When I came back to runescape I didn't remember any of my recovery questions but I was still able to get my acc back because I remembered old usernames and the rough time around which I first started playing and bought membership.
Exactly.
When I came back to runescape I didn't remember any of my recovery questions but I was still able to get my acc back because I remembered old usernames and the rough time around which I first started playing and bought membership.
Exactly.
No.... This doesn't help at all.... Problem is he doesn't know what the questions were in the first place to even answer them.
In that case he can leave them blank, and focus on passwords, billing email, billing address, card payment info, payment methods, bill payers name, creation date, creation ISP, previous emails, house moves, ISP's used and any other relevant info to support the recovery.
That's not good enough. Do you really expect every account to write down both the recovery questions and their answers when they make an account? And if so, how does that make them more secure than just another password?
You have people with 15 year old accounts in this game - sure they'll probably know the answers to their recovery questions if they know what they're being asked but are unlikely to remember 5 additional answers they only typed out once, 15 years ago.
Either make an account recovery system like this worthwhile with a good system for questions and answers, or don't have them at all.
Most people who have recovery questions do have them presented, this is an unusual case where the recovery set is not active and the user wants to recover - it's not the experience most people would have.
That's a pretty piss poor answer, tbf
I'm not sure what you wanted me to say, the users account settings mean the recovery questions can't be displayed, I was just saying that if he remembered any of them it would not matter if they where in the wrong order or not an exact string match.
If that is how it is, and with social media / social engineering existing, I would be up for straight up removing the recovery questions.
They have already been removed.
“You can give the answers in any order” what answers?
The answers to the security questions, if he can't remember the questions then obviously he cant provide any answers. The concept of recovery is to identify if the person making the request is the owner, and this is one small part of it.
WOW, how detached are you guys? This must be one of the worst responses possible. How is anyone able to know questions that were used maybe years ago. This is just so sad.....
Well plenty of people do answer them, some people will recall them some won't, that isn't a reason to at least not see if they can be provided is it?
Ok? So how is he supposed to answer without knowing the questions?
If he knows the questions but not the order, he can put the answers in any order. If he can't remember any of the questions he can just leave that section blank.
people change their answers over time
In light of the backlash you're receiving for your disgraceful response, I've been wanting to change my recovery questions/answers for a while now. How do I do so?
They can't be changed now, as I said, they have very little impact on account recovery.
Hey,
Most people are presented with the recovery questions, however it is also possible that although security questions have been set historically, they have been invalidated. There are a number of reasons why this could be, inducing recovery questions invalidated by previous recoveries, set by a hijacker and so on. Recovery answers are fairly weak information anyway, as they can be easily guessed in most cases, and people change their answers over time.
The good news is that recovery answers are useful but not a determining factor in account recovery, and you can give the answers in any order because recovery answers are reviewed by a human and we make a sensible allowance for them not necessarily being in the right order.
Similarly we can make a human interpretation judgement over text entries, so if you answer is 'Josh PS3' we would be likely to also accept 'Joshua Playstation 3'. The overriding principal is that the recovery request as a whole must app...
Read moreHey man I want “Splooge drenched cum dumpster fire” back. Plz help
Sounds reasonable. Oh wait, too many characters.
My friend has had the name “dildopussy” for over a week now, how has that been allowed? Lol
We didn't know about it. Until now.
The name was removed with the best intent, you don't need to do too much thinking about it to end up with an inappropriate theme of the name - but in fairness we have reviewed this and decided that on balance, the name should be allowed, so we've applied it back to your account. Although we have clear guidelines for obvious off naming, others that are more subjective very often come down to a judgement call and different staff will interpret names in different ways, if nothing else it does show that the support team is human!
Thanks we will look into this. We do have standards that we expect all P Mods to adhere to, and that includes choice of language and behaviour.
I don't want to create an environment where this platform becomes a place to 'highlight a P Mod swearing and get them demodded' and we will look at the wider chat logs and context before reaching a next steps decision in this case.
