Hi,
I've noticed the Jagex Security Key poll is causing some heated debate, so thought I'd better pop in and post some clarifications.
The first thing to bear in mind, (which we really should have mentioned in the poll), is we are NOT looking to make a profit from this key. The price is to cover the cost of buying the device and shipping it. In fact these devices aren't particularly cheap and if we do go ahead with this I expect we will probably LOSE money doing it. To be able to get it down to $10 we would almost certainly have to either heavily subsidize the cost of the key (i.e sell it at a loss), or buy in such huge bulk that we would end up with a large number we'd never sell (Still making a loss). So this really ISNT about making some quick money. The main reason for the poll is to see if there is enough interest to make it practical at all.
Now you're probably wondering why we would even consider doing this if we would be losing money. The reason is simple, we're in this for the long run, not for a quick buck, and therefore player satisfaction is extremely important to us. And a player who has had their account stolen (even though due to a keylogger/virus on their own computer) is generally not very satisified! We feel that the benefit of keeping our players safe outweighs the cost, and so we are willing to potentially take a bit of a hit on this.
Which brings us on to the 'bank space' incentive. Which is exactly that... an incentive.
The problem we face is the VAST majority of players don't actually believe they need extra security (until it is too late), and it seems very hard to convince them otherwise. I've been working on computer security for years, and the problem is people assume if they have an antivirus and a firewall and don't tell people their password they are bound to be safe. This ISNT true! It certainly makes you safer, and is a very good idea, but it sadly doesn't make you invulnerable. Even if you are very careful - believe it or not you can still end up with a keylogger on your computer. For starters all of the commonly used web-browsers are written in C++, and repeatedly suffer flaws where if you visit a malicious webpage, even without clicking on anything your computer can be compromised. I'm more up to speed on computer security than most, but I still use a bank pin on my account, and will still be using a Jagex Security key on my account. Because I don't suffer from the delusion that I'm somehow magically immune.
So the problem we face is we know lots of our players lose their passwords, we also know those very same players point blank refuse to believe anything bad could possible happen to them, and think they are secure (until it is too late), and therefore probably won't buy a security key. The evidence for this is clear, just look at our own forums and all the people saying "I'm secure, I don't need a key!". So we started wondering what we could do about that. If we can incentive people to buy a key some other way perhaps we can still protect their account. Of course even if the key does ultimately protect them, they will probably never even realize that it happened, and will probably go on thinking that they didn't need it, but at least their account is secure.
We chose extra bank space for the proposed incentive, because a) we already give extra bank space to members anyway, so this doesn't unbalance things further in any way b) it kind of makes sense that the people with the fullest banks are the ones with most to lose, so the ones who most need a key.
So this isn't about RWT (any more than the members game we already sell isn't about RWT), and it isn't about trying to make a quick profit. It really is simply about keeping our players accounts secure.
If we were in it for a quick buck we would just sell the bank space and forget the loss making key idea entirely (then we WOULD make lots of money), we're not going to do that, because that's not what this is about.
I've noticed the Jagex Security Key poll is causing some heated debate, so thought I'd better pop in and post some clarifications.
The first thing to bear in mind, (which we really should have mentioned in the poll), is we are NOT looking to make a profit from this key. The price is to cover the cost of buying the device and shipping it. In fact these devices aren't particularly cheap and if we do go ahead with this I expect we will probably LOSE money doing it. To be able to get it down to $10 we would almost certainly have to either heavily subsidize the cost of the key (i.e sell it at a loss), or buy in such huge bulk that we would end up with a large number we'd never sell (Still making a loss). So this really ISNT about making some quick money. The main reason for the poll is to see if there is enough interest to make it practical at all.
Now you're probably wondering why we would even consider doing this if we would be losing money. The reason is simple, we're in this for the long run, not for a quick buck, and therefore player satisfaction is extremely important to us. And a player who has had their account stolen (even though due to a keylogger/virus on their own computer) is generally not very satisified! We feel that the benefit of keeping our players safe outweighs the cost, and so we are willing to potentially take a bit of a hit on this.
Which brings us on to the 'bank space' incentive. Which is exactly that... an incentive.
The problem we face is the VAST majority of players don't actually believe they need extra security (until it is too late), and it seems very hard to convince them otherwise. I've been working on computer security for years, and the problem is people assume if they have an antivirus and a firewall and don't tell people their password they are bound to be safe. This ISNT true! It certainly makes you safer, and is a very good idea, but it sadly doesn't make you invulnerable. Even if you are very careful - believe it or not you can still end up with a keylogger on your computer. For starters all of the commonly used web-browsers are written in C++, and repeatedly suffer flaws where if you visit a malicious webpage, even without clicking on anything your computer can be compromised. I'm more up to speed on computer security than most, but I still use a bank pin on my account, and will still be using a Jagex Security key on my account. Because I don't suffer from the delusion that I'm somehow magically immune.
