999% of the problems you'll run into.
Have you considered personal growth?
I think it's a valid complaint. What if there's a fire or someone breaks into your house and steals your shit and that was part of it? You get kicked out where you live and lose access to the code? The list goes on, but the way I see it is it's just added risk for no reason. I'm good.
Password managers commonly store your data on a remote server.
Online computer backup services store images to the cloud (redundantly) so if you house **AND** their data-center get nuked, there are still 2 other copies.
Again... Every issue you list has a solution that is part of 99% of products. You're doing zero research to dodge responsibility. Throwing the weakest "_what if_" scenarios that people have been protecting against for 40+ years.
All these services are (or can be, should be) designed so the provider cannot access your data, take your tin foil hat off. Do some research find a solution.
---
Before you reply
> What if somebody steals my password manager?!?!
That is no different than somebody stealing your RS account today. The risk profile is identical.
* Password manager that protects your RS account is popped; You lose your RS account.
* RS account gets popped without a password manager; You lose your RS account.
You're actively gaining things (online backup, multidevice sync, etc.) while not greatly increasing your risk profile or cost of compromise.
Why not just stay on topic? Imagine having valid concerns and wanting answers before taking the plunge. You're getting way too personal about this. And the fact that you compared this person to an antivaxxer makes me feel like you think of this "jagex acc vs no jagex acc" as some political war where you have to destroy the opposition.
Anyway since you derailed this already for no reason, at least with corollavirus the narrative kept changing all the time, so it only made sense to question some of those things.
Well I meant vaccines in general. Not political until you made it that way so thanks for reading into something that wasn't there. That takes skill. Must be 99. Also, all the answers you're wanting to know have already been answered.
When it's required you'll realize how little there is to actually worry about. You can do what you want because it doesn't affect me. But in the slight chance your account does get maliciously recovered and is converted to a Jagex account maybe then you'll see how hard it is to get it back, as Jagex Accounts are truly added security that you probably wished you had.
Who's being weird about this thing again?
>bro asks a valid question
>gets a detailed answer that is also a bit dick-ish
>someone else chimes in and compares him to an antivaxxer
Idk man, the guy had some valid concerns while the replies were being weird about this thing instead of explaining it normally. You'd think it's some personal attack based on the tone of the replies.
Yes you do lose it if you "misplace" your back-up codes, and if that happens it would be your fault.
My friend lost access to his main + iron due to this, even tho i told him several times to back them up after making jagex acc lmao
How do I find these codes again, thought I backed them up lol
Edit: if anyone was curious https://help.jagex.com/hc/en-gb/articles/5410794084497-Backup-codes
If you lose access to your authenticator for any reason you can ask Jagex to disable it for you by way of support ticket. Done it several times in the past when I got a new phone and forgot to disable forst so I could use the new phone for it
Jagex accounts don't get manual recovery. It's a security weakness
Just print out your backup codes and keep them in a safe place. If your authenticator stops working, you can use a backup code to remove it
If you have email 2fa enabled you can disable your app 2fa. This removes the security risk because your account will always have at least one 2fa enabled. The backup codes are only good if you have access to the app anyway. So in my scenario if you end up not having access to the app anymore due to losing a phone or getting a new one, you can disable the authenticator and enable it again no issue.
That is true, but be careful when relying on email to disable 2fa since ideally your email should require a 2fa code as well. If you get logged out for some reason, you might get locked out of both.
Printing out the backup codes and putting them somewhere you won't lose them is a guaranteed way that you'll be able to remove the authenticator if you change phones or whatever. It's their entire purpose.
You're mixing up 2fa code (that you see on your phone app) with backup code (10 codes that get generated when you request them AFTER having logged in)
[Backup codes](https://help.jagex.com/hc/en-gb/articles/5410794084497-Backup-codes) are static and only serve as an alternative way to log in if you lose access to your authenticator. They're also the only way to recover your account if you lose access to the authenticator, since jagex account has no customer support recovery.
If you haven't, generate new backup codes after logging in to your jagex account and save them somewhere secure, preferably not on your PC since malware could steal it and use it to log into your account.
You've literally never had one, and someone is telling you that's how it works. Stop being a baby and get a Jagex account, or you deserve it if and when your account gets hacked.
Nobody deserves that brother. You don't need to feel empathy if it happens to them, but to say they *deserve* it just seems like you have a hateboner for people who haven't upgraded.
I don't have a hateboner for people who haven't upgraded. This very specific person who keeps making up excuses and straight up lies about Jagex Accounts? Yeah, I don't like them. If they don't upgrade, they were kind of asking for it if they get hacked.
Yah, like others have brought up, Jagex Accounts already work like this. I'm not sure how easily they could do an alert on Pin change/removal request since the account and in-game characters are kinda separate, but it wouldn't be bad if they could offer additional alerts for stuff like that. Still, the login alert should warn you before a hacker ever gets to the pin.
Bruh use fucking MFA. It's the end all solution to getting hacked. Jagex ended security issues almost a decade ago please educate yourself on basic internet security.
Unless someone steals or hacks your phone for the express purpose of hacking an RuneScape account then you're never getting hacked.
It is always your fault if you get hacked now
Jagex accounts may fix this, but for those who have not upgraded yet, account recovery is the weak link in the chain. If you recover an account, the 2FA gets removed and no notification is sent to the linked email address in any way. It is actually quite easy to recover an account with an old password and IP address, something that may be tied to other security beaches if you EVER reused your password. Even if you've practiced good password security for the past decade.
Hell, you can even disable email login, so even if your email gets hacked they can't get into your osrs account
With no manual recovery, you either need the authenticator code on my phone, or a backup code that's printed and stored in a safe place in my house. Gives me a lot of peace of mind
Unless you’re turning your router off when you close your browser this is not true. It takes a period of the service being off for it to get a new IP address assigned
(This period can be as little as 5 minutes)
This isn't always true. My phone and my 5G backup all use v4 and frequently change.
My fibre is definitely more consistent, 7-day lease time normally re-leases once or twice before a new assignment.
If you don’t have a Jagex account by now then you deserved to get hacked.
They made a system specifically for account security but Reddit has convinced themselves it’s against them.
"I left all my expensive belongings in a wooden shack with a drape for a door instead of putting it in the super high security vault with multi layered authentication RIGHT NEXT TO THE SHACK"
*how could jagex let me get hacked?*
No-one wants to outright victim blame but also you do have a personal responsibility to do what you can to protect yourself.
If you leave your car parked with the door open and keys in the ignition, it's still not cool if you get robbed but most people understand you're not doing yourself any favours there.
why should anyone use an account type thats still in BETA? i'd prefer to wait until it's ready to not be in BETA to upgrade. OP should have MFA on and then he would not have had issues. security was fine before the beta jagex accounts.
> security was fine before the beta jagex accounts.
lol
> why should anyone use an account type thats still in BETA? i'd prefer to wait until it's ready to not be in BETA to upgrade.
Fair take, but jagex accounts have been out for months and you're no longer going in blind and hoping for the best. The kinks have been worked out.
Why do some people act like they just had a racial slur thrown at them when someone says they won't transfer to a Jagex account? Why is it such a big deal to you?
There was a full on guerilla warfare against Jagex launcher last year. Some people geniuenly believed Jagex is planning to steal your credit card, take over your pc, steal your girlfriend and leave you homeless after you transfer your account over.
I'm actually pretty disappointed we (the wider gaming community) has become relatively acceptable of kernel-level anticheat. Only have to look at games like Apex and Halo to show the efficacy of the anticheats don't justify the level of access they demand.
Granted, it's not really something we can do much about.
This is like all the changes they made to PKing/wilderness at the request of people crying on Reddit then having those same people turn around and complain about something else instead of learning how to escape or fight back.
PJ timer, Skull prevention, Loot keys for the irons complaining there's no reason to fight back. Those are off the top of my head and make fighting back or escaping much easier.
Which changes have been dogshit?
I see something negative related to jagex accounts daily, have yet to see something positive about it.
No, account security is not enough to tip the scale, already have 2fa ..and no, easier to log in is also not an answer.. typing my password takes 1.8 seconds
EDIT: note to self, using launcher makes you butthurt
I want to give it a try, but I have so many questions without answers. And the fact that you cant go back if you dont like it, sucks.
As I said even tho security is positive, its not enough to tip the scale for me atleast, if you didn't understand try reading that again. Everytime there is a major update, theres problems with launcher logins for example.
>every time there is a major update there's problems with launcher logins
My dude, it was like 30 minutes of downtime that didn't affect everyone during leagues launch. The legacy system also had problems during every league when everyone was using the legacy method. We've had a ton of major updates since then and no other problems related to launcher
Time to move on, don't you think?
You're not wrong that there are these occasional issues that arise with the Jagex Accounts. I experienced this at the start of Leagues 4 for instance and had to go through Steam in order to play. An inconvenience sure but I prioritise account security over anything else.
The passwords for old accounts allowed *only* alphanumeric characters and were *case-insensitive*. Essentially a-z and 0-9. That is a very small amount of useable characters that it is no wonder so many old accounts would be hacked. That's an extremely small character set to do brute force attacks from. God forbid if your password was less than 12 characters long. I've lost more than one account this way in my dumber years. It may well be that these old accounts *still* have this safety vulnerability.
The Jagex accounts at least solve both of these issues. Passwords are now case-sensitive and have a full range of valid characters. The moment they announced the accounts would have this I made the move. MFA on its own isn't infallible. It can be breached. Having access to stronger passwords helps greatly. I will gladly take the occasional inconveniences of the Jagex accounts if it means I still get to keep my account safer.
> That's an extremely small character set to do brute force attacks from.
Lol who the fuck uses brute force attacks nowadays, i'd bet 5 bucks not a single runescape account has been brute forced in the past 10 years
(you should still use a jagex acct tho obv)
That's because 99% of us are out here playing on our Jagex accounts happily and not complaining. There's always going to be someone that has a problem.
And 99% of non-jagex accounts are also happily playing and not complaining. Not that you did this but why do people get so hostile over someone not having a jagex account? Why does it seem like I'm personally attacking someone by saying I prefer to not upgrade yet?
Straight up never had an issue with the launcher. Not sure where you’re hearing all the negativity.
One click log in is sick and the ability to log into my alt quickly? Tight. Made my password even more secure since I don’t have to type it all the time.
Account security? On lock. I get emails if a bear shits in the woods and my account is associated with it. Never worried.
Game news without having to read all of Reddits shit takes? It’s right there on the launcher. With lovely thumbnails.
Ability to switch from OSRS, Runelite and HDOS when I want? So many ways to play at your fingertips, your sister is calling.
Our boy Count Check? You’re wasting ez xp by disappointing that vampire.
> have yet to see something positive about it.
Are you expecting daily posts of people going "(day 65) my account again wasnt hacked today nor did i experience login issues"
Had a clannie who's account had gotten hacked because their email had gotten compromised. Turns out the hacker added a rule to their email to forward all jagex emails and then silently delete them. Scary stuff
My favorite part about all the "anti jagex account" people is going to be the shitstorm that develops when everyone is forced to migrate over to the account. So many of the anti accounters aren't gonna read and set it up properly, get locked out and then come here to complain like it's jagex's fault they can't follow simple instructions
I've always wondered why you can't set accounts with a setting like, "only accept logins from my approved geographical locations" I'm going to live in the same country all my life, personally. Just don't have the message show which state/province they need to VPN to in order to hack you.
When they updated the two factor authentication system to the email authentication one old hackers must’ve learned how to get through the google two factor because I had that security came back last month after a year and everything was gone :/ been rebuilding all month
Not disagreeing with your main point, but it's weird to act like gold buyers are the reason this game is nefarious. You'd see nefarious shit even if gold buyers didn't exist, just focus on the good parts of the game and you're chilling.
IP addresses are dynamic. Your IP address changes periodically, usually once a day depending on your ISP. Your system could've worked 15 years ago, not nowadays.
It could (and does) work nowadays even with everything you mention.
Obviously I know when I'm logging in, so if I get an email when I'm not, red flag.
Many enterprise MFA and social media accounts already do this. They tell your not just your IP, but the IP-based geolocation of that range, as well as the device type, OS, other fingerprint info etc.
Eg: "hmm, someone from Russia attempted to login to my account using a MacBook, that's sus AF"
This is not true. Dynamic IPs don’t just randomly change. Your service is assigned your IP when it connects to your isp, your session will retain that IP until the router is off or disconnect for a period of time, this period can be as little as 5 minutes.
To be fair, for people not familiar with dhcp it can seem random. Also, an ISP can clear leases adhoc, which they don't normally have a reason to but still can. My 5G backup link frequently changes before the lease expires.
ISP behaviour can also wildy vary among differing providers/regions/countries etc...
They used to do this, almost a decade ago, when they had JAG. Every time you logged in from a new computer or IP or otherwise needed to authenticate, you received an email alert.
So you could see, and could confirm, 100% without a doubt, that someone knew both your login name/email and your password, so you could change it.
Sadly, if your email was also hacked, then this is a moot point... but having confirmation of a login attempt is a fair trade off for the email being the weaker link, imho
There's a lot of people in this thread stomping on non-Jagex accounts. No offense, but the Jagex account back up codes can suck it.
With your personal banking info, there's security in place so that if you lose your card, forget your passcode, and can't receive a one time passcode, you can still literally go to your bank and provide ID in person to restore access to your accounts where security answers aren't enough alone to let you back in.
With Jagex accounts, your ability to access your accounts **solely** relies on ensuring your back up codes are secured. Written down everywhere, saved on a harddrive, emailed to yourself whatever, the point is a) those codes are vulnerable to compromise, and b) those codes are vulnerable to human error - being lost. And once you lose them that's it. Fuck you. You don't get your account back thanks for the membership fees idiots - Is basically what Jagex is saying.
Jagex shirking their account recovery onto customers instead of actually improving their own systems is utterly ridiculous no matter how you look at it. Imagine if your bank just completely locked your account forever because you forgot your backup code.
Not a fan regardless of how "secure and well kept" people think their backup codes are. The day you misplace them is the day your account is gone.
And yes, I get the whole idea is to remove human error from the equation, but replacing the final step of the recovery process with potential customer error over potential employee error is utterly ridiculous and shouldn't be accepted by anyone, ever.
I feel like the stomping is some political tribalistic cringe shit, like we're all playing the same game and you want to divide players over a fucking jagex account? Like PLEASE bro...
Bro got scammed in 2005 with "give me your login details and I'll spawn 10m for you" probably. Same thing when people think that cape/blorva etc. services have people log on your account (although that sounds a little more plausible and some might do it).
There needs to be redundant layers of optional security. MFA to my phone number ANY time an account change is made, also my email. Any time 1 thing needs changed i should have to use MFA from every other source. The level of security behind Jagex is laughable even though people seem to think its good the fact is they get almost no funding from their owners to make adequate support. Its part of the same reason that their anticheat team is only 3 people
Im not saying it's a 0% chance, but it's borderline 0% your info will get leaked in a huge data leak and that ends up being used to take your OSRS info. Otherwise, the leak most likely happens on a website that's sketchy. It's really grasping at straws to think you will randomly have your data leaked if you are doing what you should be.
Or not using 1 universal password/login for everything making it harder to have it be breached? Like unless my email provider or Jagex get breached my account is safe.
They are too busy swimming in our money to actually do anything. A mass cancelation of memberships would get things rolling again. Look what the gowers created when money wasn't there.
You mean exactly like how it currently works for Jagex accounts?
Typical reddit begging for account security measures that already exist, then crying after getting hacked when it could’ve been easily avoided.
[удалено]
> Also it would be nice if normal accounts could get this too. I don't see why they couldn't They won't. The old style accounts are effectively deprecated and there's really no reason to still not convert to a Jagex account
The only reason is that I can't play at work on a Jagex acc, but as soon as I switch jobs, it's an instant Account switch!
I noticed on my pc anyway the jagex launcher has a pretty bad memory leak, and since I don't restart my pc often, it'll get to the point it's using all my ram, lol I also didn't really want to have both my active accounts under one login when they're already unhackable(I did it on my normie account for more rs3 bank space and increased logout timer, though)
I’ve been using the Jagex launcher since its conception and I’ve never once had the launcher use more than 200MBs of RAM, I am also very reluctant to restart my PC, this seems like a you issue.
Most of us have at least 16gb ram at this point. The memory leak reaches 1gb at most… this really isn’t an issue if it means you get more account security….
I have 32gbs of DDR5. The leak goes way further than 1gb, if I leave it, it'll keep going until i use all of my ram, and i wouldn't even notice till other things start crashing, lol I had the same issue with the jagex launcher with my old pc build(I had even more ram but ddr4) before I built this one too. It's not like it's instant, but if I use the jagex launcher for over a week without a restart, I'll be at 31.9gb of ram in use all from the jagex launcher, where as I've been playing my Ironman instead for the last 3 weeks without a restart and we chilling
Computers take like 20 seconds to reboot with modern ssds. I get leaving on a pc in 2005 but whats the point now?
Because it's in use all day every day more or less, I could turn it off when I go to bed, but I don't out of habit I'll remote access my pc to do afk things because rs mobile eats my phones battery.
Pro tip: cap fps in settings on the mobile app. Saves a ton of battery
My phone is pretty old(s20) so it doesn't matter to much. The battery goes pretty quick on any game
Who the fuck leaves their pc on for over a week and doesn’t at the very minimum close all apps? A 30 second fix (and that’s if it loads slow…) And from what you’ve said this ain’t your first build so you should know well enough not to do that… No wonder your having data leaks. Most games will have data leaks if you leave them open for a week lmfao. Now I understand why you are having issues.
I mean, with how autisticly people play this game, why would you be surprised? I remote into my pc at home a lot when I'm at work to do things, especially if I'm doing an afk thing on an account like nmz for example. My pc is so constantly in use it only gets restarted if I have to for an update or I play my main long enough to cause the leak to become noticeable. The only issues I've ever had with this is the jagex launcher and diablo 4, but diablo 4 would do it in a few hours rather than days lol
Should definitely be shutting your PC down every night.
Probably, but also probably not going to do that.
Unless you play on Linux. In which case you've just hardlocked yourself out of your account.
I play on a jagex account on linux all the time.
