Mischlings

It's also useless for those of us who have played for more than 10 years, since he doesn't give any information about how long we've been playing (trust me, I've looked - I really want to know when exactly I started playing)

People who tested legacy for even just one minute are included into this 30%, so I think there are really few people using it. Which means that I would be counted, when my use of legacy was turning it on, balking at how the interface changed, then having to figure out how to change it back. Well then, good to know that the number looks good for PR but means nothing. I don't hate the idea of legacy - I like both the old and new combat system, I just don't feel like using it right now and really don't want to take a step backward when it comes to the interface/hotkeys. If they can give me hotkeys for spells/prayers/items alongside the old combat system, then I'll just switch between the two whenever I feel like using one or the other. Of course, now there's the inevitable arguments and testing for what Slayer tasks are faster on one or the other - there has to be something there, and people will be changing based on the task. At the least, it should be amusing to watch.

The last one sounds right, but it's the only one there I really doubt. I know there was the possibility of it hitting 1, which might just be a fifth possibility. Other than that, I'm pretty sure those are the right numbers - I just never kept too close track of it and I'm afraid to try digging into the old edits of the Wikia site to figure it out.

Forget adding legacy (I'm giving that time to blow up and settle down before I go near it), this is the life-changing update of the day.

They do more damage than chaotics and can be repaired for less (assuming using coins instead of trying to value dungeoneering tokens), either by using chitin scraps or having 67+ smithing at an armour stand. (67 smithing is the level at which it goes under 2m to repair a mainhand drygore, but you should use chitin scraps if you have less than 72 smithing). At that point, if you want to do an analysis, you'll have to look at GWD weapons to really make a good comparison where there's a real trade-off. Short answer: if you have the cash to buy them, drygores are worth it. (Assuming that today's update didn't completely scramble everything, which we'll probably have figured out for sure in a week or two.)

Here's the way to think about it: it teleports items when they get added to your inventory. They should explain it that way, as that's basically the way that it works (I think there are some circumstances that it doesn't do that, but it's not very many).

It adds a little bit of security. However if you always log out completely instead of going to the lobby and don't click the box for "trust for 30 days" or use a computer that no one else has access to, it's not really necessary. I'm keeping mine, since I'm very paranoid about security, but it's not all that necessary. The way I view a bank pin is that is always worthwhile. If the worst case happens you you do get hacked in spite of everything else protection wise and you don't have one thats it poof bye bye everything. If you do have one however you have 7 (or 3 if you like to set it less secure for no reason) days to secure your account before they can access anything other than your inventory and equipped gear. I didn't know exactly what they did when you tried to remove your bank pin - I just haven't had the motivation to try it yet (I'm going to be poking around a lot with their security pretty soon), but now that I know that, I definitely recommend keeping it. It's not perfect, but it definitely is better than nothing.

It adds a little bit of security. However if you always log out completely instead of going to the lobby and don't click the box for "trust for 30 days" or use a computer that no one else has access to, it's not really necessary. I'm keeping mine, since I'm very paranoid about security, but it's not all that necessary.

We are nowhere near formal enough for that. I figured as much, I just wanted to be doubly sure. I will definitely look at malware and what it has the potential to do to your account. And don't worry about it being well-researched - this is going to be written very slowly, with a focus on getting everything right from good sources, not on getting it written as quickly as possible. Also, since this is being written for the RS audience, who might not necessarily be knowledgeable about security in general, I'm going to also focus on making this educational about security in general as well.

It should help with introducing it to people - once I got used to using 2FA with Google, I added it to everything I possibly could. And you don't need it for the website? I assumed that was just because my computer was trusted... Wow, this is going to need some digging into (which I'm working on at the moment). And yeah, their password strength is terrible. I remember when I tried typing in my password without capitals and it went through... my jaw literally dropped that they would be so stupid. I'm trying to figure out why they would do it that way, and none of those ideas are good.

