devtrackers.gg
Hey,
Most people are presented with the recovery questions, however it is also possible that although security questions have been set historically, they have been invalidated. There are a number of reasons why this could be, inducing recovery questions invalidated by previous recoveries, set by a hijacker and so on. Recovery answers are fairly weak information anyway, as they can be easily guessed in most cases, and people change their answers over time.
The good news is that recovery answers are useful but not a determining factor in account recovery, and you can give the answers in any order because recovery answers are reviewed by a human and we make a sensible allowance for them not necessarily being in the right order.
Similarly we can make a human interpretation judgement over text entries, so if you answer is 'Josh PS3' we would be likely to also accept 'Joshua Playstation 3'. The overriding principal is that the recovery request as a whole must appear genuine and can be linked to the owner, no recovery decision would be made solely on old security questions.
Hope that helps :)
Update for clarity: Most people will see the recovery questions if they are set, this is an unusual case and of course we don't expect people to answer questions if they don't know what they are. If you can't recall the questions at all no worries, just leave the answers blank as they have very little impact on recovery.
people change their answers over time
In light of the backlash you're receiving for your disgraceful response, I've been wanting to change my recovery questions/answers for a while now. How do I do so?
They can't be changed now, as I said, they have very little impact on account recovery.
Ok? So how is he supposed to answer without knowing the questions?
If he knows the questions but not the order, he can put the answers in any order. If he can't remember any of the questions he can just leave that section blank.
WOW, how detached are you guys? This must be one of the worst responses possible. How is anyone able to know questions that were used maybe years ago. This is just so sad.....
Well plenty of people do answer them, some people will recall them some won't, that isn't a reason to at least not see if they can be provided is it?
“You can give the answers in any order” what answers?
The answers to the security questions, if he can't remember the questions then obviously he cant provide any answers. The concept of recovery is to identify if the person making the request is the owner, and this is one small part of it.
If that is how it is, and with social media / social engineering existing, I would be up for straight up removing the recovery questions.
They have already been removed.
That's a pretty piss poor answer, tbf
I'm not sure what you wanted me to say, the users account settings mean the recovery questions can't be displayed, I was just saying that if he remembered any of them it would not matter if they where in the wrong order or not an exact string match.
That's not good enough. Do you really expect every account to write down both the recovery questions and their answers when they make an account? And if so, how does that make them more secure than just another password?
You have people with 15 year old accounts in this game - sure they'll probably know the answers to their recovery questions if they know what they're being asked but are unlikely to remember 5 additional answers they only typed out once, 15 years ago.
Either make an account recovery system like this worthwhile with a good system for questions and answers, or don't have them at all.
Most people who have recovery questions do have them presented, this is an unusual case where the recovery set is not active and the user wants to recover - it's not the experience most people would have.
No.... This doesn't help at all.... Problem is he doesn't know what the questions were in the first place to even answer them.
In that case he can leave them blank, and focus on passwords, billing email, billing address, card payment info, payment methods, bill payers name, creation date, creation ISP, previous emails, house moves, ISP's used and any other relevant info to support the recovery.
When I came back to runescape I didn't remember any of my recovery questions but I was still able to get my acc back because I remembered old usernames and the rough time around which I first started playing and bought membership.
Exactly.
Even if it's not dumb answers, how are you supposed to remember the name of your favorite movie from 15 years ago? It's such a dated way of security that needs to seriously be revamped.
They are no longer in use.
If recovery questions aren't a determining factor in account recovery why even have them? What is the purpose of them at that point lol?
They exist historically and it can only help to ask for them, they carry very little weight though.
Man this is the dumbest mod response I've read this week. Please lose your account, have to go through this process and then give yourself the answer you just gave OP.
Youre going to choose on giving back OP's account depending on the answers he gives.
What.
How does he answer? Seriously, what does OP need to put in those blanks to get you to believe he is the original creator of the account?
He can leave them blank, an account is not recovered through just providing those answers.
[deleted]
No, if he knows the questions but not the order or exact format, he can put them in - otherwise just leave them blank.
Your support system is shit, no matter how you try to justify it.
Literally the worst in the whole industry. It's absolutely embarrassing.
On every support thread, assuming one gets any Jagex attention, I see nothing but an echo chamber of Jagex employees reiterating the same bullshit while plugging their ears and refusing to listen to their customers or the outside world by constantly shunning any criticism, feedback or debate for improvement.
Can you link me to an example of that please.