In fact, this incident was already known to us by the in game report abuse system, although that report was only received about an hour ago and we have not yet processed it.
For clarity, if we feel a volunteer Moderator is not behaving in a considerate manner, we reserve the right to remove their P Mod status and offer the role to someone else who has a better approach to self moderation.
I think it would be courteous and commendable if the OP now removed the image given it contains the P Mods character name.
I feel this so hard. My 16 year old account got ban hammered after it got hacked by someone who spammed macros to people :/
F
You should appeal that - we don't ban for spam now so you'll be granted :)
Think I found the account, although the in game name is different.
The appeals are OK, the account hasn't been used in over 2 years. It would be good if you could match earlier passwords, your billing info doesn't match fully and you don't seem to now your own zip code. It is possible it was typod on supply. Your appeal IP has never been used for game or web access, but that is not unusual on a dormant account. The ISP and geo have a match in log in history, and significantly across a couple of strong password changes. The ISP is not through a VPN which also helps.
That said, you do also have a strong pass match, contact email, ISP and geo, creation date, 4 out of 5 recoveries and the account wasn't last used by the owner, so we are invalidating that pass as compromised.
Auth was removed 3 years ago, with links to the compromised pass, and the last code before that was clearly not entered by the owner either - so I can ignore all of that. You have a billin...
Read moreWhat is this about ?
Hey,
First off I'm sorry to hear you had this experience in game, while Telos is still a long way off for me to even consider, I can understand the frustration that streak breaks can cause.
In terms of your support experience, you have submitted an email to the 'tip off' address. The purpose of that address is to provide us with information that may be useful for improvement opportunities or investigations. It's well suited to let us know about scams, hijacks and similar - and works well as a source of information and evidence for us to tackle these sort of incidents in future. As it is intended as a 'tip off' service you won't get a reply from the staff who monitor those emails, instead their time is used on reacting to the tip offs, identifying trends and investigations.
That said, we know that people expect a response if they send an email, so we do fire back an automated response so you can be sure your email has been received, and that response does als...
Read moreor have a habit of using various VPN's on web access only - but I have to say it looks suspicious
This shouldn't be suspicious at all and is deeply concerning as I use a VPN for other things but do log onto my accounts while connected to the VPN. Users like to torrent and stream unseen by their ISP or want protection from ddos if you use 3rd party communication software like Teamspeak.
The new email that the owner asked to be set to the account in this recovery request, is in itself suspicious, it has been used on 43 other RuneScape accounts
Sounds like OP was hijacked by a known hijacker that is overly familiar with jagex security protocols which seems more like a problem for you guys than a suspicion on OP.
EDIT: Since we have some idiots in here. At the end of the day. I don't want my account locked because I'm using a vpn to not be throttled or ddossed.
Just to clarify the VPN point - there is no issue at all with people using VPN's, and of course people do go on vacation, relocate for college, move home etc. - I was not trying to imply that these sort of moves cause us any concern.
When reviewing this case, the extensive logs ins from various countries just formed part of my assessment of the history of the account, it was also worth noting that all game play was fairly static, but the country variations only applied to web log ins.
It was a contextual observation, and I probably should have used the word 'unusual' rather then 'suspicious' - apologies if I unnerved any VPN users, sleep easy and 'Scape on, your use of VPN is not a concern :)
Just to clarify the VPN point - there is no issue at all with people using VPN's, and of course people do go on vacation, relocate for college, move home etc. - I was not trying to imply that these sort of moves cause us any concern.
When reviewing this case, the extensive logs ins from various countries just formed part of my assessment of the history of the account, it was also worth noting that all game play was fairly static, but the country variations only applied to web log ins.
It was a contextual observation, and I probably should have used the word 'unusual' rather then 'suspicious' - apologies if I unnerved any VPN users, sleep easy and 'Scape on, your use of VPN is not a concern :)