So the problem we face is we know lots of our players lose their passwords, we also know those very same players point blank refuse to believe anything bad could possible happen to them, and think they are secure (until it is too late), and therefore probably won't buy a security key. The evidence for this is clear, just look at our own forums and all the people saying "I'm secure, I don't need a key!". So we started wondering what we could do about that. If we can incentive people to buy a key some other way perhaps we can still protect their account. Of course even if the key does ultimately protect them, they will probably never even realize that it happened, and will probably go on thinking that they didn't need it, but at least their account is secure.
We chose extra bank space for the proposed incentive, because a) we already give extra bank space to members anyway, so this doesn't unbalance things further in any way b) it kind of makes sense that the people with the fullest banks are the ones with most to lose, so the ones who most need a key.
So this isn't about RWT (any more than the members game we already sell isn't about RWT), and it isn't about trying to make a quick profit. It really is simply about keeping our players accounts secure.
If we were in it for a quick buck we would just sell the bank space and forget the loss making key idea entirely (then we WOULD make lots of money), we're not going to do that, because that's not what this is about.
15-16-824-59150300
Page 2
one other things I want to mentioned, which was also accidentally missed out of the poll.
This isn't actually a USB device, it is just USB sized. It WILL work with Linux and Mac. It is a little device with a small LCD screen (like a calculator has) which displays a 6 digit number which changes every minute. If you buy the key, then then you have to type that number in (As well as your password) to login. Because the number continually changes, and because each number can only be used once it defeats keyloggers and other password stealer.
The key doesn't actually plugin to your computer, so it works with all operating systems, and can't be read by a virus because it isn't connected to your machine.
This isn't actually a USB device, it is just USB sized. It WILL work with Linux and Mac. It is a little device with a small LCD screen (like a calculator has) which displays a 6 digit number which changes every minute. If you buy the key, then then you have to type that number in (As well as your password) to login. Because the number continually changes, and because each number can only be used once it defeats keyloggers and other password stealer.
The key doesn't actually plugin to your computer, so it works with all operating systems, and can't be read by a virus because it isn't connected to your machine.
Page 3
Well I feel actions speak louder than words.
So just look at our recent efforts to detangle members from the free game. We've been working very hard to make it so the one thing we do sell (members subscriptions) DOESNT give an unfair advantage against free users.
Indeed about the only members benefit you CAN still use on a free world is in fact... extra bank space.. we can't really remove that particular one without horribly breaking everything, so again it's a logical choice for the incentive, as we already have it anyway.
When you look at all the potential revenue we have given up not selling items, and all the work we have been doing to make the free game more free, it seems very unfair to STILL try and claim we are just hypocrites who are in it for the money.
Of COURSE we aren't going to start selling items in the game or introducing our own form of RWT. If we wanted to do that we would a) have done it years ago, and b) we would do in a way which actually made us money! Not this!
So just look at our recent efforts to detangle members from the free game. We've been working very hard to make it so the one thing we do sell (members subscriptions) DOESNT give an unfair advantage against free users.
Indeed about the only members benefit you CAN still use on a free world is in fact... extra bank space.. we can't really remove that particular one without horribly breaking everything, so again it's a logical choice for the incentive, as we already have it anyway.
When you look at all the potential revenue we have given up not selling items, and all the work we have been doing to make the free game more free, it seems very unfair to STILL try and claim we are just hypocrites who are in it for the money.
Of COURSE we aren't going to start selling items in the game or introducing our own form of RWT. If we wanted to do that we would a) have done it years ago, and b) we would do in a way which actually made us money! Not this!
Page 4
The device is powered by a built in battery, which lasts about 5 years.
In terms of people losing their device, yes we would obviously need a system for that. Most simply people who lost it would just be able to buy a new one, and we would just send it out to their address (much like if you lose your credit card your bank sends you a new one).
If they didn't want to buy a new one we would need a mechanism where the old one could be canceled. The trick here would be verifying the legit owner was doing the canceling. There are number of possibilities, we could just mail a cancellation code to the owner (since each key can only be lost once we could built the potential cost of doing that into the initial price), or we could go with a time based reset mechanism (where you have to wait a couple of weeks if you lose it and don't want to buy a new one).
It's still at a very early stage and all the details aren't worked out. At the moment we are just trying to get an idea if there is any interest and if the idea is practical at all. But some banks have been using these things for a while now, so they are quite well proven that they do work.
In terms of people losing their device, yes we would obviously need a system for that. Most simply people who lost it would just be able to buy a new one, and we would just send it out to their address (much like if you lose your credit card your bank sends you a new one).
If they didn't want to buy a new one we would need a mechanism where the old one could be canceled. The trick here would be verifying the legit owner was doing the canceling. There are number of possibilities, we could just mail a cancellation code to the owner (since each key can only be lost once we could built the potential cost of doing that into the initial price), or we could go with a time based reset mechanism (where you have to wait a couple of weeks if you lose it and don't want to buy a new one).
