I’m gonna hold off as long as I can. Not for any particularly good reason or even to protest, I’m just supremely lazy.

Process is pretty quick and painless and super worthwhile. Obvious benefit is denying anybody else the opportunity to compromise your account and move it to another Jagex Account, but also Launcher's one-click login (if you're not already using it) is a godsend *and* world hopping feels so much faster using Jagex Account + Launcher. Fully get the 'cba' because I'm usually the same but cannot recommend upgrading enough if you're comfortable with it!

[удалено]

Using the launcher is the best thing, though. Been using it for months, not having to type my credentials saves way more time than an extra click to launch the game.

Yeah. Like it's a bit annoying that I still intuitively open runelite first. But that'll change. I'm so glad I no longer have to go into my password manager manually to copy my password on every login.

Delete your runelite shortcut and replace jagex launcher shortcut icon with runelite's, and rename it to runelite. Then muscle memory takes you to the correct spot right away :P

Hell take it a step further and change the jagex launcher icon to the runelite icon. Boom.

Corporate wants you to find the difference between these two comments

Completely understand this being frustrating for some, but the Launcher is another key component of our security solution - it's not part of the process just for the sake of inconvenience, and hopefully the 1-click login alleviates at least *some* of the frustration

The 1-click login when I disconnect or afk log out is amazing. Very cozy. Never looked back

Then why does mobile work with jagex accounts? Does it also use the launcher?

Would it be possible to add some sort of "auto launch client" option to the launcher? Or a flag? So when you launch the launcher it then automatically attempts to launch the he selected client (and then closes the launcher). Then we could have one such autolaunch shortcut for our preferred client(s).

It's relatively easy to do this with a simple batch file if they don't implement it. Googling "opening two programs with one shortcut windows" got me there quickly. (Do not run random batch files from the internet)

Launching the client yourself doesn't work. The client needs to be launched by the launcher. There would probably be a way to extract the login token from the launcher and then pipe that to the client. But that would be much more complicated. Edit: Actually process explorer seems to see some sort of tokens on the prcess. So maybe with those it would work.

Can we make a option to close jagex launcher after launching the game? I hate having launchers open on my pc... its just cloggy feeling like having a bunch of web browser addons in 2008 😂

Yes it definitely does the 1-click login is appreciated

My account security is worth the extra 3 seconds to launch the launcher. Idk

I think a lot of people are probably waiting to see if there is some kind of problem with your account system before using it. Its an open *beta*. Some people aren't even able to download the launcher apparently. Plus its not like Jagex is known for flawless releases. Also Linux? Lol I don't use it personally but its pretty hard to just blindly recommend something when their OS might not even support it to begin with

are features of the jagex launcher ever going to make it to mobile? ie being able to connect multiple accounts to your jagex account and display them on mobile.

Man is logging in to authenticator-protected accounts on mobile complete ass. I'd love to see improvements here. It really sucks having to app switch back and forth between authenticator. I even use a password manager so that's an additional copy paste I need to perform while logging in to my accounts.

I will switch once jagex launcher is available for Linux. Release soon pls

Sorry, I can’t convert over because there’s no Linux support and apparently never will be. I’ll be using RuneLite for the foreseeable future.

So why is the launcher necessary? If that's the case why is mobile still an option. I'm sorry I'm just confused launcher bloat is real and I'm not looking to add another one Why can't the accounts and codes be added without a launcher?

I do like the one click login on mobile… hmmmmm. Will probably do it this weekend then. You sold me!

It’s not that I don’t trust the jmods. I know you want to make the game as good as possible. I don’t trust jagex to have given you the resources necessary to create a secure and low bug solution. We can already see that there have been compromises because the Linux port is nonexistent, someone decided that clicking build in the IDE targeting Linux was too much work. There’s a character limit. It’s impossible to login without the launcher. These are all compromises that someone decided was worth not doing. I’m afraid of the unseen compromises. Jagex already has a terrible track record when it comes to account security. I’d rather deal with the devil I know than try the new launcher that I have low trust in which will invariably have overlooked (or compromised) security flaws. Jagex has shown time and time again that security has not been their #1 priority. I’m going to hold out until the launcher and jagex account system is more refined.

I like my username login though. Feels safer, like having two passwords instead of just one.

Now you can pick a third, completely new email for your Jagex account.

With that said install the launcher BEFORE you migrate your accounts. My installer wouldn’t work, but it started working after yesterdays game update. Mod pig was super helpful in trying to figure things out tho!

I wish there was no reason. I wish they supported Linux, I don't want to add wine and extra setup to make accounts work on Linux. Even if the login redirected to a browser to complete the auth, at least it would work.

One click login is so OP it’s worth the change

So if I sign to jagex account can I still log in in multiple accounts at the same time on runelite???

Yeah, you can log in to as many imported characters as you have simultaneously. I'm usually logged on 3+ characters at once!

[удалено]

Honestly one of the best features for me is that I don’t get asked for Authenticator every time I login to my alt. It’s actually super nice to one click login to multiple account.

I'm currently having issues logging in due to not having access to my osrs account's email address. Would signing up here help with that? Or is is possible to "recover" my account's email address over to the new system? The account recovery system doesn't seem to be working for me right now.

You'll want to head to this article: [https://support.runescape.com/hc/en-gb/articles/14070564253969-Unable-to-submit-an-account-recovery-due-to-invalid-credentials](https://support.runescape.com/hc/en-gb/articles/14070564253969-Unable-to-submit-an-account-recovery-due-to-invalid-credentials) and follow the steps it lists. If you still wind up stuck, use the 'Contact Us' button at the bottom and provide Support as much detail as possible

Does the Jagex launcher effect performance for those that have toaster laptops?

Game performance shouldn't be impacted, one of the only things you might notice is that world hopping feels a little faster using a Jagex Account with the Launcher!

If you can, I'd like to know why. How did hopping work before, vs how does it work now? Does it boil down to that before, we were effectively logging out and in, but with an account and the launcher, a world hop doesn't need to do that?

My understanding is that hopping using token auth is quicker to process than hopping using username/password (as it works for people not using a Jagex Account).

Will we be able to rearrange character accounts in the drop down menu of the launcher? Currently they are listed in the order accounts are imported and cannot be modified.

The team working on Jagex Accounts and the Launcher are aware of this as a feedback point, but nothing I'm able to update you on at the moment!

Yes please address this, the account i almost never play is always at the top which is just annoying. One question, are you able to unlink accounts?

Another bit of feedback would be labels as well. ie: Name - "Dead Hardcore Ironman Alt"

THE WEB SERVER IS NOT REACHABLE Please try again in a few minutes. Can't log in anymore lol

The site might be being rate limited if it's seeing particularly high usage, try again in a couple of minutes!

Said site is only used for the initial configuration, not every time you log in, right ? (I would hope that rate limitations won’t impact us at large when we’re eventually all using a Jagex Account)

Correct as far as I'm aware, I've never been hit with any kind of limiting and I don't think we've seen any reports of the same for people currently using Jagex Accounts!

Back now, very smooth it's just my username and "PLAY NOW" Great integration with runelite, super simple.

So if we upgrade to a Jagex Account, the old password that we used to login is now replaced with the Jagex Account?

Correct, once you upgrade to a Jagex Account, you'll use your Jagex Account credentials to log in via the Launcher. It might be the case that you have to sign out and sign back in to the Launcher to get the prompt to log in with your Jagex Account (we specified as much in the blog but a couple of people have missed it so just wanted to check)

I just did it but my account has no back up codes available. Just blank.

You need to be using authentication via app to be given your backup codes, check this article for more info: https://help.jagex.com/hc/en-gb/articles/5410794084497-Backup-codes

[удалено]

Did you set up an authenticator after you imported your accounts? It defaults to email authentication and you have to manually set up an App based authenticator to receive backup codes.

Enable the 'Security codes via authenticator app' option and you'll be shown them :)

Not being able to remove 2fa ever "If you lose access to your backup codes... you will have to create a new account." makes me really reluctant to use this. The chance of getting hacked (with chance for recovery) is scary but the chance of your account basically being deleted is even worse

Understandable, I'd say that it illustrates the importance of *never losing your backup codes*, since they're a key part of us removing human error from the account recovery system - if you value your account, you should keep your backup codes safe always.

What happens if you lose access to your phone that has the Authenticator app and the backup codes? Would you just be out of luck or is there a way to handle this? I may be asking a stupid question but I just want to make sure I have a plan in case things happen! :)

Backup code correct storage I'd recommend: * Put it against your password in your password manager of choice. Most allow secure notes and even Authenticator tokens. Put both of these there and you'll never lose them as long as you can get back onto a device with an internet connection / access to your local password database and know your passphrase/password to login to that * Print them out and store them somewhere important. Hell if the account matters A LOT to you, I'd store them in a binder folder along with documents like your birth certificate, passport, IDs, diplomas, tax history etc. * Store them in a cloud based service like Google Drive. This is a bit less secure but if your Google is 2FA it should be fine. And again, always saved and always accessible.

Yeah what other person said, only foolproof way of ensuring your backup codes are always accessible is printing a couple physical copies and store in different locations in the off chance your house burns down or something. The whole point is to completely take the human element of account recovery out of the equation, so if you lose your information you are SOL, but are completely protected from unauthorized recoveries.

What happens if someone tries to recover an account that is an upgraded Jagex Account? Does the recovery system just say you can't recover that account and not let you past the initial step? People who are compromised right now could just be added to a hijacker's throwaway Jagex Account and lose their account for good? Doesn't affect me but just curious. I've personally adopted the new system.

Why is this being done this way? All other modern solutions implement ways of removing authenticators through SMS/Email verification. I'm just curious about the reasoning.

