Jump to content

11-July-2009 Jagex Security Key Response


Recommended Posts

Andrew clears up arguments about the upcoming security key.




[hide=Jagex Security Key Response]"Hi,




I've noticed the Jagex Security Key poll is causing some heated debate, so thought I'd better pop in and post some clarifications.




The first thing to bear in mind, (which we really should have mentioned in the poll), is we are NOT looking to make a profit from this key. The price is to cover the cost of buying the device and shipping it. In fact these devices aren't particularly cheap and if we do go ahead with this I expect we will probably LOSE money doing it. To be able to get it down to $10 we would almost certainly have to either heavily subsidize the cost of the key (i.e sell it at a loss), or buy in such huge bulk that we would end up with a large number we'd never sell (Still making a loss). So this really ISNT about making some quick money. The main reason for the poll is to see if there is enough interest to make it practical at all.




Now you're probably wondering why we would even consider doing this if we would be losing money. The reason is simple, we're in this for the long run, not for a quick buck, and therefore player satisfaction is extremely important to us. And a player who has had their account stolen (even though due to a keylogger/virus on their own computer) is generally not very satisified! We feel that the benefit of keeping our players safe outweighs the cost, and so we are willing to potentially take a bit of a hit on this.




Which brings us on to the 'bank space' incentive. Which is exactly that... an incentive.




The problem we face is the VAST majority of players don't actually believe they need extra security (until it is too late), and it seems very hard to convince them otherwise. I've been working on computer security for years, and the problem is people assume if they have an antivirus and a firewall and don't tell people their password they are bound to be safe. This ISNT true! It certainly makes you safer, and is a very good idea, but it sadly doesn't make you invulnerable. Even if you are very careful - believe it or not you can still end up with a keylogger on your computer. For starters all of the commonly used web-browsers are written in C++, and repeatedly suffer flaws where if you visit a malicious webpage, even without clicking on anything your computer can be compromised. I'm more up to speed on computer security than most, but I still use a bank pin on my account, and will still be using a Jagex Security key on my account. Because I don't suffer from the delusion that I'm somehow magically immune.




So the problem we face is we know lots of our players lose their passwords, we also know those very same players point blank refuse to believe anything bad could possible happen to them, and think they are secure (until it is too late), and therefore probably won't buy a security key. The evidence for this is clear, just look at our own forums and all the people saying "I'm secure, I don't need a key!". So we started wondering what we could do about that. If we can incentive people to buy a key some other way perhaps we can still protect their account. Of course even if the key does ultimately protect them, they will probably never even realize that it happened, and will probably go on thinking that they didn't need it, but at least their account is secure.




We chose extra bank space for the proposed incentive, because a) we already give extra bank space to members anyway, so this doesn't unbalance things further in any way B) it kind of makes sense that the people with the fullest banks are the ones with most to lose, so the ones who most need a key.




So this isn't about RWT (any more than the members game we already sell isn't about RWT), and it isn't about trying to make a quick profit. It really is simply about keeping our players accounts secure.




If we were in it for a quick buck we would just sell the bank space and forget the loss making key idea entirely (then we WOULD make lots of money), we're not going to do that, because that's not what this is about.[/hide]







Link to comment
Share on other sites

  • Replies 88
  • Created
  • Last Reply

Top Posters In This Topic

I don't see why people were so upset about Jagex making money off of it in the first place. They're a company. So I don't really care if they make a loss or not. It's good to see that Jagex care about their players though.




And you can never been too secure with your computer :P

[insert birds flying in a circle here]

Yes, that sig was annoying.

Link to comment
Share on other sites

It's a well written response, but still, I don't think it's how Jagex should be proceeding. They run an online game that can be played anywhere on any computer, this Security Key is just too much, in my opinion.

Link to comment
Share on other sites

This has to set a new record for "most RSOF threads owned in a single post"




Good job clearing that up :thumbup:




Other page posts by Andrew





one other things I want to mentioned, which was also accidentally missed out of the poll.




This isn't actually a USB device, it is just USB sized. It WILL work with Linux and Mac. It is a little device with a small LCD screen (like a calculator has) which displays a 6 digit number which changes every minute. If you buy the key, then then you have to type that number in (As well as your password) to login. Because the number continually changes, and because each number can only be used once it defeats keyloggers and other password stealer.




The key doesn't actually plugin to your computer, so it works with all operating systems, and can't be read by a virus because it isn't connected to your machine.




Well I feel actions speak louder than words.




So just look at our recent efforts to detangle members from the free game. We've been working very hard to make it so the one thing we do sell (members subscriptions) DOESNT give an unfair advantage against free users.




Indeed about the only members benefit you CAN still use on a free world is in fact... extra bank space.. we can't really remove that particular one without horribly breaking everything, so again it's a logical choice for the incentive, as we already have it anyway.




When you look at all the potential revenue we have given up not selling items, and all the work we have been doing to make the free game more free, it seems very unfair to STILL try and claim we are just hypocrites who are in it for the money.




Of COURSE we aren't going to start selling items in the game or introducing our own form of RWT. If we wanted to do that we would a) have done it years ago, and B) we would do in a way which actually made us money! Not this!




The device is powered by a built in battery, which lasts about 5 years.




In terms of people losing their device, yes we would obviously need a system for that. Most simply people who lost it would just be able to buy a new one, and we would just send it out to their address (much like if you lose your credit card your bank sends you a new one).




