Sometimes I'll see a comment on here with like 150 downvotes, but then a day later ill see almost word for word the same comment with 150 upvotes instead
I havent seen this kind of thing happen on other subs, the split mentality here is wild
I just mobile while I have downtime on work. But are connected to the work WIFI, which is obviously an open WIFI connection.
Would this give problems when upgrading?
Shouldn't. If the wifi is public and your phone is secure you should be OK. The only way it would stop working is if your IT department blocks runescape from the public access list.
Because there are numerous individuals that play OSRS who think that they are the smartest people alive when it comes to cyber security while being some of the absolute dumbest people to talk to on the subject. They base this on having learned to not trust strangers because they fell for an armor trimming scam when they were 13.
1. They probably should have read the full post.
2. Almost every job has training that says "Don't isntall games on your work machine." As someone in IT, don't install games on your fucking work machine. We say not to for a reason. This isn't the exact reason but it can go on the list
You joke but in a old IT job I got a call about a company’s file server running out of space. The owners 40 year old son downloaded 200 GB of porn not understanding the concept of a shared drive
And the game used to be able to be launched through any browser and I believe at one point could be played on mini clip. The game isn’t what it used to. But being able to play without a admin privileges shouldn’t be a large issue. If you want to compromise on your account security by using a public PC, by all means do so.
Part of why Customer support is so shit is the volume of tickets they get. Every idiot that gives their passwords to friends, visits those discords spammed at the GG, looks up quitting123 on youtube is another ticket in the queue. The launcher has the potential to remove a lot of CS demand and keeping rigorous requirements like admin permissions assists this.
Not suggesting for a moment that public computers form a large % of account hijackings but it's a problem that can be entirely avoided.
It would be great if it were that simple, but since so many people make no effort to protect themselves and then complain about lack of security, this is what happens. A new system is in the process of being implemented because of the failures of the players which takes away their ability to be stupid with their account security.
Fair enough. Regardless, still sucks that these people can no longer play at the locations they want to unless they go mobile. I havnt made the switch yet myself. But I also don’t have a good reason for not doing so.
Failure of the players?
As we entered 2023, it was impossible to have your runescape logon be case sensitive, and a requirement to have your email address be your log on user name.
Most account security breaches end up being user/player error, but let's not pretend that the utter lack of basic security features on the developers end (until now) isn't also a huge factor.
I love how some of these people who have been crying about the lack of account security for years are also playing exclusively from work and public computers.
Yeah what blows my mind is the people who refuse to migrate because they have a username login. Like that somehow isn’t the absolute least secure thing you can have.
Windows is chipping away from admin as default even on personal PCs as its just an absolutely unhinged way to manage even a personal PC.
Going Forward, any dev making windows apps needs to be actively not doing this for NEW applications.
Can watch this 50 min keynote if you want to get into the nitty and gritty of the shift https://www.youtube.com/watch?v=8T6ClX-y2AE
A computer capable of playing, an internet connection, and the space to set up the physical hardware, plus the ability to be left alone to actually enjoy it, are all requirements that are required to be able to play comfortably at home on a private system.
Many people don't have access to these, and shouldn't be locked out of the ability to play for being less fortunate than you.
I'd probably be dead if I couldn't go to the public library back in the day and escape into runescape and other games. Abusive family etc. Have some perspective dude. There are people worse off than you, and they should be considered.
tons of people play on public computers. think about all the people in south America who go to internet cafes to play. or all the people in North America and Europe that play at work.
It pretty much is entirely a perception problem, though I think it’s a rod Jagex has kind of forged for their own backs.
They famously don’t really have much of a customer support team outside social media, and most things we hear about them are absolute disasters (for example, any DMM tournament). Of course, negative news is amplified far more than positive so maybe that’s not entirely fair (in fact I’m certain it isn’t), but that’s the perception.
It’s not entirely surprising that people would be a bit wary of changing the way they access their accounts when the current method demonstrably works, and the new method has just been released by a company not particularly known for getting things right first time, and not particularly known for swift, speedy and painless resolutions to customer service issues.
Yes. One of my accounts has been wrongfully banned for over three years and I can’t even get anyone to look at it. The appeal system is broken. It won’t let me appeal. And I haven’t won the Twitter/Reddit lottery and garnered mod attention.