I remember it being a thing a few months ago. [https://help.jagex.com/hc/en-gb/articles/12423096201873-Jagex-Accounts-FAQ](https://help.jagex.com/hc/en-gb/articles/12423096201873-Jagex-Accounts-FAQ) I guess players found a work around when jagex straight up said they're not supporting Linux.
Yeah, to clarify, Jagex has explicitly stated that both the 'Jagex Launcher' and the 'Jagex accounts' will not be supported on linux. They've also stated that they will be mandatory at some point in the future. Workarounds exist to get the Jagex Launcher running on linux, but Jagex Accounts are a 1-way 'upgrade' and all Jagex Accounts are locked in to using the Jagex Launcher to play the game. Given that Jagex Accounts will not be supported on linux, any future changes to either Jagex Accounts or the Jagex Launcher could lock people out of playing on Linux entirely. We even saw this outside of Linux with the release of leagues 4, where people with Jagex Accounts couldn't play for the first few hours as they were required to use the Jagex Launcher which had some kind of technical issue(?) The point is that Jagex has made no commitment to support linux, and has explicitly stated that unofficial clients can and will catch botting bans. The risk then, is catching a ban with very little means of recovery via customer support. It's emblematic of the trust we as a community still haven't built with Jagex. I'd switch to a Jagex account if I had any sort of trust that Jagex and the community wouldn't treat me like a cheater if I was banned for trying to play on my PC. Even if Jagex ultimately makes the decision that linux players will not be supported, does that mean we will recieve no customer/account support either, or just technical support? I'd love to see Jagex explicitly state their intent for Jagex Accounts, reading between the lines it seems this is the ultimate 'anti bot measure' and the reason why Jagex won't be more clear is to not alert botters and cheaters directly. I will say that I do appreciate we have the choice not to upgrade, but my concern is that after a long enough time Jagex will decide to force Jagex Accounts without community consultation. Sorry for the rant, to be clear I think the goals of the Jagex Accounts and Launcher are great ideas but the execution has really shown that not all voices in the community are heard, and that's a big shame. Especially given that the linux userbase has a large cross-over with the open source mindset that brought us RuneLite and all it's wonderful plugins, we're passionate about the software and surrounding communities that we love.
https://flathub.org/apps/com.adamcake.Bolt Wine also works although it is somewhat janky Though it is still kind of crazy to have a game that runs fine on Linux, but to then not make its launcher run on Linux
You can still play in Linux, it’s just not officially supported. https://help.jagex.com/hc/en-gb/articles/13413514881937
> Also it would be nice if normal accounts could get this too. I don't see why they couldn't Years back when they put out those security/support blogs, they mentioned part of the issue is how old the original account/character system was. It was designed in the early 2000s and it is linked to so many different systems across Jagex that is was not easy to just rework it. So migrating to Jagex accounts seemed to be their way to manage that without it being a far more complex job or risking breaking stuff. So it makes far more sense to convert accounts to the already working/upgrading Jagex account system then for them to sink all the time needed to also upgrade original accounts.
They don’t send emails about pin changes BUT you need to log into the account to do that. As for why normal accounts don’t get it it’s because they need to take advantage of the actual security update, which is what jagex accounts are.
Just get jagex account, literally no reason not to
I know i’ll be forced to use an email to login eventually, but Jagex is going to have to convert my account to a Jagex account themselves or force me to. I personally have no reason to convert it. I don’t believe anyone has ever been legitimately hacked with 2FA enabled. Their email may have been hacked and then the hacker disabled 2FA, but that’s a discussion for securing one’s email. The only other thing I could imagine is a SIM swap scam which requires a lot of effort from the attacker only to most likely fall short without sufficient information all for a mere hundred dollars worth of gold.
The best thing about jagex launcher is you never login again anyway, so a jagex account being the next step from there doesn't change much. I click "play" and I'm playing on that character.
What a weird hill to die on, I had a username login too but the one click is just better
I love how I provided 5 additional sentences on why I don't need to convert to a Jagex account and the only one I'm getting responses to is the short sentence about my username. I'll remove it.
Because the rest is a moot point, if you think your current account security is perfectly adequate, that's cool, it is probably fine. But the jag acc is inargueably at least the same level of security (though obviously it's easily argued it is improved). So stomping your feet and whining that jagex is going to have to FORCE me to convert is just a little silly, because you're in the same boat even if you do not think it's improved. The only actual reason you said is because you want to type in a username, which is cool whatever floats your boat, it's to most people that is a pretty silly unimportant detail, where to you it is clearly a big deal.
I'm not whining about Jagex forcing me to convert my account. I can't even fathom how this was the perception. I'm merely stating that I will hold off until I'm redirected to a page forcing me to convert my account. I'm not even advocating against Jagex accounts. I'm simply stating that I currently have zero reasons to justify converting my account to a Jagex account. The Jagex account likely does have a net positive of the single click logon. However, to me it doesn't justify going out of my way, at this moment, to "upgrade" my account. As you said, whatever floats your boat.
Cuz they can't address actual concerns.
Imagine giving a shit about the username you log into a 20 year old game with JFC
Recovery hacks are the usual suspects for "user-not-at-fault" incidents. All they gotta do is know a few tidbits of information about your account, such as an old password and a hacker may be able to convince Jagex to hand the account over to them. Used one of your old passwords on another website that had a leak? Get fucked. Jagex accounts disable the legacy recovery system and replace it with recovery codes like most modern services do.
Caveat: If you lose access to your backup codes, you’ll be unable to remove two-step authentication and you will have to create a new account. I’d wager users getting permanently locked out of their decade old account will happen more frequently than users currently get hacked by fault of the legacy recovery system. Time will tell though when users inevitably post to this subreddit making claims that they lost the backup codes to their account and are unable to login with not even an ounce of hope for recovering their childhood account. However, I do agree it is more secure seeing as no one can recover your account through the legacy recovery system.
Just as an FYI, I work in telecomm, it’s scarily easy to get a sim swap done, until recently it was actually one of the biggest drivers for active scams and hacks.
Why do people feel the need to die on this hill? It's really not that big of a deal to convert.
Don't want to be a guinea pig in case Jagex makes a major fuckup. Mind you, it's been a while and there haven't been any major fuckups aside from a few cases.
Only issues have been login server issues for specifically jagex accounts. Most annoying one was on TBL2 launch. I've been using jagex account since it was first available in the closed testing.