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense). You won't have to re-link the authenticator on your computer/smartphone again, no, but you do have to enter the short code generated from the authenticator once a month. So it's the same code every time? Or will that have to be generated every month? Every 30 seconds, the authenticator generates a new 6 digit code. You have to enter that each time you log in, unless you check the box to remember you on that computer for 30 days. After those 30 days, your next login will require you to enter the 6 digit code that is showing on the authenticator when you log in.

Wow, that was a big error in reading comprehension - thanks for pointing it out. I blame it on the topic talking about using the authenticator on the computer itself, as well as the fact that I'm currently researching the guts of the Google Authenticator app, so I'm really in that mindset at the moment. Also, it says pretty clearly that it saves for 30 days, but I guess some people might miss it.

No, you won't. The only reason you should ever have to re-authenticate is if, for some reason, you think that the QR code or 16 character code got out of your control and might be used by someone else, at which point they give you a new code (they should, theoretically - I haven't tested this out yet, but not changing the code each time doesn't make any sense).

I'd be more than glad to so long as I don't have to give exclusive publishing rights to the Times (I can do timed exclusivity, but I want to keep the rights just in case I want to do something else with it).

I know what questions I'm looking to answer (for the most part, and all of those are part of it), I'm mostly trying to figure out if other people have investigated this before me, which could do one of two things: 1) Save me time trying to get the answers 2) Give me a baseline to compare their current security to (More than likely the second, but I might have difficulty getting through to Jagex if their previous customer service reputation is anything to go by). (On a side note, I've already figured out that the passwords you can use are terrible - no special characters, case insensitive, limit of 20 characters - makes me cringe)

With yesterday's release of the authenticator, I was thinking about doing a bit of a review of the security policies that Jagex has. However, before I started going to all this work (there will be a good amount of investigation required to put everything together), I was just wondering if anyone had already done this or if anyone here knew where would be a good place to start looking for this.

That's exactly it - the code you're given is created by running the current time through a hash, then taking 6 digits from that (probably the last, but don't quote me on that). Your phone and Jagex's servers calculate the current digits separately, so if your time is off, you're never going to get the right one. This is a pretty good guide - simple is really good. I have mine set up with Google Authenticator on my phone, since I don't always use the same computer, and it's technically safer to have the code be on a separate device; any malware that gets into your computer would be able to get access to both your password through keylogging and could steal your encryption key from the app, which would allow them to predict the digits from here to eternity. However, if the computer is the only thing that you can use for the authentication, it's better than not having the second factor. EDIT: Corrected a small error I made.

There are a lot of things that I run into about RuneScape that I don't think people are really getting a good handle on - Bonds are probably the biggest example that I can think of... well, they might have been, until an update that just happened (and caused me to put off what was going to be this post) that I don't think people have really had the chance to sink in. Now, I didn't really use the companion app - I had it bookmarked and occasionally looked at it when I couldn't play the game, but I had no real reason to go to it. However, Jagex added something huge to it, something that is going to definitely make a change not just in me using the app, but in the way that I play the game. It makes perfect sense for them to add the ability to create GE transactions within the app, since it's likely the easiest thing to do on a tablet or phone screen - really, what's so different between, say, that and a spreadsheet or a simple web form? Sure, the interface as of right now is a little on the clunky side, but it's usable, and there's also the possibility that they could actually do something to improve it later on down the line. Whether or not it's as simple as it can be is beside the point, as this signals a change that... I don't know how to make clear how big of a change this is. The Grand Exchange now exists everywhere in RuneScape. Everywhere. Think about this. You don't have to go there, even as simple as it is to teleport there with, say, a Ring of Wealth. It's just not something you need to even do anymore. With the caveat that you need to log out of your other session completely, you can access the GE no matter where you are in the game. However, that's not even the game changer that I'm thinking this is. Like many people, I use the GE for flipping, which turns out to be a pretty decent source of profit. Now, with this update, I can do it from a smartphone or tablet, which the app is specifically designed and intended for. I don't need to be in the game, at a computer, in Varrock, sitting there at the GE, to make those transactions that serve as my main money making method. It's that great promise of portability that comes with mobile technology, just reaching this one little corner of the internet. Even stranger? This is taking a great money making method and not requiring you to actually play the game in order to use it. Flipping, and all other GE merchanting methods, have been moved out of the game itself and can be done even more easily than they already could. I have no idea what happens next - I'm not going to claim to know what effect this is going to have on the game. I don't know enough to have any idea what this is doing. I might start to work things out as it goes, especially as I get more acquainted with the ins and outs of the app, and some of the effects start to show up more clearly, I just want people to start talking about it, as there seemed to be mostly silence here.