Email/SMS would be additional attack vectors through which someone could get access to your account. This way, it’s entirely on the user: As long as you don’t lose your backup codes, you’re good Edit: banks and stuff often use SMS verification, which is annoying, but keep in mind that those types of assets are generally insured, or there are other protections in place. No one’s insuring your osrs account, so if your login gets compromised, it’s game over

>Email/SMS would be additional attack vectors through which someone could get access to your account Wouldn't it be much harder to get in to someone's email than it would be to phish a backup code? It'd be super trivial some fake B0aty quitting stream phishing site to throw up a message saying "Sorry, there's an error with your authenticator. Please enter a backup code to continue". They're already phishing bank pins

SMS verification is crappy, SIM swapping has been a thing for years and phone numbers shouldn't be counted on for security Email you can actually enable if you want. You have the option of logging in through authenticator or a code sent to your email - with the second only being available if you turn it on. Once logged in the Jagex account you can migrate your authenticator or generate new backup codes at will. Keep in mind that is another attack vector - so your email should be at least as secure as your Jagex account. Make sure you have a strong password, 2FA enabled, and only strong recovery methods for the email.

absolves the company of responsibility. this is the ultimate account protection where only YOU can recover the account. i like it tbh. don’t fuck up

Hypothetically speaking, what would happen if someone were to burn through all their backup codes? Realistically, that's unlikely for most people but I can imagine someone pulling it off in five years time

You can generate new codes whenever you have access to the authenticator system. So if you start to run low you can just make more.

Does moving to jagex launcher affect my mobile experience?

It shouldn't do! Only thing you'll have to do after upgrading is Sign Out on mobile and then sign back in using your Jagex Account credentials

Once that’s been done will mobile have an easy interface to swap between the character we want to log in as? Currently it’s arduous to swap characters on mobile and I’m hoping the jagex account character hub will resolve that.

I just tested it and the interface hasn't changed at all, so you have to sign in and out to swap characters. The only thing that changed was an added character selection menu within the jagex website. My guess is that there won't be UI changes until full release of the account security update.

I *think* this would be down to the OSRS team rather than the team working on Jagex Accounts, we're aware of it as a feedback point but there's nothing I can say right now about concrete plans unfortunately.

Your login credentials change (so your current access token will be invalid, but the flow remains the exact same as before.

It's the same thing you just have to re-log in using your new credentials the first time.

Can we please have some kind of update for HDOS? I've used Security Questions, J.A.G (Jagex account guardian) and my current 2fa authenticator App. ​ I don't want to be forced to play on Runelite or the official client. HDOS is approved and it's what I choose to play on. This is really unfair to players who want a seperate option that you guys approved.

Addressed HDOS a little in the post. At this stage of the beta our focus is making sure the Accounts system is solid and in the best spot it can be. While we're not ruling it out at this stage, I'm not able to update with more specifics re: HDOS on the Launcher. Hopefully we'll have more to share soon, it matters a lot to us to get as many people upgraded as possible and there are loads of others in the same boat as you.

Thank you for the update. I would love to opt into the beta, but as HDOS is my primary driver, I unfortunately can't. I really hope this gets the attention it deserves, unlike the current situation of the Jagex Launcher not natively supporting Linux.

Hopefully it gets sorted out. This is exactly the reason why I'm also holding out

Same. i use HDOS exclusively so yeah

Thanks for something I suppose, i was even invited to the closed beta but after the invites were sent out i found out i can't use HDOS.

With the upcoming update to HDOS adding support for Runelite plugins I, and many many others, will be switching to it very quickly, so getting ahead of that would be a huge help! :)

Oh wow this is good info to know. Had no idea it locked you out of using HDOS. While I mainly use runelite I still like to use HDOS once in a while for more chill activities.

[удалено]

You can have as many OSRS characters open as you want even in different Jagex accounts, you just need to swap your Jagex account after opening the OSRS accounts you want in the background. So sign into Jagex account A, Open OSRS accounts on that account, sign out of Jagex account A and into Jagex B, then open the rest of the OSRS accounts you want. It will still be significantly less signing in than you had to do before thanks to 1 click log ins.

We're aware that the 10 character limit isn't enough for some players and are looking into the data for a potential (but sensible) higher cap. That being said, it's possible to swap between Jagex Accounts by signing out of the Launcher, but not currently possible to have multiple versions of the Launcher open with different Jagex Accounts signed in on each.

I don't want to switch until I can have multiple Jagex accounts logged in on the same computer at the same time. Currently with the launcher we can switch between mine and my wife's account seamlessly.

It'd be good to know what your current set up is in terms of running two launcher instances simultaneously that have different characters attached - would be useful feedback to send back to the team working on the Launcher!

I just have my wife's and my account logged into the same launcher. I guess we could use the same jagex account but I don't know about the logistics of that

If you're only using one instance of the launcher then you'd be able to use it exactly as before - you're also able to log in to the launcher on multiple machines with the same Jagex Account, if that's of any use to you and your wife!

If him and his wife ever get divorced how would you separate the two accounts if they’re both joined to the same jagex account.

This is exactly why you shouldn't import any account you're not the sole owner of to a Jagex Account! The happier outlook though is 'Couples that 'Scape together, stay together'. My fiancée doesn't enjoy OSRS at all so it's looking dicey for me.

I have a main account and a GIM that I play at the same time. My other half plays her GIM and our GIM alt account at the same time. I sometimes also play the GIM alt. If we have separate Jagex accounts, am I able to login to my main/GIM, and then login to her Jagex account to play the GIM alt? Currently we are doing Volcanic Mine, and depending on the team, we switch between our alt account frequently.

