RuneScape security is a joke

First off, the password system is literally less secure than club penguin.

Your option for a password on RuneScape? Letters and numbers. Hell, the letters aren't even case sensitive.

Jagex added a "anti-hijacker" filter called the authenticator. This is literally the worst attempt at a security feature I've seen in my entire life, for the following reasons. It only protects your account from people who have your RS password, which they would have obtained by phishing/keylogging/social engineering, etc. And it's fine in that regard, but the main way people are getting hacked nowadays is from random scrubs browsing leaked email databases and hoping to get lucky. If they have control of your email, they have control over your entire account. Password? They can change it even from the other side of the world. Authenticator? Instantly de-activated with no IP check or cooldown time. Jagex account guardian? Same deal.

Next up, is the account recovery system.
What do people need to recover your account?
- Your rough location
- A few personal details about you
- Answers to a few of your security questions (if you have them) which are easily obtained by social engineering
- A SOCK/VPN

What DON'T people need to recover your account?
- The credit card information you used for transactions
- Access to your registered email, even if you've never changed it
- Your RUNESCAPE PASSWORD
- The computer you use to play RS on regularly

Of course, all of the above information would HELP their appeal, but it's not necessarily required. So what's the greatest form of protection your RuneScape account has? A bank pin. Something as simple as a bank pin with a 7 day cooldown is the only thing preventing players from losing their items in the event of an account hijacking.

A lot of the people I speak to about the horrendous RS security get defensive, and act like their accounts are immune from hijackers. Well, if the legend himself Zezima can get his account stolen, it can happen to any of us.

Post your interesting/constructive opinions below

 

It has become a lot harder to recover accounts especially if the original owner uses one or two pieces of information that only he has. However, the authenticator thing blows my mind every time. I thought it was a great idea when it was first introduced and have had it enabled on all of my accounts but if someone takes control of your email you're basically dead in the water.

 

REcovery sucks ass yeah, but its just because of how people can get info nowadays.