If the questions have been invalidated for some reason then the option to provide answers to those non-existent questions shouldn't exist.
They could still have been originally provided by the owner, they've just been changed or updated.
I have successfully recovered my 10+ year old account, after it had been stolen. It is now telling me I owe $325USD to log back in, however.. I have filed a dispute with the billing department and it said I'd get a response in less than 2 days. 3 days later, still says I owe $325... Any help u/Mod_Stevew
If the charges have not been incurred by your actions, the support team will put it right for you - don't forget the response will go to your message inbox not your email - if it's taking a while it'd probably just because they are checking into some banking info or investigating the debt - don't worry they will get back to you :)
Good to know about my game inbox... I'll check up on that as well. Will I get a response no matter what? Only upon success? Failure?
You'll get a response either way - I assume you know nothing about the debt and it was incurred by a hijacker?
And in that thread, where am i 'refusing to listen to their customers or the outside world by constantly shunning any criticism, feedback or debate for improvement'
That's my best guess. Haven't played Rs3 since... Rs2. Lol. EoC turned me away, been playing osrs since November (mobile ftw). Decided to give Rs3 my time again, recovered account and that's what I met.
OK should be fine then, they will let you know the outcome.
Look, I'm not going to get too far into what an awful standard this is because I know you're a customer support person and most likely not remotely responsible, but only allowing most players to be able to recover their accounts isn't acceptable. The runescape website is outdated and dilapidated as it is but the number one thing you absolutely need to have working is a good account recovery system - it's not some bells-and-whistles feature we should be happy to have. It should be standard.
I know a central theme of runescape these days is spaghetti code which hasn't been updated for 12 years, but that doesn't need to be the case outside of the game, and the impression I'm getting is that account recovery is still on the sort of model you'd expect when the game was being run by the Gower brothers and the small team around them at the very beginning, not one used for a game with players in the tens of thousands.
It's true a lot of our systems are now quite old, can't argue with that and we do have plans in place to address that. In this specific case though, the user is not excluded from recovery, they just can't provide a very small element of it. There are a significant number of accounts that have no recovery questions at all, they can still use the recovery process.
It's not lost on me that asking for answers and not giving the questions looks odd, and maybe we should just not ask for them at all if the questions can't be displayed. The thinking is that even if the questions can't be seen, it can't hurt to ask anyway, because if the user does happen to remember some of them then that gives them a bit of additional evidence they can offer to support their claim.
It's the same damn Reddit post as this one!
Get it together Steve!
I know. I don't think I've 'refusing to listen to their customers or the outside world by constantly shunning any criticism, feedback or debate for improvement' in this thread, but it is this thread I've been given as an example of that.
You actually can't be this f**king stupid
I know it's this thread, I just can't see the 'refusing to listen to their customers or the outside world by constantly shunning any criticism, feedback or debate for improvement' within it.
You all needa chill, Steve's responses in this thread were perfectly fine and honestly should have been what you expected.
Most people reuse things like passwords and recovery questions, there are even lists of default recovery questions in case you can't think of any. It's not unreasonable to expect that, when presented with a screen like this, a user would likely be able to vaguely remember "Oh, one was my mother's maiden name, my dog's name... one was a fart monster joke pretty sure, loved that sort of thing when I was 11..."
All Steve has said is that it's supposed to be able to display the questions but, due to either player settings or spaghetti, it has failed in this instance. THAT SAID, it's okay if you don't remember the questions, if you have a vague idea of what the questions may have been you can take a stab at it. If not, leave it blank.
They're not going to disqualify you because SMELLY CHEESE AND BAKED BEANS was the correct answer to question 4, but you put your cheese reference in Q2. It will still count as a positive identifier. "Oh yeah, this guy remembers his shit humour from 10 years ago." is actually something to go on. So even if this is a known issue (he has indicated that it was), the answer boxes with no questions still act as a potentially helpful source of player information.
This was worth questioning, just in case nobody knew about it, but it is certainly not worth the response it has garnered. Use it, or don't. It's your call.
Thanks for your measured response, regardless of how people have reacted, I would like to say that i do genuinely care about players and in many cases I share the frustrations - in this case I opted to not choose the path of least resistance and simply not post at all but instead tried to offer some insight into the issue and offer advice (not great advice that 'fixes all' but the only advice possible in this situation).
It's back fired a bit and I've received some criticism, but I'll continue to post where I think I need to, my intent is always sincere and genuine.