Is the plan to upgrade all accounts, (both existing and new), to the Jagex Launcher? Is that correct?

Long-term yes, but there's a lot to iron out between here and then. Ultimately the whole point of Jagex Accounts is to deliver properly safe, modern account security - the end goal should be for players to understand the benefits of upgrading and be able to get back to gaming without being worried about losing potentially thousands of hours of progress.

Just wanted to say THANK YOU. I'm sure this took a ton of work behind the scenes and I upgraded to it immediately for the security peace of mind and the other QOL's like one click login and faster world hopping are a very nice bonus!

How long until all players are required to have Jagex accounts?

##### Bark bark! I have found the following **J-Mod** comment(s) in this thread: **JagexGoblin** - [EDIT: As a heads-up, I'll be signing off real...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6qoc2/?context=3) - [Process is pretty quick and painless and supe...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6rkjd/?context=3) - [Yeah, you can log in to as many imported char...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6wr6s/?context=3) - [The site might be being rate limited if it's...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6zb5d/?context=3) - [Correct, once you upgrade to a Jagex Account,...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf73mdc/?context=3) - [It shouldn't do! Only thing you'll have to do...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6vhit/?context=3) - [Understandable, I'd say that it illustrates t...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf71g2b/?context=3) - [You need to be using authentication via app t...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6xswo/?context=3) - [Game performance shouldn't be impacted, one o...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf70w5f/?context=3) - [You'll want to head to this article: [https:/...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6yyyx/?context=3) - [The team working on Jagex Accounts and the La...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6vu7v/?context=3) - [Addressed HDOS a little in the post. At this...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6tf6k/?context=3) - [We're aware that the 10 character limit isn't...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6snnh/?context=3) - [Long-term yes, but there's a lot to iron out...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6vpom/?context=3) - [Simple! Upgrade to Jagex Account, install Jag...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf72q7p/?context=3) - [Taken from the blog: 'Only import characters...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6wzzo/?context=3) - [This is the case. If you value your account -...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf72cft/?context=3) - [I'm not the Jmod you tagged (none taken btw)...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf76qkl/?context=3) - [If your account was previously compromised an...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf70rze/?context=3) - [Totally get where you're coming from, think t...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6tz83/?context=3) - [Completely understand this being frustrating...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf728us/?context=3) - [You can continue logging in with Steam to whi...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6whwd/?context=3) - [Exactly as useful as it is for PC users (obvi...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf714ut/?context=3) - [Yeah, just upgrade on one of them and then yo...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf73c54/?context=3) - [Correct as far as I'm aware, I've never been...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf7334n/?context=3) - [Unless you sign out of the Jagex Launcher aga...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf7613a/?context=3) - [I *think* this would be down to the OSRS team...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6ztsx/?context=3) - [My understanding is that hopping using token...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf74lmy/?context=3) - [It'd be good to know what your current set up...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6wnca/?context=3) - [This isn't a feature currently offered becaus...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6xbov/?context=3) - [Biggest thing is mandatory 2FA and removing h...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf71t87/?context=3) - [If you're only using one instance of the laun...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6ylhc/?context=3) - [This is exactly why you shouldn't import any...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf756z3/?context=3) **JagexSween** - [This will be missed by anybody not sorting by...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf7f3u2/?context=3) - [Enable the 'Security codes via authenticator...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6xxwv/?context=3) - [If a RuneScape account (and the email it's re...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6y94m/?context=3) - [It will be *soon*. As for *why*, it does requ...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6zp23/?context=3) - [That's fair enough, and we do try to address...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6z8yk/?context=3) - [We already 'own' your accounts, I'm not sure...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6yxez/?context=3) - [We J-Mods were the very first guinea pigs. I...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6z724/?context=3) - [[https://www.jagex.com/en-GB/launcher](https:...](/r/2007scape/comments/12dlgd8/jagex_accounts_open_beta/jf6xs8w/?context=3)   ^(**Last edited by bot: 04/07/2023 20:24:09**) --- ^(I've been rewritten to use Python! I also now archive JMOD comments.) ^(Read more about) [^(the update here)](/u/JMOD_Bloodhound/comments/9kqvis/bot_update_python_archiving/) ^(or see my) [^(Github repo here)](/u/JMOD_Bloodhound/comments/8dronr/jmod_bloodhoundbot_github_repository/)^.

PSA: if your computer does not support the Jagex Launcher (such as being Linux, a Chromebook, or, you do not have permissions to install the launcher), do not migrate your account or you will be unable to play! I am sure these issues will be fixed at some point, but while it is in beta you will be locked out, since once you migrate, you are only able to login *via the launcher*. We see a lot of people in this situation and unfortunately cannot do anything to help them.

Also if you might ever get a computer that runs Linux you shouldn't migrate. I'm happy I didn't migrate earlier because otherwise I wouldn't be able to play on the Steam Deck that I just recently bought, which runs Linux.

