tripsis Posted October 17, 2012 Share Posted October 17, 2012 Jagex Account Guardian Tips (Securing Your RuneScape Account) In an ongoing effort to help protect our forum users and RuneScape players from being hacked or account hijacked, we have written up a post detailing our recommendations for how best to utilize Jagex Account Guardian. Jagex Account Guardian (JAG) is a new security system that allows you to set recognized "devices" (computers) and anyone who attempts to log in to your RuneScape account from an unrecognized device will be hindered by new security questions, which are unchangeable. To enable Jagex Account Guardian (JAG) for your account, login to RuneScape.com, navigate to your "Account" section, and at the top of the page there is a section called "Jagex Account Guardian" that will walk you through the steps of enabling the feature. Since you cannot customize the JAG recovery questions, it is more important than ever that you set answers that no one can guess! Think carefully before you enable JAG and pick your recoveries. First, try Googling yourself (both your real name and RSN) and searching through your social media accounts and forum posts. Are the recovery question answers obtainable through those outlets? For example, the question "Where was your first vacation / holiday?" is NOT a good choice if your first holiday photos are posted on Facebook for everyone to see. The question "What is your favourite sports team? is NOT a good choice if you have this listed in an online profile. The absolute BEST approach is to treat these recoveries like additional passwords and use random numbers, letters, and symbols. Alternatively, you could use some sort of random phrase that makes no sense whatsoever to anyone but you. Of course, this makes your recoveries extremely hard to remember, so let's take this a step further. If you want to ensure that you will never forget the answers to your JAG recoveries, you can either write them down on a piece of a paper and keep that paper some place safe, or you can even store those answers on an encrypted part of your hard drive. We do NOT recommend that you store the answers in a plain text file on your computer! That is not secure and anyone could simply open the file if they gain access to your computer! There are several ways you can encrypt files. Here are some examples:1Password - The 1Password application allows you to store passwords, notes, and other information. All the information you store is strongly encrypted. You select a master password, which is required to unlock your data.True Crypt - This application creates a virtual encrypted disk within a file and mounts it as a real disk. It can also encrypt an entire partition or storage device, such as a USB flash drive or hard drive. This is great for encrypting all kinds of files, partitions, etc.There are many other encryption options available online, many of which are extremely easy to use and set up, but protect your data very well! Once you have your method of encryption, you can select recovery answers that are virtually impossible to guess or brute force. No one will be able to utilize social engineering to gain access to your account. SummaryEnable Jagex Account Guardian.Select random questions.For the answers, use strings of random numbers, letters, and symbols, such as: 448,MJ:9?;B2/74T?932pStore the answers to the questions on your computer and encrypt them, using an application like 1Password or True Crypt.Secure the e-mail address linked to your RuneScape account with Gmail 2-step verification. Check this e-mail often.Sleep soundly, knowing your account is more secure! 3 - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
Mylez Posted October 17, 2012 Share Posted October 17, 2012 Great tips. I'm a big fan of JAG, so far it is the best security an account can have, IMO. Some good tips about software, i.e, 1password. :] Link to comment Share on other sites More sharing options...
Fire Essling Posted October 17, 2012 Share Posted October 17, 2012 Some great tips here ^^ Website corrections ~ Items & Shops ~ Bestiary ~ Quests ~ Maps & Calculators[spoiler=Rare Drops/Splits (Feb 2013 - ??)] Link to comment Share on other sites More sharing options...
Chief_Wolfenblu Posted October 17, 2012 Share Posted October 17, 2012 Good ideas. I have not been able to use Jag yet I was kind of waiting for some feed back and player info on it. One reason I joined Tif. Link to comment Share on other sites More sharing options...
Kaida23 Posted October 17, 2012 Share Posted October 17, 2012 Excellent tips. Thank you. :thumbsup: Check out my blog to read the Adventures of a Big Damn (F2P) Hero. THE place for all free players to connect, hang out and talk about how awesome it is to be F2P. So, Kaida is the real version of every fictional science-badass? That explains a lot, actually... Link to comment Share on other sites More sharing options...
Lord Slayas Posted October 18, 2012 Share Posted October 18, 2012 I'm a fan of JAG as well, definitely makes your account much more secure. The problem with using random strings of letters and numbers is the fact that you have to have it written down or kept somewhere, and if your computer crashes or you lose the paper/usb device (or you forget the password to the encryption), you'll be in real trouble. I would simply advise to use the advice above and make sure that your answers cannot be found through any means, and choose something that is very obscure and impossible for anyone other then you to guess. My Pure F2P Blog: CLICK ME6th Maintainer of the Pure F2P Highscores / The Top 250 F2P Skill Total Lists : May 16th, 2012 - March 30th, 2014. Link to comment Share on other sites More sharing options...
tripsis Posted October 18, 2012 Author Share Posted October 18, 2012 I'm a fan of JAG as well, definitely makes your account much more secure. The problem with using random strings of letters and numbers is the fact that you have to have it written down or kept somewhere, and if your computer crashes or you lose the paper/usb device (or you forget the password to the encryption), you'll be in real trouble. I would simply advise to use the advice above and make sure that your answers cannot be found through and means, and choose something that is very obscure and impossible for anyone other then you to guess. That's true, but there are also ways around that. For example, your encrypted 1Password data can be stored on Dropbox, and/or the information can be backed up to another hard drive (this is always a good idea anyway). - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
Mercifull Posted October 18, 2012 Share Posted October 18, 2012 I'm a fan of JAG as well, definitely makes your account much more secure. The problem with using random strings of letters and numbers is the fact that you have to have it written down or kept somewhere, and if your computer crashes or you lose the paper/usb device (or you forget the password to the encryption), you'll be in real trouble. I would simply advise to use the advice above and make sure that your answers cannot be found through and means, and choose something that is very obscure and impossible for anyone other then you to guess. That's true, but there are also ways around that. For example, your encrypted 1Password data can be stored on Dropbox, and/or the information can be backed up to another hard drive (this is always a good idea anyway).Hehe I was just going to post this. You can also get a 1password app for your smartphone as well (not free though) Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Den Posted October 18, 2012 Share Posted October 18, 2012 Ok, so I have a problem. I like the idea of JAG and all, but I really dislike the not being able to change the passwords. If someone were to find out the passwords somehow, they would know them forever. Jagex's advice on this question was "Don't let people see the passwords." but that doesn't even answer the question as by asking this I assume someone HAS seen them. I wan't to use JAG, but that part puts me off from using it. ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
tripsis Posted October 18, 2012 Author Share Posted October 18, 2012 Ok, so I have a problem. I like the idea of JAG and all, but I really dislike the not being able to change the passwords. If someone were to find out the passwords somehow, they would know them forever. Jagex's advice on this question was "Don't let people see the passwords." but that doesn't even answer the question as by asking this I assume someone HAS seen them. I wan't to use JAG, but that part puts me off from using it. I totally get your concern. Ultimately if you feel safer not setting them, then that's you're choice and I do understand your reasons. But if you do follow all the above guidelines, use impossible to guess answers, and encrypt them, then realistically no one should ever have access to them. The only way someone would is if you get a keylogger so someone figures out your 1Password master password, AND they manage to steal your actual data file. - 99 fletching | 99 thieving | 99 construction | 99 herblore | 99 smithing | 99 woodcutting - - 99 runecrafting - 99 prayer - 125 combat - 95 farming - - Blog - DeviantART - Book Reviews & Blog Link to comment Share on other sites More sharing options...
Arceus Posted October 18, 2012 Share Posted October 18, 2012 First of all thanks for the advice. I'm sure it will be helpful to many :). Ok, so I have a problem. I like the idea of JAG and all, but I really dislike the not being able to change the passwords. If someone were to find out the passwords somehow, they would know them forever. Jagex's advice on this question was "Don't let people see the passwords." but that doesn't even answer the question as by asking this I assume someone HAS seen them. I wan't to use JAG, but that part puts me off from using it.If someone gets your answers and you explain it to Jagex in the right place, I believe they will allow you to set new ones. At least, I saw on the threads that they had reset it for people who had forgotten their questions. "Fight for what you believe in, and believe in what you're fighting for." Can games be art? --- My blog here if you want to check out my Times articles and other writings! I always appreciate comments/feedback. Link to comment Share on other sites More sharing options...
Mylez Posted October 18, 2012 Share Posted October 18, 2012 I also have this concern, this is one of the very few aspects of recovery questions/answers which actually works, the ability to change them over a two week (or less if you know how) period. I think Jagex are aware of this though, I did see this come up on the RSOF. I cannot remember where though. :? Link to comment Share on other sites More sharing options...
Den Posted October 18, 2012 Share Posted October 18, 2012 Ok, so I have a problem. I like the idea of JAG and all, but I really dislike the not being able to change the passwords. If someone were to find out the passwords somehow, they would know them forever. Jagex's advice on this question was "Don't let people see the passwords." but that doesn't even answer the question as by asking this I assume someone HAS seen them. I wan't to use JAG, but that part puts me off from using it. I totally get your concern. Ultimately if you feel safer not setting them, then that's you're choice and I do understand your reasons. But if you do follow all the above guidelines, use impossible to guess answers, and encrypt them, then realistically no one should ever have access to them. The only way someone would is if you get a keylogger so someone figures out your 1Password master password, AND they manage to steal your actual data file.Hmm true. On the other hand if I only stored it there and couldn't remember it myself, I'd lose all the answers if my harddrive were to crash. Decisions... ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
eoc noty Posted November 22, 2012 Share Posted November 22, 2012 how do i get it to stop asking me to add my device every single time i try to log in?? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now