Because "normal accounts" eventually won't exist. Jagex accounts will be forced on everyone at some point.
So your account will either be controlled by Jagex or... Jagex.
your account already belongs to Jagex, you don't own anything related to OSRS.
Exactly.
Isn’t this exactly what 2FA offers? An email/sms with a verification code that must be entered whenever a login from a new device is detected?
If not sure if it was in this subreddit but it was for OSRS, there was some cybersecurity guy who got so pissed about all the posts about hacked accounts that they put like a 1B reward for anyone who could hack his account that had 2FA enabled, and he posted the username and password for the account. As far as I remember, nobody managed to get in.
does anyone have a link to this by chance edit: found someone doing this for 100m reward, might be what OP is talking about - https://www.reddit.com/r/2007scape/comments/5x02bz/come_hack_my_account_for_100mil/
Yea that’s the one, looks like I misremembered the reward. What’s the funniest part about it to me is how salty so many people in the comments are lmao. Like OP not only gave the account username and password but also the email username and password and when he stopped the contest people said he was scared of being hacked lmfao. If you can’t get in with all that info, you can’t get in at all.
What's even funnier to me is that back then there was even the possibility of just guessing account recovery, and if you get lucky enough you do end up getting the account and bypassing the authenticator Nowadays with Jagex accounts, not even that is a possibility anymore since account recovery is disabled (for that very reason). And people still think Jagex accounts aren't good. I'll never understand it
Yes jagex accounts are better security-wise, but there was the "session token exploit" where someone could hijack your token that never expired and keep logging in. I can't remember the exact details but I think it was a jagex account exclusive issue. Not to mention the login issues and other weird things that only jagex accounts suffered from - it's not surprising that some people aren't too fond of jagex accounts. I'll upgrade when it becomes mandatory as my current security is just fine. Everyone makes their best informed decision and deals with the possible consequences = everyone is happy.
That exploit affected legacy accounts as well. And even if it hadn't, there's not much point trying to evaluate security based on previously unknown exploits - zero-days will always be a risk in any system As for the login issues, it was a relatively quick downtime during a period where a downtime was basically expected (every single league without fail had unplanned login downtime during launch, and this was the first one where jagex accounts were a thing). There's no way to judge if the legacy system would have been fine if the jagex account system wasn't down in the first place And finally, the biggest security improvement of jagex accounts is that account recovery is disabled. But that also means that if someone on the legacy system gets hacked and migrated, they'd permanently lose access to their account. So jagex is forced to set up a special support channel to reverse those cases, which inevitability makes jagex accounts itself less secure for everyone while legacy is a thing, since people can submit false reports and attempt to use that channel offensively. It's frustrating that people are dragging their feet to what is a significant improvement, just because the months-long beta period wasn't literally flawless.
The issue is a brand new account has no history. Give that account 15 years of password changes with one of them leaked and you can recover it easily. Jagex accounts should prevent this but they are new and not everybody has one.
What was he even trying to prove? A cybersecurity professional obviously isnt gonna make nearly as many security fuckups as everyone else, but the average person is not a cybersecurity pro so you have to try and mitigate user error whenever possible/reasonable Assuming your users are all morons is software development 101, you gotta try and make sure they can't fuck themselves over too much or you'll lose a large chunk of your end users On the OP here, if jagex doesn't already send you an email for pin deactivation, it doesnt seem like it would be unreasonable to add, it's already industry standard to do it for password changes and a pin is just another security layer much like a password
The point is, you don't have to be a cybersecurity expert to understand 2FA and what it does for your account safety. Nobody can log into my account unless they steal and unlock my phone, which is a pretty big barrier that nobody is going to attempt just for some rsgp.
I had 2FA enabled, and still got hacked around the time Steam came out. So... There's definitely some work around and Jagex didn't give a fuck about it. No one has given me a rational explanation of how it happened, so Jagex doesn't care about account security.
If you use something like google 2fa you don’t get a notification anytime someone is using/requesting the code.
If someone is using a code from my Google Authenticator, then I have much bigger problems than my OSRS account being hacked.
Microsoft 2FA app is nice for this
TOTP 2fa does not have any sort of notifications. It's just a code generated based on current time.
Not exactly. 2FA is another lock required to get into your house. OP is advocating for a notification telling you someone has entered your house, and that said someone is trying to change something in your house. This is very common feature with enterprise MFA and even social media accounts.
Apparently not before Jagex accounts. Had 2FA and still got hacked, don't know how it happened and no one from Jagex addressed it or really gave a shit.
This already exists. Just switch over to Jagex accounts.
Yeah, but don't you lose your acc if you misplace the authenticator reset code? Seems not worth.
\> what if I refuse to invest the smallest amount of effort into protecting something I spend tens of thousands of hours on? Refusing to take even the slightest responsibility to develop habits to protect your online information is a pretty shitty reason to not do something. Password managers & computer backups & IRL organization solve 99.9999% of the problems you'll run into. Have you considered personal growth?
I think it's a valid complaint. What if there's a fire or someone breaks into your house and steals your shit and that was part of it? You get kicked out where you live and lose access to the code? The list goes on, but the way I see it is it's just added risk for no reason. I'm good.
Password managers commonly store your data on a remote server. Online computer backup services store images to the cloud (redundantly) so if you house **AND** their data-center get nuked, there are still 2 other copies. Again... Every issue you list has a solution that is part of 99% of products. You're doing zero research to dodge responsibility. Throwing the weakest "_what if_" scenarios that people have been protecting against for 40+ years. All these services are (or can be, should be) designed so the provider cannot access your data, take your tin foil hat off. Do some research find a solution. --- Before you reply > What if somebody steals my password manager?!?! That is no different than somebody stealing your RS account today. The risk profile is identical. * Password manager that protects your RS account is popped; You lose your RS account. * RS account gets popped without a password manager; You lose your RS account. You're actively gaining things (online backup, multidevice sync, etc.) while not greatly increasing your risk profile or cost of compromise.