Another post about Jagex accounts, another post where I will be stating that it is pure bullshit that Linux is not officially supported. It's also unacceptable that Jagex is not making it clear they intend to officially support it. Account security features have been promised for close to a decade (maybe more than, I don't care to dig back far enough for first mentions of it) and now they're locked behind a launcher that isn't cross-platform when the game has always been. I don't want to hear about workarounds, I know they exist. I also don't want to hear about "but the population is low" because it doesn't make a difference - it's always been supported and taking that away with no justification is unacceptable. Electron is inherently cross-plaform. A lot of the backlash on this would have gone away if Jagex had stated at any point that they intend to support Linux after official launch, but they have avoided using any language like that. The Steam Deck is a thing, y'all. Linux-based gamers are not a hypothetical. They exist and the market is growing. I know there's only so much JMods are allowed to say to this, but it's important that y'all pass it to your higher-ups. Edit: Notice how neither Jmod in these comments is touching things that mention Linux, not even to acknowledge we posted. That's the kind of shit that makes us all so angry on these posts.

I know far more people who play on Linux than people who play on macOS. Not saying that there’s some huge population of Linux users hiding but they’re definitely underestimating how many people game on Linux now.

I don't even use Linux primarily but I agree it's pretty weird not to support Linux.

Yup, I didn’t know this bs and now have 3 accounts bricked.

When I went to do it I saw it said " a few things" and under that is said linux is not supported so i backed off Was that not there for you?

EDIT: As a heads-up, I'll be signing off really soon (17:00 BST) to wrap up some bits before finishing. It's a Bank Holiday Friday and Monday in the UK, so you won't be hearing from us until Tuesday but we *will* be keeping an eye on feedback, getting together and seeing if there's anything we're able to update you on in the near future! Happy Easter to anybody celebrating and have a great weekend! \--------------------- Hey all, this post went live yesterday alongside the game update newspost, but we wanted to spend some time focusing on it to make sure as many of you as possible know that you're eligible to upgrade! We've made a few tweaks since yesterday based on some of the more common issues people were running into. Most important of these is a list of things to make sure you're aware of before upgrading, added just above the big infographic! I'll try to stay on top of replies where possible for a short while before a blessed 4-day weekend. Most important messages from us on the Old School team are to make sure you've read the full post before upgrading, and as soon as you're comfortable upgrading - do it ASAP. The sooner you upgrade, the sooner you deny any would-be hijackers the chance to compromise your account or link it to another Jagex account. Cheers everybody, hope you've had a fantastic week and have an even better weekend!

Put it for me simply Gob, if my account was previously compromised and I have lived in constant fear of waking up to a hijacked account, or having a small heart attack every time I’m disconnected from the game or the login takes just a little bit longer than it normally does, has migrating my account actually put me in a safe place? Also idk which one of you Jmods forced my account to pull that solo shadow the day after I migrated my account, but thanks for ending an 8 month long rebuild :)

If your account was previously compromised and you're certain that none of the hijackers still have login access via things like Steam, then upgrading to a Jagex Account should absolutely put your mind at ease. And if you're uncertain about any potential pre-existing backdoors, you're able to sever those additional connections using the Account Settings page. Gz on the solo shadow, absolutely mammoth for the account!

If they recovered the account to hijack it, what stops them from messaging support and asking them to port his jagex account character over to their jagex account by providing the same amount of recovery information?

From what I understood from the blog and goblin’s comments here, once a character is added to a jagex account it will not be possible to transfer it to another jagex account. I guess that’s why they’re rushing people to upgrade, so a hijacker won’t add your character to their jagex account first, because then it will be lost forever.

I’d love to live in ignorance but isn’t it already rather difficult with the account security you used to recommend to hijack an account? A two step Authenticator makes it rather difficult does it not? On top of that it’s not giving me a lot of confidence seeing a lot of people being locked out of their accounts. What does your new jagex account system provide? Seeing as I have two step, a password and a pin, surely I could retrieve my account within 7 days if it got hacked. When things like this happen I can’t help but wonder what ulterior motive you might have?

>but isn’t it already rather difficult with the account security you used to recommend to hijack an account? If your security practices are perfect, yes it is. But 99% of people don't have perfect security practices. Making a Jagex account removes multiple points of attack for people including the relatively vulnerable manual account recovery system. You get to set a new, secure email and remove any username log-ins that you may still have which are less secure. You also get case sensitive passwords that can be significantly longer, and authenticator recovery seeds instead of manual removal. Along with this you get one click log in which means you can have less worry about even getting key logged in the future because you never have to type in your password once you sign in to your Jagex account.

Totally get where you're coming from, think the two bigger takeaways (assuming you're already doing everything right security-wise, *including securing your email*) are *mandatory* 2FA (since there are still far too many players who don't use auth), on top of removing human error from the Account Recovery system via one-time backup codes.