Smartphone authenticator? Good, I've been wondering why they didn't just go with that in the first place. Sign me up for it as soon as it becomes available.

I would stick to Graardor for melee. You can definitely kill him even though your Herblore, Prayer, and Summoning are on the lower end, the issue is whether it's going to be profitable enough to be worth it. Since you need to get the killcount each trip, you want to last as many kills as possible, and each of those three things helps you get more. It can be worth it, I just don't know too well because I'm used to having at least some of those thing. However, to try and help, I'll give you a few things that might be useful: Always stay right next to the altar and let them come to you. Bandos armour is weakest to magic, and sometimes the magic sergeant (Steelwill) won't see you when you're against that wall - that should help you take somewhat less damage. Use defensive abilities like Anticipate, since they lower the damage that you take for a short period of time. In between kills, use Regenerate to get back as much health as you can. It also might be useful to bring a shield and use Rejuventate when you have the opportunity. Consider the vampyrism aura or Scrimshaw of Vampyrism. They restore health based on how much damage you do - even though they're not as good as Soul Split, they're still a great help. Always use protect from melee when Graardor is alive, then after he's dead, pray against magic and kill Steelwill, pray against melee and kill Strongstack, then kill Grimspike, praying against ranged if you need to. Abuse the fact that, every 10 minutes, you can pray at the altar so long as they're all dead - it'll only save a bit of prayer potions, but every little bit helps. I hope that some of those help.

It is important to keep in mind that this thread was started over a year ago. On the other side of that... The speed that tasks go at now are simply amazing - I've had similar experience with abyssal demon/dark beast tasks (I have the masks that make sure I get at least one assignment of each per day I train slayer, so I do them a lot), whereas I remember slaying before even chaotics were out having to spend nearly 2 hours to get 240ish kills on those tasks. Admittedly, the weapons aren't the only changes I've had (gained curses, better combat familiars), but it's still changed. Also, the fact that the Ascension creatures exist and are tasks? Those are great money makers even outside of Slayer, so them being part of slayer is just great. (There's also the possibility of using bosses for some assignments, but I haven't really had a chance to try that out much) I guess the main thing I have to add to the conversation is this: Slayer is definitely improving, if nothing else.

I really think that the numbers falling are due to the number of bots going way down to basically being nonexistent now. I honestly can't even think of where I see bots anymore, if I see them at all. Also, money wise, consider that Treasure Hunter/Solomon's General Store/Bonds also provide a revenue stream, and that kind of thing can turn out to be more profitable than subscriptions. As an example, I don't buy membership using real money unless there's some sort of discount, but every bond that I buy was paid for with real money, and on top of that, more than they would get from me for membership in the first place. And what Artemis said is exactly on the right track - the real money comes from a small number of players who pay a lot, not a large number who pay just a little.

RS Wiki agrees with you on that. With really low slayer, they're out of the question even though the Ascension monsters are great for moneymaking. As for something you can do, this jumped out at me while looking through some moneymaking methods. There are some moderate quest requirements, but it doesn't look too bad as far as requirements go - it's not the best, but I think that it's pretty good for what you can reasonably do with ranged at your levels.

Well, I tried a run last night with the vampyrism aura/scrimshaw. I'm amazed - I was doing so well that I felt like I could basically live there. I had more issues keeping my health up to get my killcount than I did when fighting Graardor, which I found kind of amazing. Next step: get better at stalling so I can start off with threshold abilities. Thanks for the help. EDIT: Well, I tried QBD on a whim today. Conclusion: screw Graardor, I'm going to be basically living there for the time being.

Not a problem - always glad to help people. And it's great that you got it back - I'd hate to have lost an account that I could never get back.