Neo Avatars
Jul 10 2009, 11:01 AM
While Jagex is a clear industry leader in making our games and infrastructure secure, some of our players’ personal computers have proved vulnerable to account hijacking in the form of viruses, key loggers, phishing websites or players simply revealing their Jagex password. Given these challenges, we are determined that your account remains secure at all times, even if your personal computer has been compromised or somebody else knows your password. We think we have found a solution to these problems: the Jagex security key.
This key looks a bit like a USB dongle, which you will be able to put on your key ring or store in a secure location. The key will reveal a six to eight-digit code that changes every few seconds and is completely unique to you. Type this code into a Jagex login page and you will be able to guarantee that you are secure from any hijacking attempt.
For the techies out there, the key is an ‘Enterprise two-factor authentication solution’. We’re really enthusiastic about its potential to stop hijackers and phishing sites in their tracks, but since this will require significant investment and resources, we aren’t going to make any final decisions without talking to you first. We would like you to head over to the poll system, on the left-hand side of the RuneScape front page, and answer two questions: would you be interested in buying one of these security keys, and what is the most you would be willing to pay?
With the Jagex security key, we would be so confident that your account is secure that we could consider adding expanded bank space to those accounts that are protected by the Jagex security key.
NOTES – it would not be compulsory to buy the security key. It would be an optional means for you to keep your account genuinely secure. The Jagex security key would be available to all countries for a single one-off price. The security key would be available to both free players and members.
While we are enthusiastic about the Jagex security key, there are still a number of variables that could determine whether we can roll this out, ranging from technical challenges and, naturally, players' interest in the device.
Please give us your feedback
Thanks,
Mark Gerhard
Ann
Jul 10 2009, 11:04 AM
This is nice to know, way to go Jagex!
LightSlei
Jul 10 2009, 11:05 AM
They just thought of this, when some other companies started using them months ago (almost a year at this point) and a lot of banks use them? And why the hell don't they just call it an authentication key, because that's what it is.
Dreaded
Jul 10 2009, 11:15 AM
The idea is good and I would buy one if it did, in fact, include expanded bankspace.
To be honest though, $10 is a bit too much for something so... plain.
link-in-sg
Jul 10 2009, 11:19 AM
QUOTE (Dreaded @ Jul 10 2009, 12:15 PM)
The idea is good and I would buy one if it did, in fact, include expanded bankspace.
To be honest though, $10 is a bit too much for something so... plain.
I like the idea, although if your careful you shouldn't have to worry about getting your account hacked. (The added backspace is a plus i would consider if purchasing)
$10 sounds good, i wouldn't pay more then that though.
Emo_Nemo
Jul 10 2009, 11:20 AM
You know if they cared they would just allow us to download the software and put it on a USB stick...
But I guess they want to monetize it.
LightSlei
Jul 10 2009, 11:23 AM
QUOTE (link-in-sg @ Jul 10 2009, 12:19 PM)
QUOTE (Dreaded @ Jul 10 2009, 12:15 PM)
The idea is good and I would buy one if it did, in fact, include expanded bankspace.
To be honest though, $10 is a bit too much for something so... plain.
I like the idea, although if your careful you shouldn't have to worry about getting your account hacked. (The added backspace is a plus i would consider when purchasing)
$10 sounds good, i wouldn't pay more then that though.
...
$10 means there making money on it, if they were just charging for the basic itself without profiting on it, tax included it would be about 7$ max.
QUOTE
They should really have just put it up for download.
QUOTE
You know if they cared they would just allow us to download the software and put it on a USB stick...
Actually it's connected to a server, the number generators read off of each other, so the number generated will be the same on both preventing hacking. Now if you have this attached to your account I would say it's impossible to be hacked.
Also why would they want to make it open source? That'd be a bad idea, I'm not even going to explain why.
Dreaded
Jul 10 2009, 11:24 AM
QUOTE (Emo_Nemo @ Jul 10 2009, 12:20 PM)
You know if they cared they would just allow us to download the software and put it on a USB stick...
But I guess they want to monetize it.
begin sarcasm/ Obviously they need more money, I mean they hardly make any at all!