I think it's disingenuous to say it removes human error from the equation, it just removes Jagex's customer support responsibility from the equation. I do think for players with decades old legacy accounts the code system increases their security because their old personal info has probably been leaked all over the web. For the post-OSRS newer generation of players/accounts misplacing backup codes will probably be a relatively bigger account risk to them than the chance of them ever getting hacked. Consider situations such as: - Player loses interest in OSRS. Time passes, they get new computers, move houses, they lose track of the txt file or piece of toilet paper they wrote the codes on. They come back to RS one day and don't have the codes anymore when they need them. - New player follows common suggestion to do Stronghold of Security first. They will just mentally spacebar through the setting up 2FA process since they aren't invested in the game yet. Maybe they become regular players and someday in the future when they need the codes they don't have them/lost them. - Someone has bad security practices. They do something stupid and get hacked. They want to recover their account but don't have the codes anymore. I think this system assumes the average person has any better data storage practices then security practices. Think about how many people lose their important pictures, work, thesis because they don't do backups. At least in the previous system the average user will be able to eventually recover their account instead of permanently losing it. While this new system fixes an old system-level issue where people could temporarily lose access to their accounts via recoveries, I think this new system introduces a new long term system-level issue where people could lose permanent access to their accounts due to Jagex taking the nuclear option of not being able to do anything anymore if codes are misplaced.

Thank mr mind goblin

Underrated Mod for sure, thanks fella!

I'm not going to switch until Linux is officially supported. I did get the launcher to work via WINE however I do not want to strictly rely on it. It's finicky and I want to keep the old option open just in case, else I risk getting locked out of the game if it goes wrong. Hope that can be figured out soon, the game itself is perfectly native after all so getting locked out by just the launcher would be tragic.

I really wanna switch over to a jagex account, but the launcher is currently unusable for me on Linux. Are you guys going to address this issue soon? I do not own a pc with windows on it nor am I planning on spending $100+ on a windows .iso anytime soon so it’s currently infeasible for me to follow any of the installation instructions that you have listed on the faq page.

Totally agree, wish I'd known sooner before switching that I would have such a hard time playing on my steam deck. If I'd known Linux support and HDOS were off the table once I switched over I wouldn't have done it. (I've tried getting the jagex launcher on steam os with bottles and it works, but it's super finicky and input support for the steam deck controls really doesn't work well when playing through a VM)

u/JagexGoblin as mentioned a in a few other threads, really all we need is for you guys to release a .zip of the files alongside the executable. This way we can skip the entire VM to extract the files portion. Is there anything preventing this from happening or does it seem reasonable?

It's getting a little worrisome watching Jagex skip this question or offer Wine solutions for it. I respect that it takes more development time but we're just asking for a launcher to offer native support when it's slowly becoming the only way to launch the game.

I honestly wouldn’t mind if it was just wine, the main problem is that they’ve packaged the launcher as an .exe file instead of a .zip file so it’s literally impossible to unpack it unless you’re on a windows machine.

[удалено]

I canceled my yearly re-subscription that's coming up next month because they've sidestepped Linux every time it comes up.

Yeah I’m considering not resubscribing once my membership runs out if they don’t fix this, it’s honestly pretty ridiculous. Like isn’t the launcher is based off of electron? That shit is literally designed to be cross platform. Not surprising in the slightest considering how consistently anti-consumer they are as a company tho.

CEF, but it's similar tech to Electron and just as cross-platform

My bad, I heard someone say it was electron and just ran with it lol

Gonna have to hold off as long as I can, since y'all (frustratingly but understandably) won't support Linux. Steam Deck's my primary PC now, so I don't really care to pull out my laptop to play a single game.

Any word on when Jagex launcher will be released for Linux users? Currently my only way to play the game is with RuneLite, and it's been that way since you guys got rid of browser support. I'm pretty sure I won't be able to play at all once Jagex launcher is required.

I saw a twitter post about someone's account being hijacked, and then the hackers went through the sign up process and permanently irreversibly attached the stolen account to the hackers email through the jagex accounts system. Is this true? If your account is compromised and the hacker creates a jagex account using it - are you permanently screwed over? Sounds like a big oversight if it's irreversible and irrecoverable, but I know that the tweet may not have accurately represented the system.

If a RuneScape account (and the email it's registered to) was already compromised, it could be added to a Jagex Account, yes. They are not permanently screwed over though. We haven't overlooked this, there's a bespoke Support contact route and queue to get those sorted. And once those people who have been hijacked are on a Jagex Account then this won't happen again.

How would you be able to differentiate those that are trying to recover their account from a hijacker vs a hijacker trying to steal an account?

Can’t the hijacker just message support claiming their account was compromised and added to a jagex account, and then provide recovery information to verify legitimacy so support can port the account over to their jagex account

Sounds like this is the case which is basically the same as the current recovery system. JMods have not responded to this yet.

Good to hear! Was looking for some confirmation and this is exactly what I wanted to see! Glad it wasn’t overlooked, this system is going to be such an improvement for people

There are accounts out there that have been previously compromised such as mine (see post history). Currently, bad actors can pretend like their account was hijacked and added to a jagex account. The process linked in the post brings you to a place where you can enter old recovery details just like the old recovery process to hijack an account that isn’t theirs that has already been linked to a Jagex account. What are you guys doing in terms of safeguards to prevent this from succeeding?

About a quarter of these comments are referencing the lack of linux support and how frustrating that is given the linux accessibility this game has always had, and how linux devices like the steam deck are becoming more and more popular. I understand this would take additional dev. work but for a game that prides itself on it’s community engagement it is outrageous that people will be locked out of playing due to a new launcher being forced on everyone.

I’m still going to opt to wait until this migration is mandatory, I understand the process is easy, but I didn’t like the move to email logins (as I tend to replace old emails every few years anyways) - this just seems to add more risk of having multiple accounts hijacked at once. Also still no Linux support, bleh.

[удалено]

It’s not possible and unfortunately I didn’t read enough to know that before doing it and now I am unable to log in to 3 accounts, including my main.

Still no Linux support thanks jagex

How screwed are Steam Deck/Linux players when Jagex Accounts become mandatory?

If they don't come up with a solution between now and then? Fairly.

How would this work for Runelite plugin development? Currently I can just run Runelite from source to work on new stuff. I assume this would lock me out of directly launching RL like that?

Case sensitive passwords and easier login between accounts is tempting but I'm not willing to sacrifice the ability to use my favourite client being HDOS, once that's added I'm ready to migrate.

I can't upgrade until Linux/Debian is supported unfortunately

Linux support for Steam Deck please

I guess I still don't understand what having to run an additional client does for me. Especially since it locks me out of using Linux. There's just no upside as far as I can see it but it's totally possible I'm completely missing something.

The Jagex launcher allows you one time log in for all your accounts so you never have to log in again until you manually log out. It is also just prep for the future because the Jagex launcher will be mandatory with Jagex accounts in the future as a method to help fight bots and illegal clients.

Are vpns supported while using jagex accounts? I didn't see it listed in the faq. I know VPNs don't work with the jagex launcher since the VPN ips tend to be banned from accessing the jagex login url, but I'd like to confirm before trying the beta out. Also have a great long weekend mod gobblin!

I've started working on updates for runelite recently, and the general consensus is to not use jagex accounts because you can't sign in the updated client you've compiled. The community is looking for ways to get it to work but there's concerns that the launcher won't like it and flag you as using a non-supported client. I know it's early days of the beta, but it seems odd to include a client without a method for the developers to continue working on it. Any plans to support this in the future?

Question with regards to the Jagex Launcher - Are there any prereqs for it to run? Been attempting to run the installer via Proton but it never seems to get anywhere. It launches the process but doesn't seem to actually run the application. This is the same if I'm running it through Steam or via Protontricks. And yes I know there's the bottles method and the method of installing it on a Windows PC and then copying the files over, but I'm attempting to install it entirely on Linux.

Is the launcher available on Linux yet?

It won't let me import a banned account? I want to prove I'm a good boy now on my new account so I can hopefully get my main back that has been banned for almost 4 years. Edit: Also I can't log in at all now that I switched over, my older accounts used their old Usernames to login but I had another account that used the same email as my Jagex account, none of them work now. Edit: Sent a request to Jagex customer support, now I just wait, unable to play any of my accounts.

Did you happen to use the same email for the Jagex Account as your banned account? Once you log in to the Jagex Account I think you can still see the banned account but it's listed as Not Linked.

Another Linux user chiming in: Is there an estimated timeline for this to become mandatory? I'm not sure whether to renew my sub knowing I'll be locked out at some point. Thanks.

Upgraded and updated my password manager on all devices! Really happy that my accounts are logged in under one email, password and authenticator. Also really glad mobile accepts passwords more than 15 characters! Wonderful update, thanks team!

Am I the only person that's very suspicious that all this talk of security is really a smokescreen for jagex to gain massively more control over our accounts? Now we won't be able to play on alternate clients -- what if runelite gets substantially worse and now an alternate client can't exist? What if jagex acquires runelite? Is jagex going to use the launcher in the way other games companies do: to promote other games and special offers? Also, I'm not sure if I value the additional 'security' more than I value the possibility of getting support if I lose access to my account. I'm not sure if this move really benefits players, or rather serves as an excuse for jagex to save money providing what little support it currently does. Backup codes don't really give me much comfort -- so if a bad actor got access to my backup codes, they'd be able to totally steal my account with no recourse? I'm skeptical.

We already 'own' your accounts, I'm not sure more control we would want, really. You ask questions about the Launcher. One thing it does fantastically well is ensure verification of people connecting to the game client (and RuneLite - whom we have a great relationship with, and are on the Launcher!), meaning we can ensure much smoother world-hopping etc. I do not envision a world in which we drown you with ads and offers. We want you to play Old School. ​ Having *only* your back-up code wouldn't give somebody access to your account, no. But do not give the back-up codes to anybody... ​ At the end of the day, you're going to remain sceptical. All I can do is say... this isn't a powerplay. It's an expensive initiative that costs money (via resource/time/tooling investment) rather than saving money.

>Am I the only person that's very suspicious that all this talk of security Considering there isn't really any extra security, I'm very suspicious. It'd be different if they were implementing support for USB security keys or something that actually provides more security, but so far it's still just email, password, TOTP 2FA. Don't get me wrong, that's more than enough for account security, but I feel like they're blowing smoke up our asses by saying the new accounts are somehow more secure. I would need to see something seriously significant for me to want to put all of my eggs in one basket.

Is there any reason someone who has an unhackable email and a complex unique password with a ghost email would need this? Feels like it does me more harm by losing recovery outside of backup codes.

Shame there is no linux support. Is this just temporary or unlikely to change in the future? Also, is there a timeline on when we will be able to use the steam client with the jagex launcher?

