If you visit the Old School Runescape’s subreddit and begin scrolling through the posts, it won’t take long before you see a post that relates to account security. It is no secret that Jagex is lagging behind on account security issues, and many players have fallen victim to the easy-to-crack security measures in place to protect their accounts.
Recently, in a blog post on the official website, Jagex finally acknowledged the flaws and outlined a brief plan to fix the glaring issues for account security.
More Complex Passwords
The first line of defense against unwanted access to your account is the password. Old School Runescape has an almost primitive password system in place, allowing no special characters or capitalized letters. Allowing more complicated passwords will be the first change made by the team and is already under development.
Along with more complex passwords, Jagex also announced that they are partnering with a 3rd-party company that will help search the internet for password breaches and will warn the player if their password was found during the internet searches. This will allow players to make their account more secure by eliminating the usage of compromised passwords.
In almost any modern MMO, email verification is one of the most common ways to access an account when login credentials are not available.
After Jagex strengthens the password system, the team plans to use email notifications to add an additional layer of security. By sending a notification for suspicious activity or behavior, unwanted access can be curbed by the player.
However, email notifications have their own flaws, and can even make the problem worse if the user’s email account is not secure. These features will be added but will not be the final step.
Besides the two-factor authentication system is already in place, Jagex plans on relying on some other methods for account security. A new security measure based on the same system that Jagex uses for payment fraud on transactions is going to be altered and used to detect hacking attempts and to stop them cold.
Since this system is designed to be in the back-end and never seen by players, Jagex will likely not release much news about it. The system will likely not affect legitimate players and by releasing limited updates to players, those that are planning to abuse the new layer of security will have a much harder time.
With all the account security problems, it should go without saying, but remember: don’t tell anyone your passwords, don’t get lured, and your Runescape gf is probably a dude. Sorry.