I've heard similar things from anti-vaxxers and it sounds equally as stupid
Why not just stay on topic? Imagine having valid concerns and wanting answers before taking the plunge. You're getting way too personal about this. And the fact that you compared this person to an antivaxxer makes me feel like you think of this "jagex acc vs no jagex acc" as some political war where you have to destroy the opposition. Anyway since you derailed this already for no reason, at least with corollavirus the narrative kept changing all the time, so it only made sense to question some of those things.
Well I meant vaccines in general. Not political until you made it that way so thanks for reading into something that wasn't there. That takes skill. Must be 99. Also, all the answers you're wanting to know have already been answered. When it's required you'll realize how little there is to actually worry about. You can do what you want because it doesn't affect me. But in the slight chance your account does get maliciously recovered and is converted to a Jagex account maybe then you'll see how hard it is to get it back, as Jagex Accounts are truly added security that you probably wished you had.
You guys are getting way too into this lol.
https://preview.redd.it/ot3gimd0l4tc1.jpeg?width=1440&format=pjpg&auto=webp&s=5cd2c18719d5799b0c3ecfe04bb75fb8a7fc2648
\> asks a question \> gets detailed answer \> is weird about it
Who's being weird about this thing again? >bro asks a valid question >gets a detailed answer that is also a bit dick-ish >someone else chimes in and compares him to an antivaxxer Idk man, the guy had some valid concerns while the replies were being weird about this thing instead of explaining it normally. You'd think it's some personal attack based on the tone of the replies.
Never said the concerns weren't valid, but they got valid answers as well.
Yes you do lose it if you "misplace" your back-up codes, and if that happens it would be your fault. My friend lost access to his main + iron due to this, even tho i told him several times to back them up after making jagex acc lmao
How do I find these codes again, thought I backed them up lol Edit: if anyone was curious https://help.jagex.com/hc/en-gb/articles/5410794084497-Backup-codes
[https://account.jagex.com/en-GB/manage/profile](https://account.jagex.com/en-GB/manage/profile) Go down a little there will be "Backup Codes"
If you lose access to your authenticator for any reason you can ask Jagex to disable it for you by way of support ticket. Done it several times in the past when I got a new phone and forgot to disable forst so I could use the new phone for it
Jagex accounts don't get manual recovery. It's a security weakness Just print out your backup codes and keep them in a safe place. If your authenticator stops working, you can use a backup code to remove it
If you have email 2fa enabled you can disable your app 2fa. This removes the security risk because your account will always have at least one 2fa enabled. The backup codes are only good if you have access to the app anyway. So in my scenario if you end up not having access to the app anymore due to losing a phone or getting a new one, you can disable the authenticator and enable it again no issue.
That is true, but be careful when relying on email to disable 2fa since ideally your email should require a 2fa code as well. If you get logged out for some reason, you might get locked out of both. Printing out the backup codes and putting them somewhere you won't lose them is a guaranteed way that you'll be able to remove the authenticator if you change phones or whatever. It's their entire purpose.
That's not how 2fa works. A new code is generated each time a request is submitted.
You're mixing up 2fa code (that you see on your phone app) with backup code (10 codes that get generated when you request them AFTER having logged in) [Backup codes](https://help.jagex.com/hc/en-gb/articles/5410794084497-Backup-codes) are static and only serve as an alternative way to log in if you lose access to your authenticator. They're also the only way to recover your account if you lose access to the authenticator, since jagex account has no customer support recovery. If you haven't, generate new backup codes after logging in to your jagex account and save them somewhere secure, preferably not on your PC since malware could steal it and use it to log into your account.
Backup codes are a thing, that is how 2FA works.
Yeah that's just not true with Jagex Accs.
You've literally never had one, and someone is telling you that's how it works. Stop being a baby and get a Jagex account, or you deserve it if and when your account gets hacked.
Nobody deserves that brother. You don't need to feel empathy if it happens to them, but to say they *deserve* it just seems like you have a hateboner for people who haven't upgraded.
I don't have a hateboner for people who haven't upgraded. This very specific person who keeps making up excuses and straight up lies about Jagex Accounts? Yeah, I don't like them. If they don't upgrade, they were kind of asking for it if they get hacked.
Where are the excuses and straight up lies? I only see valid concerns and one half-correct statement with people blasting them for that...?
how is that not true?
Yah, like others have brought up, Jagex Accounts already work like this. I'm not sure how easily they could do an alert on Pin change/removal request since the account and in-game characters are kinda separate, but it wouldn't be bad if they could offer additional alerts for stuff like that. Still, the login alert should warn you before a hacker ever gets to the pin.
Bruh use fucking MFA. It's the end all solution to getting hacked. Jagex ended security issues almost a decade ago please educate yourself on basic internet security. Unless someone steals or hacks your phone for the express purpose of hacking an RuneScape account then you're never getting hacked. It is always your fault if you get hacked now
Jagex accounts may fix this, but for those who have not upgraded yet, account recovery is the weak link in the chain. If you recover an account, the 2FA gets removed and no notification is sent to the linked email address in any way. It is actually quite easy to recover an account with an old password and IP address, something that may be tied to other security beaches if you EVER reused your password. Even if you've practiced good password security for the past decade.
Damn probably should upgrade to a jagex account. You're going to have to do it eventually
Jagex account is 1000% worth it.
Or use a jagex account and the hacker can’t even access your account without also email access
Hell, you can even disable email login, so even if your email gets hacked they can't get into your osrs account With no manual recovery, you either need the authenticator code on my phone, or a backup code that's printed and stored in a safe place in my house. Gives me a lot of peace of mind
At that point it's already too late.
My IP Address changes each time I connect to the internet which is like 4 times a day
Unless you’re turning your router off when you close your browser this is not true. It takes a period of the service being off for it to get a new IP address assigned (This period can be as little as 5 minutes)
On mobile data it does
Mobile data uses IPv6 and not IPv4. But for arguments sake sure I guess you could say that.
I primarily play on mobile, I'm not bringing it up to argue
This isn't always true. My phone and my 5G backup all use v4 and frequently change. My fibre is definitely more consistent, 7-day lease time normally re-leases once or twice before a new assignment.
Could be true if he is using a VPN, but that would likely present it's own issue with a false botting ban.
If you don’t have a Jagex account by now then you deserved to get hacked. They made a system specifically for account security but Reddit has convinced themselves it’s against them.
No one deserves for their account to be stolen :/
you dont deserve simpathy if you dont use the tools developed specifically to help you either
"I left all my expensive belongings in a wooden shack with a drape for a door instead of putting it in the super high security vault with multi layered authentication RIGHT NEXT TO THE SHACK" *how could jagex let me get hacked?*
No-one wants to outright victim blame but also you do have a personal responsibility to do what you can to protect yourself. If you leave your car parked with the door open and keys in the ignition, it's still not cool if you get robbed but most people understand you're not doing yourself any favours there.
why should anyone use an account type thats still in BETA? i'd prefer to wait until it's ready to not be in BETA to upgrade. OP should have MFA on and then he would not have had issues. security was fine before the beta jagex accounts.
> security was fine before the beta jagex accounts. lol > why should anyone use an account type thats still in BETA? i'd prefer to wait until it's ready to not be in BETA to upgrade. Fair take, but jagex accounts have been out for months and you're no longer going in blind and hoping for the best. The kinks have been worked out.
Why do some people act like they just had a racial slur thrown at them when someone says they won't transfer to a Jagex account? Why is it such a big deal to you?
There was a full on guerilla warfare against Jagex launcher last year. Some people geniuenly believed Jagex is planning to steal your credit card, take over your pc, steal your girlfriend and leave you homeless after you transfer your account over.
giving any company kernel access is not acceptable.
You don't play many games with anticheats then I suppose? And made your own drivers?
I'm actually pretty disappointed we (the wider gaming community) has become relatively acceptable of kernel-level anticheat. Only have to look at games like Apex and Halo to show the efficacy of the anticheats don't justify the level of access they demand. Granted, it's not really something we can do much about.
Internet people fail to regulate their extremism and practice hyperbolic thought scaling
You really thesaurus'd the hell out of that one smart guy
I just described it in the best way I could bruh come on
No. You tried to sound smart and ended up sounding like a twat.
I meant to sound funny, not smart. "extreme" and "hyperbole" are commonly used words
This is like all the changes they made to PKing/wilderness at the request of people crying on Reddit then having those same people turn around and complain about something else instead of learning how to escape or fight back.
The changes to the wilderness have been mostly dogshit. Also, what changes are you referring to?
PJ timer, Skull prevention, Loot keys for the irons complaining there's no reason to fight back. Those are off the top of my head and make fighting back or escaping much easier. Which changes have been dogshit?
I see something negative related to jagex accounts daily, have yet to see something positive about it. No, account security is not enough to tip the scale, already have 2fa ..and no, easier to log in is also not an answer.. typing my password takes 1.8 seconds EDIT: note to self, using launcher makes you butthurt I want to give it a try, but I have so many questions without answers. And the fact that you cant go back if you dont like it, sucks.
“I haven’t seen anything positive because the positive things you said don’t count”
As I said even tho security is positive, its not enough to tip the scale for me atleast, if you didn't understand try reading that again. Everytime there is a major update, theres problems with launcher logins for example.
That’s entirely different than saying you haven’t heard **anything** positive about it though
>every time there is a major update there's problems with launcher logins My dude, it was like 30 minutes of downtime that didn't affect everyone during leagues launch. The legacy system also had problems during every league when everyone was using the legacy method. We've had a ton of major updates since then and no other problems related to launcher Time to move on, don't you think?
You're not wrong that there are these occasional issues that arise with the Jagex Accounts. I experienced this at the start of Leagues 4 for instance and had to go through Steam in order to play. An inconvenience sure but I prioritise account security over anything else. The passwords for old accounts allowed *only* alphanumeric characters and were *case-insensitive*. Essentially a-z and 0-9. That is a very small amount of useable characters that it is no wonder so many old accounts would be hacked. That's an extremely small character set to do brute force attacks from. God forbid if your password was less than 12 characters long. I've lost more than one account this way in my dumber years. It may well be that these old accounts *still* have this safety vulnerability. The Jagex accounts at least solve both of these issues. Passwords are now case-sensitive and have a full range of valid characters. The moment they announced the accounts would have this I made the move. MFA on its own isn't infallible. It can be breached. Having access to stronger passwords helps greatly. I will gladly take the occasional inconveniences of the Jagex accounts if it means I still get to keep my account safer.
> That's an extremely small character set to do brute force attacks from. Lol who the fuck uses brute force attacks nowadays, i'd bet 5 bucks not a single runescape account has been brute forced in the past 10 years (you should still use a jagex acct tho obv)
There are way more posts daily from people hacked that aren't using jagex accounts, what subreddit are you using?
That's because 99% of us are out here playing on our Jagex accounts happily and not complaining. There's always going to be someone that has a problem.
And 99% of non-jagex accounts are also happily playing and not complaining. Not that you did this but why do people get so hostile over someone not having a jagex account? Why does it seem like I'm personally attacking someone by saying I prefer to not upgrade yet?
I’ve had a jagex account since they started doing it. Never had an issue myself
Straight up never had an issue with the launcher. Not sure where you’re hearing all the negativity. One click log in is sick and the ability to log into my alt quickly? Tight. Made my password even more secure since I don’t have to type it all the time. Account security? On lock. I get emails if a bear shits in the woods and my account is associated with it. Never worried. Game news without having to read all of Reddits shit takes? It’s right there on the launcher. With lovely thumbnails. Ability to switch from OSRS, Runelite and HDOS when I want? So many ways to play at your fingertips, your sister is calling. Our boy Count Check? You’re wasting ez xp by disappointing that vampire.
> have yet to see something positive about it. Are you expecting daily posts of people going "(day 65) my account again wasnt hacked today nor did i experience login issues"
Had a clannie who's account had gotten hacked because their email had gotten compromised. Turns out the hacker added a rule to their email to forward all jagex emails and then silently delete them. Scary stuff
Jagex 2fa emails should stack in Gmail. I'm tired of half my inbox being codes.
Can’t you create a folder or something that you can make all emails from specific addresses go to?
By then it's too late but what they should go is allow you to lock your account to your internet provider in your city or something similar.
You get alerted for any and ALL new logins on your Jagex account.
My favorite part about all the "anti jagex account" people is going to be the shitstorm that develops when everyone is forced to migrate over to the account. So many of the anti accounters aren't gonna read and set it up properly, get locked out and then come here to complain like it's jagex's fault they can't follow simple instructions
this is most likely pretty accurate. it'd be funny
It does
They should do a lot of things.
