Mercifull

They said it was the first time they mentioned RS3 as the name. Remember that originally RS2 was just 3D avatars in the RSC world but was developed further into RS2.

I'm guessing RS3 is the move to HTML5?

Huh "RuneScape3" wtf?!!!!!!!!!!!!!!!

Yeah it's immature.

Miraculously I got the full queens guard outfit (got shoes today) but that's pretty much it. Unless you bought spins on the weekend those items were in the common slots you're very unlikely to get them even by purchasing spins now/

Ah ok. sorry for confusion.

All the summer items are being removed after this weekend. So you wont be able to get queens guard, dragon ceremonial etc anymore.

Well my emails are a custom domain using Google Apps for business. I have 2-step verification enabled which means the only way to get access would be to submit an administrator request to google, a copy was sent to me. This COULD be someone attempting to gain access to my emails as one part of gaining access to an account. Who knows. Just seems a bit of a coincidence to get it so soon after activating JAG.

It's supposedly an all new detection system so there isnt any point basing opinion on their current methods. Personally, it seem's like a good update I just don't understand how this will work in the long term. If the detection is as good as they claim then surely in future noone will bother botting and so it will become dead content?

Interestingly someone tried a "forgot administrator password request" on my emails this morning. They didn't succeed.

I see that a squeal related newspost has now pushed a game update from the top story. Bloody ridiculous it's virtually impossible to get the full reward from the SoF update by using up free spins.

Indeed and this is what Jagex had to say when I emailed them about it:

I suppose in theory its also possible for someone who has managed to install a RAT on a victims computer to control it remotely and transfer gold and items that way. I'm obviously being quite critical here and a lot of the scenarios I am proposing would be incredibly rare but my main point is that they are making similar mistakes as with the current recovery system and a proper 2-step verification system would prevent all of them.

And how do you remember which silly answer goes with which question? If you have to write it down then its a flawed system as it could be lost or accidently destroyed.

It gets worse. The things Jagex have chosen as security questions are things which can very easily be found out by using Facebook or other social networks or even through general conversation! I'm furious! I want to be able to ask my own questions, questions which noone can know the answer unless they were physically in my house for example. This is an outrage.

Any by having it based on IP (which for many people might change fairly often) a phishing site could appear to be more legitimate as having to re-enter details fairly often would become the norm and not something to be alarmed about. As I said before I'm just disappinted really. Jagex missed a trick here by not providing something at full strength available. An authenticator device/app/sms/voicecode facility would mean that I could give you my RuneScape username & password, my email adddress username & password AND install a keylogger onto my computer and you still wouldn't be able to get into my account.

What a real shame. Considering MMG comes from a security background I expected a lot more. The Jagex Account Guardian uses a combination of email addresses and unchangeable security questions to enable devices/computers which means that accounts are STILL suseptible to remote attacks. Because they cannot be changed once set its a massive security hole if someone manages to find them out. It's an interesting addition and no doubt WILL make people's accounts more secure but I'm very dissapointed they didn't go down the route I wanted them to. Expect phishing and keylogging to boom. The thing that makes a 2-step authenticator so secure is because the code used for access changes every 30 seconds and because you need physical access to the device or mobile phone of the account holder. The system Jagex has implemented does not protect against phishing (as they will just make pages that claim cookies have expired or something so you need to read your computer) nor against much more serious keylogging software which can also compromise your banking details. So on that note if anyone here wants to activate the JAG then make sure your email provider DOES have 2-step authentication such as Gmail and activate that as well!

If you have the ability to opt into it then I would definitely recommend it. If the Botany bay bot nuke is as successful as Jagex believe it to be then the goldfarmers are going to turn to account thefts for their gold stocks.

We don't yet know. In most cases you will be asked for a code each time you try to log in from a new computer or if a period of time such as 30 days passes.

All information points to an optional system so no need to be pissed off :)

At the end of the day it's only a bit of printing to change the branding. They could sell different looking versions but they would all work across Jagex games

Yeah I just mocked it up as an extra little thing to go along with the Authenticator app/SMS idea.

Update is scheduled for Wednesday so no.

In the RuneScape livefeed last night (and again today on twitter) Mod Paul M said that they he will be filming a special Botany bay/bot nuke behind the scenes today which will be released on Friday (or earlier if someone manages to snag the hidden link from somewhere). Omali is right about the term "usb" being misleading. In 2008 jagex refered to the device looking "a bit like a USB dongle" but it's not actually anything to do with USB. Think only of the form factor and size of a usb stick for a potential RuneScape secure key but not actually something you put into your computer. A secure key, mobile app, sms, voicemessage prevents account thefts because even if someone has access to your password they will not be able to get hold of the number required for login. The only way to get around it is to also have physical access to the persons phone you want to "hack". You are reducing the potential number of victims to an incredibly small number.