It's still at a very early stage and all the details aren't worked out. At the moment we are just trying to get an idea if there is any interest and if the idea is practical at all. But some banks have been using these things for a while now, so they are quite well proven that they do work.
The thing to bear in mind is we really aren't interested in selling the bank space. We are interested in selling the keys.
Maybe we should just give up on the bank space incentive idea, and just sell the keys without incentive.
The problem is looking at the poll, look at how few people would buy the key without the bank space. I suspect it would be utterly uneconomical to sell that few and we would have to scrap the idea entirely
Maybe we should just give up on the bank space incentive idea, and just sell the keys without incentive.
The problem is looking at the poll, look at how few people would buy the key without the bank space. I suspect it would be utterly uneconomical to sell that few and we would have to scrap the idea entirely
Page 6
We really are focusing on fixing things and removing needless warnings. It hasn't gone live yet but there is a huge amount of work on that.
The warnings everywhere annoy me too. They don't actually achieve much anyway as the people who NEED to read them, are the ones who don't.
We have been doing a bit of a U turn over the last few months. We have already decided to fix the existing minigames instead of do more. Remember that mob armies started development a very long time ago (before we switched strategy). I realise that launching yet another minigame makes it look like we aren't listening but you have to realize we started it long ago (Back when we were still in minigame mode), and before ppl started asking us to do other types of updates instead.
The warnings everywhere annoy me too. They don't actually achieve much anyway as the people who NEED to read them, are the ones who don't.
We have been doing a bit of a U turn over the last few months. We have already decided to fix the existing minigames instead of do more. Remember that mob armies started development a very long time ago (before we switched strategy). I realise that launching yet another minigame makes it look like we aren't listening but you have to realize we started it long ago (Back when we were still in minigame mode), and before ppl started asking us to do other types of updates instead.
Page 7
Vern Lavey, I've already replied about the idea of splitting the bank space and the key and doing each separately.
The problem is just LOOK at the poll. People won't buy the key without the incentive, so we'd probably have to drop the key idea entirely.
Giving up on the keys, and therefore letting lots of people lose their accounts who wouldn't otherwise will NOT make everyone happy.
The idea in your thread simply does not work. I know it's counter-intuitive and so a bit hard to believe but bizarrely (looking at the poll) the majority of people aren't willing to protect their own accounts unless we incentivize them to do so! (weird yes, but true).
The problem is just LOOK at the poll. People won't buy the key without the incentive, so we'd probably have to drop the key idea entirely.
Giving up on the keys, and therefore letting lots of people lose their accounts who wouldn't otherwise will NOT make everyone happy.
The idea in your thread simply does not work. I know it's counter-intuitive and so a bit hard to believe but bizarrely (looking at the poll) the majority of people aren't willing to protect their own accounts unless we incentivize them to do so! (weird yes, but true).
Page 8
Each device is unique.
Each device generates DIFFERENT numbers. We know exactly which numbers each device will generate and when, and so when you register your device against your account only us (and you) know the number at any one moment in time.
So even if a hacker buys their own key it can't be used to get your account, because it is generating different numbers which would only unlock the hackers own account.
The fact that each device is unique, (And we have to track each one and know which account(s) each goes worth), is a lot of what makes it quite expensive and is why we don't expect to make money on this.
Each device generates DIFFERENT numbers. We know exactly which numbers each device will generate and when, and so when you register your device against your account only us (and you) know the number at any one moment in time.
So even if a hacker buys their own key it can't be used to get your account, because it is generating different numbers which would only unlock the hackers own account.
The fact that each device is unique, (And we have to track each one and know which account(s) each goes worth), is a lot of what makes it quite expensive and is why we don't expect to make money on this.
Page 9
It would be as well as the password.
So even if someone stole it off you, they would still need the password too.
So even if someone stole it off you, they would still need the password too.
Page 10
I don't think the trial membership would work.
a) it wouldn't incentivize members at all!
b) surely a free player (who mistakenly thought they didn't need to be any more secure, and so ignored the actual security aspect) if they just wanted membership would be more likely to spend $5 for a month, than $10 for a week.
a) it wouldn't incentivize members at all!
b) surely a free player (who mistakenly thought they didn't need to be any more secure, and so ignored the actual security aspect) if they just wanted membership would be more likely to spend $5 for a month, than $10 for a week.
Well we really were just trying to get a feel for if it was a good idea or not.
I'm rapidly going off the idea of doing the key entirely.
Given that we were originally working on the basis that a) it would probably cost us money, b) but was the right thing to do for our players
but it now looks like a) it would cost us money, and b) it would make everyone hate us.
It doesn't look very tempting right now.
I'm rapidly going off the idea of doing the key entirely.
Given that we were originally working on the basis that a) it would probably cost us money, b) but was the right thing to do for our players
but it now looks like a) it would cost us money, and b) it would make everyone hate us.
It doesn't look very tempting right now.
