devtrackers.gg
So jagex accounts have been here for a bit now and ive read some posts people saying they got issues and whatnot with them but thats been a while ago so my question is is it worth switching to them currently?
External link βSo jagex accounts have been here for a bit now and ive read some posts people saying they got issues and whatnot with them but thats been a while ago so my question is is it worth switching to them currently?
External link βAlways has been.
That's correct.
Be sure when you create your Jagex account you copy down your recovery codes (Should be 10 in total) as they are the only ways to recover your account if lost.
Be sure when you have created your Jagex account and you enable App 2FA to copy down your
recoverybackup codes
Seen some confusion from players on this, fixed for you :) Backup codes are only provided when you enable App 2FA.
can you explain how i'm meant to share a computer with my partner and have to manually log in and out each time because we can't be logged into more than one jagex account at a time?
clearly it's not an option to link both accounts permanently as this goes against your T&C's.
really need an answer to this one.
Sure, you can hover over your Jagex Account name in the Jagex Launcher and there's an option to log out of the account. Your partner will then be able to login as usual.
that's not a solution it's a workaround with extra steps. currently, with a jagex launcher without a jagex account we don't have to log in like that.
additionally, we can play both clients together if we want to - we would lose that as a feature by "upgrading". any workaround that?
Oh my apologies, you said how so I thought you just didn't know you could log out.
If you're worried about breaking the T&C's I'm not sure how you would each play your own client on one PC at the same time.
We have no plans to allow multiple Jagex Accounts to be logged into one Jagex Launcher, so when you've finished playing your partner will have to log into their own account. Thankfully if you use a password manager, that's pretty simple since you can add 2FA signup codes to it as well.
how about the ability to remove your own account from a jagex account in that case? i don't mind linking them for the QOL, but if i want them separated for any reason, could that not be something i could do if i had a jagex account recovery code?
currently your policy is to not separate them even in accidental additions.
You should be linking them primarily for the security upgrades they provide.
For similar reasons, we have no plans to allow a user to remove a RuneScape character from their Jagex Account.
should these security features not just be a standard across the board then? it seems i lose features by "upgrading", should that not be addressed?
Jagex Accounts are the standard. Making changes to our old systems would have been much more costly and complex so the technical reasons for creating a new account system were clear.
what recovery codes?
They are referring to backup codes, those provided when you enable App 2FA on your Jagex Account.
> For similar reasons, we have no plans to allow a user to remove a RuneScape character from their Jagex Account.
You need to add this feature because your automatic addition feature of accounts from associated email doesn't or didn't work very well. I have over 20 accounts and I can't add all of the accounts that I actually use because I have slots taken up by accounts from 10+ years ago that were auto-detected that I can't remove,
If you have over 20 accounts you still couldn't add all of them if the one default character wasn't there.
We added a feature to hide characters recently, you can do that on account.jagex.com. This will still count towards your character total, but is the closest to removing a character we will be doing.
Nah not always, now that the bug is fixed allowing people to hijack accounts or the bug where my brothers account got merged into mine and yas wouldn't fix it. The fact that if your jagex account gets hacked you CAN NOT recover it.
Seems to be that there's a big negative to a jagex account bud.
I assume you're referring to the recent Steam issue - this was unrelated to Jagex Accounts, as explained on the Old School blogpost.
Jagex Account s cannot be merged together and the functionality to automatically do so for RuneScape accounts doesn't exist.
Anyone following general security advice should have no issues retaining access to their account. Suggestions on how to verify the identity of a user claiming a Jagex Account would be welcome.
Not sure if that was it, but I'm referring to the client token staying signed into a browser and anyone who signs in on that computer to their runeacape account has their account merged with thr jagex account currently logged in.
Not merging a jagex account with a jagex account.
But a person's account being merged without any authorisation checks into another jagex account.
Not sure if that was it, but I'm referring to the client token staying signed into a browser and anyone who signs in on that computer to their runeacape account has their account merged with thr jagex account currently logged in.
This does not happen. Obviously excluding when you explicitly upgrade an account, accounts are not automatically upgraded to a Jagex Account. For testing purposes I'm currently logged into a RuneScape account in my browser that does not have a Jagex Account without it being auto-imported.
But a person's account being merged without any authorisation checks into another jagex account.
Authorisation is required for any account upgrade, merge or creation.
This was a known bug, people were using false links to essentially merge your account into their jagex account without any authorisation, leaving them with free reign of it, I can see how this would also happen on accident to multiple sign ins with a jagex account already open
You are referring to the Steam issue. I won't expand on a security incident any more than to say this was unrelated to Jagex Accounts and information is available in the blog I linked above.
If itβs the standard that provides robust security upgrades then why not force migrate all users immediately?
We're going with carrot rather than stick at the moment. Forced migration will inevitably come at some point, but no news on that this year.
I have a question about the backup codes. What actually happens when you use one?
I assumed that using a backup code would disable the 2fa app on your account, but someone posted this in the account help channel on discord today:
Looking for some help with Jagex Account Multi Factor Auth. I replaced my phone recently, and have no access to the old one. I had one backup code for my MFA, and used it to log into RS on my new phone. I realize now this was a mistake (thought I'd be able to go into Account Management if I was logged into the game, but it requires a separate login). Is there anything I can do at this point? I tried restoring Authenticator with no luck.
I guess he's screwed now? I have spent months telling people to save "at least 1 of the backup codes"... Oops... Going forward I will definitely be telling people to save all of the backup codes. >_<
How many backup codes do you need to use to actually disable 2fa? 1 to get into account management, then another for each account change? (Log in, enable 2fa emails, then disable 2fa app, three codes?)
While I'm on the topic of 2fa, a friend of mine recently upgraded to a Jagex account and I asked him if he enabled 2fa on his Jagex account. He said "I've had 2fa enabled for years", and when I pointed out that his old 2fa isn't enabled anymore said "well they did a very poor job of letting me know my 2fa was disabled, effectively".
It would be nice if there was an optional step during the upgrade process to enable a 2fa app. Something like... "If you have a 2fa app enabled on your account, it will be disabled after upgrading. For the best account security we recommend enabling a 2fa app" <Continue> <Maybe Later>
I have a question about the backup codes. What actually happens when you use one?
I assumed that using a backup code would disable the 2fa app on your account
It does not. We did a lot of research into backup codes across the tech sector for this and its pretty standard (from what I recall) that the App 2FA remains active when a backup code is used.
How many backup codes do you need to use to actually disable 2fa? 1 to get into account management, then another for each account change? (Log in, enable 2fa emails, then disable 2fa app, three codes?)
You need 1 backup code to disable App 2FA, that should be plenty enough to ensure that you have access (as you mention) through email 2FA then you can use that to go through the rest of the steps of resetting your App 2FA. Unless I've misunderstood your userflow.
It would be nice if there was an optional step during the upgrade process to enable a 2fa app. Something like... "If you have a 2fa app enabled on your account, it will be disabled after upgrading. For the best account security we recommend enabling a 2fa app"
Agreed, I've forwarded this feedback onto our product team and hopefully they'll prioritise some changes to improve this :)