If they didn't want to buy a new one we would need a mechanism where the old one could be canceled. The trick here would be verifying the legit owner was doing the canceling. There are number of possibilities, we could just mail a cancellation code to the owner (since each key can only be lost once we could built the potential cost of doing that into the initial price), or we could go with a time based reset mechanism (where you have to wait a couple of weeks if you lose it and don't want to buy a new one).




It's still at a very early stage and all the details aren't worked out. At the moment we are just trying to get an idea if there is any interest and if the idea is practical at all. But some banks have been using these things for a while now, so they are quite well proven that they do work.


Winters Omen.png


5,693rd to 99 Slayer on 10/08/2009

Link to comment
Share on other sites

Fair play to Andrew setting the record straight ASAP.




I personally didnt like to think that the security key was for a quick buck but in conjuction with the extra bank space it did look that way. C'mon though how many games companys are willing to spend money to ensure that there players accounts are becoming more secure at the players end?




:thumbup: Jagex

Theres a fine line between not listening and not caring,

I like to think I walk this line every day.

Pinning blame on Jagex is like trying to put pants on an old man.

You both know he needs them, but he'll just keep dancing around, avoiding them at all costs.

Link to comment
Share on other sites

Reading Andrew's posts from other pages, it sounds like he is pretty discouraged about it. Sounds like they're losing money if they go through with it, just to protect our accounts. I hope they go through with it :?

Winters Omen.png


5,693rd to 99 Slayer on 10/08/2009

Link to comment
Share on other sites

Glad he cleared this up, but it still seems like they are selling bank space to me.




Frankly, I think they'd do better if they just spent the money they claim they are losing on hiring more costumer support members and maybe even bring back the option to send Jagex a message about an issue in game. O well I guess by doing this they will save time on account recovery requests. I think the amount of people who will buy it is dependant on the amount of bankspace they offer with it.

Click for My Blog



670th to 99 Smithing July 21st, 07 |743rd to 99 Mining November 29th, 07 | 649th to 99 Runecrafting May 18th, 08 | 29,050th to 99 Defence October 20th, 08 | 20,700th to 99 Magic November 8, 08 | 47,938th to 99 Attack December 19, 08 | 37,829th to 99 Hitpoints December 24, 08 | 68,604th to 99 Strength February 4, 09 | 27,983rd to 99 Range February 9, 09 | 9,725th to 99 Prayer June 8, 09 | 6,620th to 99 Slayer December, 12 09 | 4,075th to 99 Summoning December, 28 09 | 3,551th to 99 Herblore February 24, 10 | 3,192th to 99 Dungeoneering November 11, 10 | 146,600th to 99 Cooking December 29th, 10 | 11,333rd to 99 Construction June 7th, 11 | 16,648th to 99 Farming August 1st, 11 | 19,993th to 99 Crafting August 2nd, 11 | 89,739th to 99 Woodcutting Janurary 1st, 12 | 55,424th to 99 Fishing May 9th, 12| 60,648th to 99 Firemaking May 12th, 12 | 16666th to 99 Agility May 17th, 2012 | 24476th to 99 Hunter June 1st, 2012 | 57,881st to 99 Fletching June 1st, 2012 | All 99s June 1st, 2012 | 3183th to 120 Dungeoneering July 24th, 2012 | 2341st to 2496 Total level July 24th, 2012 | Completionist Cape July 24th, 2012

Link to comment
Share on other sites

That was the kindest middle finger to all the RSOF idiots I've ever seen haha.


"He could climb to it, if he climbed alone, and once there he could suck on the pap of life, gulp down the incomparable milk of wonder."

Link to comment
Share on other sites

Reading Andrew's posts from other pages, it sounds like he is pretty discouraged about it. Sounds like they're losing money if they go through with it, just to protect our accounts. I hope they go through with it :?




Stop fooling yourselves, I'm sure they expect to make money out of it, they lose first then gain:


Jagex probably saw that people who got hacked quit playing very often (and thus stop paying for members). Logical solution is to make sure people don't get hacked.


My example might not be the exact truth but I'm sure that it's close and that Jagex DOES make money out of it when looking at the bigger picture.

Link to comment
Share on other sites

I'm thinking of a few flaws that could come out, even though i would probably get one.




Think about it. They need to MAKE SURE that they are sending these things TO THE PROPER PERSON, and there is NO CHANCE you can somehow get ahold of another's (By pretending to be them that is). Yea, you still need the correct pass with it, but whats stopping someone who already knows a person's pass, to order one, somehow get it, and then basically have 100% control. One thing that I could definitally see happen.




I see a problem with F2P as well. Think about it, Jagex has Member's billing info. They can probably get most right (See above) from that. F2P hasn't given jagex any info, being more prone to that.






Of course, if those are made not possible, then yea, this thing could be great.



the trick is to balance all of these methods to get 99 and either play real life or train another skill while farming.


635th to 99 Farming 12/16/07

Link to comment
Share on other sites

Dragons Might: If the person has the other person's account and they haven't tried to get it back they probably don't care. F2P can just give them their info. The one thing I will be pissed at Jagex for would be if they add these people to mailing lists. Otherwise, as long as people actually buy this and it turns into a useful feature for Runescape, this will be a bonus.

Link to comment
Share on other sites

So these will probably be similar to these authenticators I'm guessing?




[hide=Blizzard Authenticator]0003_2.jpg[/hide]






Yes, very similar to that.




My mother is an accountant, and to protect accounts she works with, her company uses authenticators like that. These aren't silly little bank PINs, these are security devices that are incredibly difficult to bypass unless you physically have it in your hand. I'm very happy that Jagex is truly concerned in keeping people's accounts safe.

Any fool can write a rule, but any fool will mind it




Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.