/end sarcasmThey should really have just put it up for download.
Shpendi
Jul 10 2009, 11:25 AM
I suppose that this would work and that it would be a great addition to keeping Runescape accounts secure (well Jagex accounts as they like to call it).
I wouldn't mind paying up about £10, because that sounds quite reasonable in my opinion.
Sea Rayn
Jul 10 2009, 11:26 AM
QUOTE (Dreaded @ Jul 10 2009, 09:15 AM)
The idea is good and I would buy one if it did, in fact, include expanded bankspace.
To be honest though, $10 is a bit too much for something so... plain.
Plain? Personally I don't care what it looks like if it does the job.
I am pretty confident about my internet security at home, but often use the free internet connection provided by the Cafe next door to where I work to play RS/surf the web when my shop is having a slow day and/or while I am mending/sewing (nothing makes mending more fun like fishing while you work
). You can't always be as sure how well someone else guards their internet. I have antivirus and antispyware but it is always good to be safe, especially since I have worked really hard to get my character where it is today.
I would buy it, and spend up to $20 U.S. if it came with free added bank space, $10 if it didn't.
-REAP-
Jul 10 2009, 11:33 AM
Wow, such an important device! My account will surely get hacked without it! I'll buy one today!
Russki Niko
Jul 10 2009, 11:37 AM
I'll buy one just for the extra bank space if they decide to add it to the game. The extra security is nice too.
Dragonair
Jul 10 2009, 11:38 AM
Hmmmm... like the idea. I probably won't buy it - my acc is around lvl 80, not really a target for hackers. Still, you can't be too careful. Might get it if it includes extra bank space.
Neo Avatars
Jul 10 2009, 11:45 AM
QUOTE (Cxkslei @ Jul 10 2009, 05:23 PM)
$10 means there making money on it, if they were just charging for the basic itself without profiting on it, tax included it would be about 7$ max.
It sounds like a good idea, but pricing seems to be the problem. It's something that'd be good to get out to as many people as possible, so 'twould be best to sell it at manufacture cost so people aren't put off by the price. Yes, Jagex would make no money out of it, but would that
really be a problem? There's then the swings in exchange rates, so there'd need to be some sort of profit margin initially so that after a year they aren't losing £2 on each item sold.
Personally,
Blizzard's pricing seems to be about right at less than £5 (
US$6.50)... though would I be right in saying that there are no in-game benefits for buying it beyond the additional security?
LightSlei
Jul 10 2009, 12:05 PM
QUOTE (Neo Avatars @ Jul 10 2009, 12:45 PM)
QUOTE (Cxkslei @ Jul 10 2009, 05:23 PM)
$10 means there making money on it, if they were just charging for the basic itself without profiting on it, tax included it would be about 7$ max.
It sounds like a good idea, but pricing seems to be the problem. It's something that'd be good to get out to as many people as possible, so 'twould be best to sell it at manufacture cost so people aren't put off by the price. Yes, Jagex would make no money out of it, but would that
really be a problem? There's then the swings in exchange rates, so there'd need to be some sort of profit margin initially so that after a year they aren't losing £2 on each item sold.
Personally,
Blizzard's pricing seems to be about right at less than £5 (
US$6.50)... though would I be right in saying that there are no in-game benefits for buying it beyond the additional security?
That would be correct. Although I doubt you'd need anything else in WoW beyond it, not sure about their other games. Considering your bank can hold up to 140 slots of items, and most items stack up to lots of 20, and it's not as ridiculous as RS where it's I need to have this and this and this. It's a lot easier to keep things organized.
So 140 bank slots from memory + 16 + (4*20) = (96+140) = 236 slots for items. And unlimited slots on the AH where most things will go anyway, similar to the GE whereas there is only 6 slots though for members, 2 for free.
Honestly, if anything, what would tempt me to buy it would be both an increase in bank space, (at least 10 slots), and an increase on how many things I can sell on the GE or GE increase on the limit of things I can buy in one hit.
error404
Jul 10 2009, 12:15 PM
If your a member it is worth getting, think about it, a month is £4, 2 is £8, many players play for like about say....24 months so that is £96 but if your account gets hacked, you lose all that money, if you buy it, you only lose $10 which isn't so bad.
For f2p it isn't such a big deal.
Natt39
Jul 10 2009, 12:27 PM
QUOTE (Dreaded @ Jul 10 2009, 05:24 PM)
QUOTE (Emo_Nemo @ Jul 10 2009, 12:20 PM)
You know if they cared they would just allow us to download the software and put it on a USB stick...
But I guess they want to monetize it.
begin sarcasm/ Obviously they need more money, I mean they hardly make any at all!
/end sarcasmThey should really have just put it up for download.
Software can be hacked plus its not software at all it's hardware...
For those that dont know how these things work they all pre-set with a start time, that could be anything and its diffrent for each device.
The moment the battery is put in it begins counting. The amount it counts up by is diffrent for each device too and its irregular. So it could add on 2s to the 'start time' then 5s then 1523s and then back to 2s agan. No one would ever know so its uncrackable.
A server somewhere would know the serial number of the device and the amount that device was supposed to count up. So when you enter the number the client checks the server for the number its supposed to have at that time against the number you entered and voila your in. Just like it checks if your password is the same that is stored on the server.
Arianna
Jul 10 2009, 12:33 PM
QUOTE (Emo_Nemo @ Jul 10 2009, 05:20 PM)
You know if they cared they would just allow us to download the software and put it on a USB stick...
But I guess they want to monetize it.
QUOTE
They should really have just put it up for download.
/facepalm
Please explain how exactly somebody in control of your computer cound suddenly find it impossible to control a piece of software on your computer...
QUOTE
And why the hell don't they just call it an authentication key, because that's what it is.
Is it THAT important to call it however you may wish? If they're deciding to brand it in some way, what's so horribly wrong with that?
Besides that, it's called a
security token, not an "authentication key".
I'd rather see them use a disconnected token for added security, but I guess any physical device may do.
Emo_Nemo
Jul 10 2009, 12:40 PM
QUOTE
Please explain how exactly somebody in control of your computer cound suddenly find it impossible to control a piece of software on your computer...
Or nevermind this article is just an epic failure at explaining how the thing works.
stonedgolem
Jul 10 2009, 12:45 PM
It sounds pretty interesting
havocdemonzkrew
Jul 10 2009, 01:05 PM
Jagex just drains more of our money!
Superkid711
Jul 10 2009, 01:09 PM
Rather than typing the code in, I'd just like to type in my password then be presented with a prompt to plug in the key. I do that, then I log in. It gives it the code automatically.
I use a Mac so obviously my computer's pretty secure, but there are other uses for this. For one thing, since it relies on a physical device, it would be safer to log in on different computers when you're off on vacation or something. Logging in with a different IP sets off a red flag at Jagex but if it were a security key account it may be overlooked since it's likely the same person anyway.
Plus, you never know how vulnerable a computer you aren't familiar with is. This would help a lot.
Oh yeah, and the bank space.
QUOTE (havocdemonzkrew @ Jul 10 2009, 12:05 PM)
Jagex just drains more of our money!
... it's not like it's mandatory.
Natt39
Jul 10 2009, 01:11 PM
QUOTE (havocdemonzkrew @ Jul 10 2009, 07:05 PM)
Jagex just drains more of our money!
Then don't buy it.
QUOTE (Superkid711 @ Jul 10 2009, 07:09 PM)
Rather than typing the code in, I'd just like to type in my password then be presented with a prompt to plug in the key. I do that, then I log in. It gives it the code automatically.
The moment you plugged it in, whatever software that you had on you computer that is designed to steal your account could 'hack' the key and then it would completely negate the point.
havocdemonzkrew
Jul 10 2009, 01:15 PM
It's not the point of choosing not to buy it or not.
This is a simple online game, it's not like life or death such as banks and such.
If players have common sense and watch what they do online, they're perfectly safe.
Though, I guess it's suitable since enfants now seem to play this game more and more.
Realsies
Jul 10 2009, 01:32 PM
QUOTE (Cxkslei @ Jul 10 2009, 12:05 PM)
They just thought of this, when some other companies started using them months ago (almost a year at this point) and a lot of banks use them? And why the hell don't they just call it an authentication key, because that's what it is.
Yeah, because most games have bank level security
on topic: I would buy one, just to have the extra bank space if it comes out.
Ambo100
Jul 10 2009, 01:32 PM
Depending on how much bankspace it gives I would buy it
Cattius
Jul 10 2009, 01:39 PM
I thought this was a joke when I first saw it
I suppose it would be good for people who aren't knowledgable about keeping their computer secure, or who frequently use insecure computers to play RS, like a computer in an internet cafe. Personally however, I only use my own computer to play Runescape, which I am confident is secure, and I'm not fussed about the bank space - I get perfectly enough as a member.
[offtopic] On a side note, my dad has a card, similiar to the USB key Jagex are suggesting, that generates a random 10-digit number that is part of the security to connect to his work
[/offtopic]
Natt39
Jul 10 2009, 01:46 PM
QUOTE (Cattius @ Jul 10 2009, 06:39 PM)
[offtopic] On a side note, my dad has a card, similiar to the USB key Jagex are suggesting,]
They're not suggesting a USB Key at all... The device would not interface with your computer in anyway.
You'd have a read out with a number that you would type in.
Bergin
Jul 10 2009, 01:49 PM
I dont see why everyone is complaining. Its not like you HAVE to buy it. And so what if theyre making money from it THEYRE A BUISNESS!!
Arianna
Jul 10 2009, 02:05 PM
QUOTE
They're not suggesting a USB Key at all... The device would not interface with your computer in anyway.
You'd have a read out with a number that you would type in.
QUOTE (first post)
looks a bit like a USB dongle
...wat.
There are USB security tokens. What you're referring to are 'disconnected' tokens (I have one).
QUOTE
The moment you plugged it in, whatever software that you had on you computer that is designed to steal your account could 'hack' the key and then it would completely negate the point.
Since the key changes every X amount of seconds (my bank one changes every 60 seconds), unless a hacker is viewing your activities live (which almost never happens) that would not be a problem.
Diabba
Jul 10 2009, 02:26 PM
I would buy it for $10 if it gave at least 20 extra bank spaces.
~D
Ajonesse
Jul 10 2009, 02:35 PM
Great for those who either are unsure about their computer security or use a variety of unfamiliar computers. Also good for frequently targeted accounts.
Its not like you have to buy it anyways. Depending on the bank space I may think about it.
Natt39
Jul 10 2009, 02:41 PM
QUOTE (Arianna @ Jul 10 2009, 08:05 PM)
QUOTE
They're not suggesting a USB Key at all... The device would not interface with your computer in anyway.
You'd have a read out with a number that you would type in.
QUOTE (first post)
looks a bit like a USB dongle
...wat.
There are USB security tokens. What you're referring to are 'disconnected' tokens (I have one).
______
QUOTE (Arianna @ Jul 10 2009, 08:05 PM)
QUOTE
The moment you plugged it in, whatever software that you had on you computer that is designed to steal your account could 'hack' the key and then it would completely negate the point.
Since the key changes every X amount of seconds (my bank one changes every 60 seconds), unless a hacker is viewing your activities live (which almost never happens) that would not be a problem.
It's not completely random the hacker could very easly emulate the program, or at the very least find out the algorithm for the number change and the orginal number.
Superkid711
Jul 10 2009, 02:52 PM
QUOTE (havocdemonzkrew @ Jul 10 2009, 12:15 PM)
It's not the point of choosing not to buy it or not.
This is a simple online game, it's not like life or death such as banks and such.
If players have common sense and watch what they do online, they're perfectly safe.
Though, I guess it's suitable since enfants now seem to play this game more and more.
Common sense on the internet isn't that common I'm afraid.
Mr Game and Watch
Jul 10 2009, 03:15 PM
I'd buy just for the bank space.
Arianna
Jul 10 2009, 04:19 PM
QUOTE (Natt39 @ Jul 10 2009, 09:41 PM)
QUOTE (Arianna @ Jul 10 2009, 08:05 PM)
QUOTE
They're not suggesting a USB Key at all... The device would not interface with your computer in anyway.
You'd have a read out with a number that you would type in.
QUOTE (first post)
looks a bit like a USB dongle
...wat.
There are USB security tokens. What you're referring to are 'disconnected' tokens (I have one).
______
QUOTE (Arianna @ Jul 10 2009, 08:05 PM)
QUOTE
The moment you plugged it in, whatever software that you had on you computer that is designed to steal your account could 'hack' the key and then it would completely negate the point.
Since the key changes every X amount of seconds (my bank one changes every 60 seconds), unless a hacker is viewing your activities live (which almost never happens) that would not be a problem.
It's not completely random the hacker could very easly emulate the program, or at the very least find out the algorithm for the number change and the orginal number.
Emulate the program?
The Initiative For Open Authentication (OATH) algorithm is public. Then again, one would have to guess the original number, and one would also have to guess any extra algorithms applied, and the actual date and hour when the algorithm started being applicated.
Good luck!
Besides that,
hash chains are usually applied. I **highly** doubt that any kind of self-respecting hacker with the resources to crack hash chains (assuming it is actually possible) would target RuneScape passwords rather than bank accounts.
At the "looks a bit like a USB dongle" bit, it's unclear. Is it a device that automatically transmits the authentication code? Is it exactly the same as a disconnected token but relying on an USB port for powering its display?
Kaibamanjrs
Jul 10 2009, 04:25 PM
I think they did this with world of warcraft too. I suppose it would be good, but i prefer just to keep my account safe the normal way for now.
Superkid711
Jul 10 2009, 05:21 PM
QUOTE (Arianna @ Jul 10 2009, 03:19 PM)
QUOTE (Natt39 @ Jul 10 2009, 09:41 PM)
QUOTE (Arianna @ Jul 10 2009, 08:05 PM)
QUOTE
They're not suggesting a USB Key at all... The device would not interface with your computer in anyway.
You'd have a read out with a number that you would type in.
QUOTE (first post)
looks a bit like a USB dongle
...wat.
There are USB security tokens. What you're referring to are 'disconnected' tokens (I have one).
______
QUOTE (Arianna @ Jul 10 2009, 08:05 PM)
QUOTE
The moment you plugged it in, whatever software that you had on you computer that is designed to steal your account could 'hack' the key and then it would completely negate the point.
Since the key changes every X amount of seconds (my bank one changes every 60 seconds), unless a hacker is viewing your activities live (which almost never happens) that would not be a problem.
It's not completely random the hacker could very easly emulate the program, or at the very least find out the algorithm for the number change and the orginal number.
Emulate the program?
The Initiative For Open Authentication (OATH) algorithm is public. Then again, one would have to guess the original number, and one would also have to guess any extra algorithms applied, and the actual date and hour when the algorithm started being applicated.
Good luck!
Besides that,
hash chains are usually applied. I **highly** doubt that any kind of self-respecting hacker with the resources to crack hash chains (assuming it is actually possible) would target RuneScape passwords rather than bank accounts.
At the "looks a bit like a USB dongle" bit, it's unclear. Is it a device that automatically transmits the authentication code? Is it exactly the same as a disconnected token but relying on an USB port for powering its display?
... you own so much for knowing what you're talking about.
It seems like what it does is it connects to Runescape and displays the code on your computer so you can type it down. But like I said, I'd rather it just automatically transmitted the code to the game when you plugged it in... so it'd be kind of like a real key.
But yeah, I'd do it just for the bank space and the ability to play the game on any able computer wherever I go.
Natt39
Jul 10 2009, 05:33 PM
QUOTE (Arianna @ Jul 10 2009, 10:19 PM)
and one would also have to guess any extra algorithms applied, and the actual date and hour when the algorithm started being applicated.
Hmmm... Didn't think of that....
Anyway I still think were talking about something like this
http://en.wikipedia.org/wiki/File:Token_Verisign.JPG rather than a USB device.
QUOTE
The key will reveal a six to eight-digit code that changes every few seconds and is completely unique to you. Type this code into a Jagex login page and you will be able to guarantee that you are secure from any hijacking attempt.
Besides it would be much easier to use I dont really fancy crawling round back of the computer each time I want to play.
Emanick
Jul 10 2009, 05:38 PM
QUOTE (Emo_Nemo @ Jul 10 2009, 01:40 PM)
QUOTE
Please explain how exactly somebody in control of your computer cound suddenly find it impossible to control a piece of software on your computer...
Or nevermind this article is just an epic failure at explaining how the thing works.
I read the article, and despite knowing very little about computer security I got that part fine. Pretty much every part...
The only thing I'm concerned about is that if I bought this, I wouldn't be able to play RuneScape everywhere because I wouldn't want to carry around my Jagex security key to any place I went - I lose everything I own eventually, the only exception so far is my wallet and furniture.
Natt39
Jul 10 2009, 05:43 PM
QUOTE (Emanick @ Jul 10 2009, 11:38 PM)
QUOTE (Emo_Nemo @ Jul 10 2009, 01:40 PM)
QUOTE
Please explain how exactly somebody in control of your computer cound suddenly find it impossible to control a piece of software on your computer...
Or nevermind this article is just an epic failure at explaining how the thing works.
I read the article, and despite knowing very little about computer security I got that part fine. Pretty much every part...
The only thing I'm concerned about is that if I bought this, I wouldn't be able to play RuneScape everywhere because I wouldn't want to carry around my Jagex security key to any place I went - I lose everything I own eventually, the only exception so far is my wallet and furniture.
Keep it in your wallet?
Just a thought though... Wont it likely be Runescape Branded? Couldn't that be... Embarrassing.... in certain situations?
Bergin
Jul 10 2009, 08:26 PM
Maybe scratch the runescape icon off or put a sticker over it? Its not like you have to show everyone you bought a rs keyring lol. unless a raccoon gets your keys...
the mon
Jul 10 2009, 08:43 PM
Wow...that's some security
But what if that usb dongle gets stolen too?
Edit: Ok...what's the chance of that? Something that looks like a flashdrive with the Runescape/Jagex logo on it.
Emanick
Jul 10 2009, 10:45 PM
QUOTE (Natt39 @ Jul 10 2009, 06:43 PM)
QUOTE (Emanick @ Jul 10 2009, 11:38 PM)
QUOTE (Emo_Nemo @ Jul 10 2009, 01:40 PM)
QUOTE
Please explain how exactly somebody in control of your computer cound suddenly find it impossible to control a piece of software on your computer...
Or nevermind this article is just an epic failure at explaining how the thing works.
I read the article, and despite knowing very little about computer security I got that part fine. Pretty much every part...
The only thing I'm concerned about is that if I bought this, I wouldn't be able to play RuneScape everywhere because I wouldn't want to carry around my Jagex security key to any place I went - I lose everything I own eventually, the only exception so far is my wallet and furniture.
Keep it in your wallet?
Just a thought though... Wont it likely be Runescape Branded? Couldn't that be... Embarrassing.... in certain situations?
It's a security key for computers. Deal with it, it's already nerdy.
Edge_Rocker
Jul 11 2009, 05:10 AM
Looks interesting and i'll buy it. It's a system used by many banks today for online banking. I'm guessing on RS it will be on a slightly simplified scale, but still as many have stated before, it is basically uncrackable.
If the key gets stolen... there is always the LogIn name.. and the password.. and the bank pin to go throu.
Tree
Jul 11 2009, 09:58 AM
Ooh, that sounds extremely useful! If they are going to release this, i will definitely buy it.
Rurex
Jul 11 2009, 11:24 AM
Sound interesting... But I think my account is secure enough right now.
I lol'd the name of the new db
daviessa
Jul 11 2009, 11:46 AM
shame it wouldnt be free cuase memership is allready 3.50 but tis a really gd diea especially some poeples high lvled acconuts
Arianna
Jul 12 2009, 05:59 AM
Cattius
Jul 12 2009, 10:23 AM
QUOTE (daviessa @ Jul 11 2009, 05:46 PM)
shame it wouldnt be free cuase memership is allready 3.50 but tis a really gd diea especially some poeples high lvled acconuts
They couldn't really make it free though - they'd be working at an incredible loss.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.