[Suggestion] Runescape iOS app companion featuring an optional fingerprint login guard with an unrestricted time limit for text message backup authentication in order to marginalise the potentiality of hacking.

For those of us using iPhones that use fingerprint authentication, It's not often that we lose our phones or our fingerprint sensors don't work, and even if your phone doesn't have a sensor, the text message system could be used. Everyone who has access to and is playing Runescape as a consumer (discluding chinese gold farmers) in the modern day era has a phone (albeit not all smartphones) on or around their person almost constantly. Statistics show that a large portion of developed countries in the world actually have more phones than there are people.

How is it that hackers are able to brute force, keylog, rat, etc. on Runescape? Because it uses outdated systems of login guard authentication. Even with the latest of Jagex's anti hack system in place, people are still getting hacked left right and centre. A fingerprint is unique to one individual and benefits users in ways of security, due to their industry level encryption, is the way forward for those who would be willing to do so for the sake of their account, as well as naturally providing simplified convenience. Ever since Apple's introduction of iOS 8, giving selected third-party developers the ability for the first time to utilise the secure Touch ID fingerprint sensor has been revolutionary in terms of ease of access and security.

In order for this to happen, Jagex would have to receive approval for their fingerprint authorisation request from Apple, which they would no doubt receive as they are a Private Limited Company with share capital with a large user base, meaning they not only would benefit in raising awareness of the importance of verification to the average consumer through the use of their system but also, albeit far fetched and hinged on the basis of whether or not such an idea would falter, existing RS customers without iPhones might consider purchasing one for this reason.

The reasoning behind why I haven't mentioned fingerprint sensors for Android devices is they do not employ the same safeguard policies on third party fingerprint scanner access and apps would be much easier to duplicate for malicious intent, going beyond that of just RuneScape – creating too much risk for Jagex at present.

Those worried about "PMFG Jagex will have my fingerprint if I use this system!!1" – the verification and encryption of your fingerprint data would be done by Apple, on an iPhone using iOS; not Jagex.

Below is an example of Apple's privacy commitments in regards to Subject Access Requests under the Data Protection Act 1998 in the United Kingdom. Nobody is going to be able to contact apple to obtain your fingerprint, nor the contents of your text messages, as is the former especially is considered highly personal information and only accessible by Law enforcement in extreme circumstances. If your fingerprint sensor doesn't work or you're a devious criminal who has decided to shave off all of your fingerprints to hide your crime since your last login on RuneScape, you'll always have the text message backup.

"When we receive information requests, we require that it be accompanied by the appropriate legal documents such as a subpoena or search warrant. We believe in being as transparent as the law allows about what information is requested from us. We carefully review any request to ensure that there’s a valid legal basis for it. And we limit our response to only the data law enforcement is legally entitled to for the specific investigation.

Apple has never worked with any government agency from any country to create a “backdoor” in any of our products or services. We have also never allowed any government access to our servers. And we never will." – Apple

Lets think about how this would work:

  1. User Logs into Runescape on their desktop using their username and password as normal.
  2. User receives request for fingerprint ID or text message authentication when login successful.
  3. User logs into the Official RuneScape companion app on their iOS device and simply verifies their fingerprint, or waits for a text message if opting to do so.

RE: Lost, stolen phones: Contact your service provider to get a new SIM or have a backup one sent to you just in case, then buy a disposable phone to use the text message system in the time being. Think of this – would you rather get hacked and lose 500m OSRS gold and all of the items you've worked so hard to achieve, or maybe even get your account hacked unrecoverably, or wait a maximum of a few days to play again?

If any of you who have complained about being hacked for hundreds of millions of GP refute this idea in consideration of its potentiality to completely eliminate the chance of your account being hacked, any constructive criticism is welcomed. Please remember that what I am suggesting is to be an optional addition to anyone and would not be a requirement.

Would love to speak to someone at Jagex who is knowledgeable in this area in regards to the potentiality of it and why it hasn't yet been put forward. Feel free to PM me if you like 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: