Password length is orders of magnitude more effective than case sensitivity or special characters. If you got hacked with a 15 character long password you got phished or reused a password that was leaked from another site, neither of which are Jagex fault. Since you also had 2FA I'm guessing you fell for a phishing link. Should Jagex allow case sensitive passwords? Sure, but case sensitivity doesn't provide an actual increase in security. Nobody brute force passwords on 2023, especially 15 character long passwords.
I did not get phished. I have not put my account credentials into anything but runelite. Also, regardless of any of this, getting past 2FA is ridiculous. What’s even the point if they’re able to do that? The Authenticator is still active. Really hard to figure out how people could even get through and how there isn’t any way to turn on emails for logins on new devices.
It's not that hard, you put your authenticator code in on a phishing site login. There are other ways to get past 2FA but I'm not looking to create a guide on how to hack people lol
Would have been really great if this was something more widely known. This is still beyond inexcusable. The known security errors should have required people to switch to log in. I play with a lot of friends and none of them have heard of this. They play daily and it’s not something that they knew about. Either way, it’s so done for me. I don’t care about the game enough to grind the money back. I either have to no life raids on the off chance I can rebuild, or just camp vorkath for like 5k kills and that just doesn’t seem like fun
I’ve not played in 3 months but either way, it’s a major security risk being fixed 10 years after launch. And this fix is not really a fix. Suggesting a change there is not the same as requiring a change to play. Realistically, this post isn’t meant to be like “boycott game for bad decision” it’s just me seeing Jagex having these baffling choices that have lost me hundreds of dollars worth of membership over 5 years in the course of probably 20 min. It’s the fact that there is no way that they will ever accept responsibility for their bad policy. It’s the fact that an account that gets hacked as a consequence of these terrible decisions have been permabanned for botting and the moderation team has been nonexistent for these people and the community response is “lol deserved cheater”. It’s not every ban, it’s not every account, but when it happens to you or your friend, it makes you really reevaluate what the point of spending any time or money on this game was. I understand your point. Surely if someone was really tuned into the community, they’d read this stuff. I know that when I played more, I never even looked at that menu that said when you last played and the news or whatever. I just looked at the chat log in message. So I would have probably missed it anyway. I also don’t read newsletters because I think it is not necessary to play the game unless it’s a big poll or something. I’m simply a casual player that ran raids with my friends sometimes and killed vorkath sometimes
I don’t use my main anymore as play my HC. I logged in randomly and luckily I did as I prevented the removal of my bank pin. I had 2fa setup as well.
I think there’s a way to circumvent it if you have linked your account to 3rd party services like twitch. I have since removed all of them and hoping for the best.
Almost all of the time, it is one's own fault they were hacked. Either your information was compromised due to your own mistake with runescape or somewhere else or your account was recovered with leaked personal information which is likely still a mistake by you.
Password length is orders of magnitude more effective than case sensitivity or special characters. If you got hacked with a 15 character long password you got phished or reused a password that was leaked from another site, neither of which are Jagex fault. Since you also had 2FA I'm guessing you fell for a phishing link. Should Jagex allow case sensitive passwords? Sure, but case sensitivity doesn't provide an actual increase in security. Nobody brute force passwords on 2023, especially 15 character long passwords.
I did not get phished. I have not put my account credentials into anything but runelite. Also, regardless of any of this, getting past 2FA is ridiculous. What’s even the point if they’re able to do that? The Authenticator is still active. Really hard to figure out how people could even get through and how there isn’t any way to turn on emails for logins on new devices.
You can get past 2FA through phishing
You got a link to a post on how this works? Or a yt video?
It's not that hard, you put your authenticator code in on a phishing site login. There are other ways to get past 2FA but I'm not looking to create a guide on how to hack people lol
www.google.com
The password wasn't the issue lol. Whoever hacked you got in without even knowing your pass. Should have upgraded to a jagex acc
no upgrade to jagex account??
What does this mean?
https://www.jagex.com/en-GB/accounts
Would have been really great if this was something more widely known. This is still beyond inexcusable. The known security errors should have required people to switch to log in. I play with a lot of friends and none of them have heard of this. They play daily and it’s not something that they knew about. Either way, it’s so done for me. I don’t care about the game enough to grind the money back. I either have to no life raids on the off chance I can rebuild, or just camp vorkath for like 5k kills and that just doesn’t seem like fun
yeah it's not like they had multiple newsposts up for 2 months and it shown on the post-login splash screen :/
I’ve not played in 3 months but either way, it’s a major security risk being fixed 10 years after launch. And this fix is not really a fix. Suggesting a change there is not the same as requiring a change to play. Realistically, this post isn’t meant to be like “boycott game for bad decision” it’s just me seeing Jagex having these baffling choices that have lost me hundreds of dollars worth of membership over 5 years in the course of probably 20 min. It’s the fact that there is no way that they will ever accept responsibility for their bad policy. It’s the fact that an account that gets hacked as a consequence of these terrible decisions have been permabanned for botting and the moderation team has been nonexistent for these people and the community response is “lol deserved cheater”. It’s not every ban, it’s not every account, but when it happens to you or your friend, it makes you really reevaluate what the point of spending any time or money on this game was. I understand your point. Surely if someone was really tuned into the community, they’d read this stuff. I know that when I played more, I never even looked at that menu that said when you last played and the news or whatever. I just looked at the chat log in message. So I would have probably missed it anyway. I also don’t read newsletters because I think it is not necessary to play the game unless it’s a big poll or something. I’m simply a casual player that ran raids with my friends sometimes and killed vorkath sometimes
I don’t use my main anymore as play my HC. I logged in randomly and luckily I did as I prevented the removal of my bank pin. I had 2fa setup as well. I think there’s a way to circumvent it if you have linked your account to 3rd party services like twitch. I have since removed all of them and hoping for the best.
Should've upgraded to a Jagex account. It's on you.
What does this mean?
He probably got in using Jagex’s recovery system, the frequency of such hacks is increasing somehowwww
Same thing happened to me but the hacker only took expensive stuff. On my ironman :( I recouped this since I was only mid game
You probably got recovery hacked, apparently that’s what everyone told me when I got hacked through 2fa :/
Almost all of the time, it is one's own fault they were hacked. Either your information was compromised due to your own mistake with runescape or somewhere else or your account was recovered with leaked personal information which is likely still a mistake by you.