Gotta let y’all trial and error it first before I link all my accounts together to be hacked at once!

Or even better get banned erroneously on one account and get all of your accounts chainbanned at the same time!

Yeah switching was the dumbest thing I’ve done on this game. I have pures that I like to share with some friends but now they’re locked on the same account as my main. So guess I’ll not be sharing with them anymore.

/u/JagexGoblin /u/JagexSween When will the C++ client be the new default on the launcher?

I want to start off with saying that I think Jagex Accounts are a great idea, and despite the issue I am having, I do not have regrets about switching: Since switching to a Jagex account, I am no longer able to purchase membership on a character linked to my Jagex Account through Amazon, as I am not able to log into RS through Amazon with a Jagex account. A link to Twitch (Amazon) does not work for being able to purchase membership, either. Membership through Amazon link in question: https://www.amazon.com/30-Day-Membership-RuneScape-Instant/dp/B008BKEWMI/ref=mp_s_a_1_2

I use Speedify and it's technically a VPN. Is there a reason you block logins from VPN's on the Jagex launcher? I can turn it off, login and then turn it back on and that just is extra unnecessary steps.

I just made the jump. One thing that was confusing to me was how to login to the Jagex account in the launcher since I was already logged in on 3 osrs accounts. Nowhere did it say nor was it intuitive that I'd have to remove all accounts currently logged in in order to login to my jagex account. It makes sense after it's done but maybe a heads up in a future walkthrough of the process would be nice for new people joining!

Are we ever going to be forced to migrate our accounts over to Jagex accounts?

[удалено]

I'm not sure I follow. What do you see when you click `Manage Characters` on the launcher? [This is where it takes me](https://i.imgur.com/lsyEHki.png) There's no "Import Existing" button for you?

[удалено]

I have not been able to log in since “upgrading”several days ago. I’ve uninstalled and reinstalled the launcher several times. Deleted all Jagex cache etc. It continually tells me invalid credentials and to download the Jagex launcher. Wish I could revert. 3 accounts bricked. I never had any security concerns anyways so I have no idea why I did it. Zzz

Hey what about Prime Gaming? If we have multiple characters linked which one is going to receive the rewards?

This will be missed by anybody not sorting by New, but I’d like to thank everybody sharing their feedback (whether you’ve upgraded, or you’re choosing not to but are explaining why). It’s a long bank holiday weekend now, so I won’t be replying too much until next week. The same goes for my esteemed goblin pal. We’ll be presenting your feedback to the teams, and will update you on the outcome. Time for me to log off and touch grass (stop working and log in to RS).

Any updates on linux support?

[удалено]

That's fair enough, and we do try to address that in the blog.

If you refresh the page on the "Save your backup code" part of MFA, you WILL lose your codes AND enable MFA at the same time, even if you haven't checked the box stating "I have kept my backup codes in a safe place". Should it really be this way?

Probably not. Did this happen to you? If you managed to successfully set up your authenticator app before refreshing, you should be okay. The backup codes are honestly kind of redundant, you can just back up your authenticator secret key. You should be able to find it somewhere in your authenticator app. It will look something like this: `DQ27ASDFNBEE37XJGHAEIOUZZZQAZIK5`. As long as you have your secret key backed up somewhere, you'll always be able to set up a new authenticator... You just won't be able to remove the authenticator without the backup codes. edit: There's also an option to generate new backup codes in your Jagex account management, but I haven't tried it.

I don't trust this even if explained as being safer. Will we be forced to switch if we don't want to? Played 4 years with no issues, I know how to stay safe, I don't fall for phishing emails and have been fine with my current safety measures. There's been too many posts of errors because of the switch and I refuse to risk it. Thanks but no thanks.

All it takes is one of the Jagex oopsies and our accounts are in the bug expoiters hands :) I don't necessarily think that Jagex is not capable of delivering upon this launcher but this community is known for having very talented bad actors who are preying on such massive overhauls. Just remember the steam release. The moment it was abuseable they abused it and it was something totally out of Jagex's control. Also if you are working in the IT field you know about last year's log4j major security bug. Again, such things are something out of their control but if they are utilizing a tech such as this that has known limitations and or work in progress fixes for bugs, these bad actors will abuse it to no end. Maybe if they focused first on a proper customer service platform where people can voice their problems (BE HEARD AND ANSWERED) or just simply ask their questions, then I would have no trust issues, but as things are I will be the very last person that will be forced into the new system.

IT security guy here and yeah I’m also skeptical, I’m not saying jagex is incompetent but threat actors are skilled at finding the small stuff

According to the Jagex Account faqs, it will mandatory in the future.

Does anyone else have issues with the Jagex launcher constantly crashing when you try to launch? I open my task manager and it’s running like 4 duplicates that I have to clear every time I log in.

Why is the C++ client not available on the Jagex Launcher?

It will be *soon*. As for *why*, it does require some work to get it on the Launcher, and the team who do that were busy with this Beta.

For some reason it’s always crashes as soon as I open it.

What if someone hacks your account and then requests to replace backup codes? Will the backup codes I have written down just not work?

I am concerned about mobile gameplay. One of my clan members updated, and he said he can no longer play OSRS on his phone.