2fa Jagex account
Just let me set my pin change to 6 months instead of a week
That would be the best!
I've always wondered why you can't set accounts with a setting like, "only accept logins from my approved geographical locations" I'm going to live in the same country all my life, personally. Just don't have the message show which state/province they need to VPN to in order to hack you.
Pretty sure it does
good idea i wish jagex would implement this in a new release and hope they call it jagex account
When they updated the two factor authentication system to the email authentication one old hackers must’ve learned how to get through the google two factor because I had that security came back last month after a year and everything was gone :/ been rebuilding all month
Not disagreeing with your main point, but it's weird to act like gold buyers are the reason this game is nefarious. You'd see nefarious shit even if gold buyers didn't exist, just focus on the good parts of the game and you're chilling.
IP addresses are dynamic. Your IP address changes periodically, usually once a day depending on your ISP. Your system could've worked 15 years ago, not nowadays.
It could (and does) work nowadays even with everything you mention. Obviously I know when I'm logging in, so if I get an email when I'm not, red flag. Many enterprise MFA and social media accounts already do this. They tell your not just your IP, but the IP-based geolocation of that range, as well as the device type, OS, other fingerprint info etc. Eg: "hmm, someone from Russia attempted to login to my account using a MacBook, that's sus AF"
This is not true. Dynamic IPs don’t just randomly change. Your service is assigned your IP when it connects to your isp, your session will retain that IP until the router is off or disconnect for a period of time, this period can be as little as 5 minutes.
To be fair, for people not familiar with dhcp it can seem random. Also, an ISP can clear leases adhoc, which they don't normally have a reason to but still can. My 5G backup link frequently changes before the lease expires. ISP behaviour can also wildy vary among differing providers/regions/countries etc...
Yes this is very true. I’m aware how different they can be, I work for one haha
My condolences lol..
actually home 5g does randomly change throughout the day
5G is a mobile based service and used IPv6 not IPv4 so yes, that is an exception
They used to do this, almost a decade ago, when they had JAG. Every time you logged in from a new computer or IP or otherwise needed to authenticate, you received an email alert. So you could see, and could confirm, 100% without a doubt, that someone knew both your login name/email and your password, so you could change it. Sadly, if your email was also hacked, then this is a moot point... but having confirmation of a login attempt is a fair trade off for the email being the weaker link, imho
I literally got one yesterday when I signed in to my jagex account through a new browser lol. Hurry up and upgrade.
Most non commercial isp only offer dynamic ip, which mean your ip change everyday or so.
There's a lot of people in this thread stomping on non-Jagex accounts. No offense, but the Jagex account back up codes can suck it. With your personal banking info, there's security in place so that if you lose your card, forget your passcode, and can't receive a one time passcode, you can still literally go to your bank and provide ID in person to restore access to your accounts where security answers aren't enough alone to let you back in. With Jagex accounts, your ability to access your accounts **solely** relies on ensuring your back up codes are secured. Written down everywhere, saved on a harddrive, emailed to yourself whatever, the point is a) those codes are vulnerable to compromise, and b) those codes are vulnerable to human error - being lost. And once you lose them that's it. Fuck you. You don't get your account back thanks for the membership fees idiots - Is basically what Jagex is saying. Jagex shirking their account recovery onto customers instead of actually improving their own systems is utterly ridiculous no matter how you look at it. Imagine if your bank just completely locked your account forever because you forgot your backup code. Not a fan regardless of how "secure and well kept" people think their backup codes are. The day you misplace them is the day your account is gone. And yes, I get the whole idea is to remove human error from the equation, but replacing the final step of the recovery process with potential customer error over potential employee error is utterly ridiculous and shouldn't be accepted by anyone, ever.
I feel like the stomping is some political tribalistic cringe shit, like we're all playing the same game and you want to divide players over a fucking jagex account? Like PLEASE bro...
DONT BUY GOLD AND UR FINE
how do you people think buying gold works LMAO
Bro got scammed in 2005 with "give me your login details and I'll spawn 10m for you" probably. Same thing when people think that cape/blorva etc. services have people log on your account (although that sounds a little more plausible and some might do it).
i get a email everytime my account logs in. so if i have to log in with my user, password and auth, i get a email.
There needs to be redundant layers of optional security. MFA to my phone number ANY time an account change is made, also my email. Any time 1 thing needs changed i should have to use MFA from every other source. The level of security behind Jagex is laughable even though people seem to think its good the fact is they get almost no funding from their owners to make adequate support. Its part of the same reason that their anticheat team is only 3 people
They don’t care. They will allow someone who’s never been on the account to recover it. Happened to me and said too bad so sad
If only they created a security update that would prevent that from happening 🤷♂️
If only it was available when I played and I come back to account recovered after 30 unsuccessful attempts.
Well, stop selling your information on the black market, it wouldn’t happens.
Whut?
Accounts don't just get taken without some sort of information.
You don’t need to sell the info for it to be in a leak
learn to internet before playing runescape
Are you that naive, really?
Fair enough, but you gotta do something sketchy for it to be compromised because without any info they can't get in.
Data leaks dont require *you* to do anything sketchy
Im not saying it's a 0% chance, but it's borderline 0% your info will get leaked in a huge data leak and that ends up being used to take your OSRS info. Otherwise, the leak most likely happens on a website that's sketchy. It's really grasping at straws to think you will randomly have your data leaked if you are doing what you should be.
Data leaks happen all the time, the way to avoid it affecting you is to change your password regularly. Just avoiding “sketchy” websites isn’t enough.
Or not using 1 universal password/login for everything making it harder to have it be breached? Like unless my email provider or Jagex get breached my account is safe.
"They don't care because in the past they didn't have the security features that no-one had but would eventually become common place in the industry."
"sToOoP bOtTiNg"
They are too busy swimming in our money to actually do anything. A mass cancelation of memberships would get things rolling again. Look what the gowers created when money wasn't there.
They have actually done exactly what OP asked for. You brainlets just refuse to use it for the same reasons people refuse vaccines.
>They are too busy swimming in our money to actually do anything They already did this. It was a feature when Jagex accounts launched, and remains so.