May 17th 2017 by JagexInfinity • 18 Questions • 114 Points
Thank you so much everyone! We've really enjoyed answering your questions and chatting with you all. Until next time...!
This week over at /r/RuneScape & /r/2007scape we're running a number of initiatives to increase account security awareness. We thought this was a great opportunity to answer your questions about account security & online safety as we know it can be a hot topic within the community.
Customer Service at Jagex covers a huge range of areas so today we'll be focusing primarily on:
- Account security features
- Account recovery & anti-hijacking
- Rules of RuneScape
- Offences & appeals
- Customer experience
For clarity we are:
Mod Stevew - Old School Customer Service Manager
Mod Infinity - RuneScape Customer Service Manager
We'll be here for around 2 hours and look forward to answering your questions. If you're not a RuneScape player please feel free to get involved if you have any Q's around CS in general - we'll do our best to answer. :)
1: Would it be possible to have email or text alerts whenever somebody triggers the authenticator on an unfamiliar device?
2: Could the authenticator also be required to sign into the main site?
3: If somebody is attempting to recover an account, are any notifications or emails sent to the associated email address while the process is ongoing? I ask because I worry about somebody attempting to gain access to my relatively inactive account, and I'm not sure if I'll know about it until it's too late.
1 - it might be! It's something we've included in our security plan - whether it's e-mail alerts or some other sort of notification.
2 - this is a popular request and we're exploring ways to make sure accounts aren't just protected in game but are on the website too
3 - we don't currently send any e-mails about account recovery attempts to a secondary e-mail address, although the recovery process is currently being reviewed as part of our wider plan
Thanks for the questions :)
You removed JAG which is an extremely helpful feature for people to know when/if someone is trying to access their account. Why the heck remove that?
JAG was launched in 2012 and new players haven't been able to set it up for quite some time. When we released the Authenticator we always planned to sunset & retire the JAG system. The cost of maintaining the system was quite high - we received over 100 customers contact a week regarding issues with JAG!
We are currently in the process of working alongside the RS & OS product managers to design a suite of new account security features & systems, which will likely feature some of the 'good bits' of JAG. The expectation is these updates & new features would then go onto be developed and eventually released for all players to use.
The ideas we've generated are based off of our own security expertise & experiences as well as the survey results we got back from the community last year.
It is something we are all discussing here at Jagex at the moment. While the number of accounts which are hijacked due to people guessing passwords is extremely low, we still want to increase password complexity.
Backstory is relevant to question: My original RS account was banned when I was playing OSRS when it first came out. It was spring break and I had logged a TON of hours into the game as I was hunting and attempting to get to 99 for the first time ever. After a few days of hardcore chin hunting, my account was perma-banned for botting - probably due to the exponential increase of red chin botting at the time I was getting to 99.
Is there any chance of my account being actually reviewed and the ban quashed?
I tried the "beta" ban appeal/review system, but it's kind of odd that I cannot have any input as a player. I know I didn't bot. Therefore: A) the ban is incorrect OR B) Someone accessed my account during that time and it should be reviewed as a hijacking - correct?
Edit: The RSN was Goomba113 at the time I believe.
I can see the account has already gone through the appeal process. Mod Beno (who heads up anti-cheating) has also personally reviewed the account and the ban will remain. Sorry it isn't better news!
What are your thoughts on scammers? Do you feel it needs to be cracked down on harder? Or do you feel it's just hunter and prey, be smart enough to not get scammed.
We've got a lot of priorities within the department in regards to rule breaking. Our primary focus is making sure the game is safe and players are protected from harm.
We do commit resource to the more game specific rule breaking (such as scamming) and over the recent months have taken a harsher stance towards scammers - indeed players who are prolific in scamming now face a permanent ban.
Back in 2007/8 there was a minor RS craze in my school, during which I created an account. I only used it for a short while (perhaps a month) though had to stop using it due to my computer at the time being a bit of a potato. Anyway, I came back in 2011 and unable to remember the recovery details for said account I just created a new one which I use today. This thread has reminded me of said account and I realize it would be nearly a 10 year vet at this point (and I probably want an alt at this point, if only to go through the game knowing what I know now). The account's name was "Eoghan99" (That I'm relatively certain of due to it being my regular username at that age, though there may have been a space between the number and the letter). I did just try to appeal it but either a) I simply couldn't remember what recovery information I used or b) I'm incorrect in my memory of what account it was. Could you double check?
I've been able to lend a helping hand - you should have an e-mail and be able to get back into RuneScape! :)
How is this even possible?
Last friday one of our clanmembers got hacked.
The hacker got into his email and shut down authenticator with that, he then got onto the rs account and started flaming us and treatening to set up a bot on it etc..
We were all kinda skeptical about it at first, like surely he must've clicked a phishing link?
Then suddenly he got into an admin's alt account, immediately said "thanks for the alt man" in cc..
We were just BAFFELED, it was a username login account still and there's no way in hell he could've found out the login name..
Is there any way someone managed to bypass account security or did our members really got phished one way or another?
There's no way to bypass the account security - they would have been phished or something else such as account share.
Are steam controllers against RS policy? I really like using the controller to play, but wanted to clear the air about it being against the rules.
We recognise some players choose to use different peripherals to play RuneScape. Using a controller alone isn't against the rules, provided it doesn't give an unfair advantage.
Was implementing the Evolution of Combat to Runescape a combination of every Mod's support? Did Mod's leave when the Evolution of Combat was released?
Whilst I didn't work here when the decision was made, I know that (like all big updates) the team gather feedback and thoughts from lots of different staff members.
I'm not aware of anyone leaving over it. I think we can all now see that it was necessary to allow the game to develop further, although we of course recognise it isn't to everyone's taste (hence Old School & legacy mode).
We only lock accounts if they're deemed to be 'at risk' - so a suspicious log in from an unusual country for example.
If you do need to unlock your account, provided you can give us some good information (account creation, passwords) and you send the appeal in from a computer you normally play on, you'll be fine. :)