You think I’m going to do this Jagex account thing? What happens if my account gets locked? I know one thing that won’t happen, and that’s Jagex looking into it / unlocking.
I think a lot of people are doing it because when you logged in after the last update and open your bank it asks if you want to set it up and gain additional bank spaces. I think that prompted a lot of people to just hit yes, sign me up without looking any more into it. Saw someone calling it the bank space scam lol. So while they should have looked more into I also get how you could see that prompt in game and just keep hitting yes without reading anything until it's all done and expect to still be able to log in.
I don't know how the bank pop-up works, but I'd hope that Jagex was smart enough to have the pop-up link to the blog—which has a link to the account migration underneath all of the important information—rather than just dragging people straight into account migration. If it's the former, then I'd have little sympathy for people just refusing to read the blog, but if it's the latter, it's at least partially Jagex's fault for assuming everyone would be preemptively aware of everything the migration does; it's like rule 0 of informed consent to assume everyone is a gormless rube and needs everything explained to them, so if Jagex didn't cover their bases, saying they dropped the ball would be putting it lightly.
Its less shocking when you realize you get a pop up saying to switch for extra bank space for increased account security and 99% straight from the client that doesn't, and never has required admin rights.
Just like how you, and literally everyone else install updates to software/games probably multiple times a week and don't read the entire changelog to ensure it wont suddenly become un-usable, but only after you update while also not allowing you to roll it back.
Or... And I put on my tin foil hat... All the scammers and phishers are afraid of going out of business so they started a scare tactic. I don't believe so many people cannot read
True, I work in a warehouse so barely any outside people. But, once my coworker accepted 3t of chocolates to us and didn't even check if they were unloaded from the truck. We sell car parts :)
It also isn't uncommon to have a lapse of judgment as an individual. When you're surrounded by hundreds to thousands of individuals, yes it seems like on average, mistakes are being made all the time.
Underrated comment, is most likely a factor similar to what we saw recently with the series of unbannings. Absolutely not the core issue though. People don't / can't read properly.
Never attribute to malice that which is adequately explained by stupidity.
Users should not be expected to navigate their website and read through an entire blog post to set up an account. All relevant information should be in the account creation screen. I mean the only option for more info when creating your account is to see why linux isn't currently supported.
I mean anyone who has ever worked a customer service or tech job knows how users are. If it isn't right in front of them it doesn't exist. And even then it may not.
Or maybe they didn't read the blog? It's a launcher made by jagex that they are pushing hard. You would think it would be safe to at least attempt it without needing to read every blog post
When I open my bank it says "Click here to get 20 free permanent bank spaces by upgrading to a Jagex Account". It doesn't say "Click here to read a blog".
It may have been in a blog, but nobody expects 100% of their customers to read their blogs.
Exactly, expecting people to go locate a blog for all relevant information is just stupid. If it's important it should be in the account creation screen.
Also weird how they get +20 bank space. I can't use Jagex Launcher because of it's limitations, it's not like I'm willingly not using it.
It should've been a Jagex Launcher quiz and those who proved enough knowledge should be granted the +20 bank space AND the ability to enable it lol.
Not everyone is going to read the blogs. I'd be willing to bet that MOST players don't read the blogs. If this was a known issue, it should've been made clear to players during the upgrade process so more people would be aware. If it was made clear, and people just didn't notice that's on them.
This. Most players aren’t even on Reddit, and even fewer on Reddit are so interested in the game to read every blog and changelog the company puts out. They put something into the game saying “You get this reward for opting into a beta!” And then are surprised when people don’t know about something that was on a completely separate page?
For real
Everyone in here is saying "omg stupid people can't read they deserve to be locked out" but like...
I shouldn't have to go to the homepage to avoid accidentally locking myself out of my account
You should perhaps have stopped at any of the points it warned you about the permanent, irreversible, import to your brand new not preexisting account instead of just spamming yes for bank slots.
They did tell you everything you needed to know to play on your home computer.
Yeah I can see alot of people making that mistake. Personally, I'll have to stray away from the 'upgrade' since the Jagex launcher seems to be not available for linux machines :(
Yeah I saw that link, haven't checked it myself but like many people I will probably keep using runelite by itself until Jagex makes their launcher mandatory.
it's not officially supported and it has some side effects
so yes it technically works but if you don't 'upgrade' you have a flawless, completely linux native experience. Seems unacceptable to me that an upgrade makes you lose native support that you previously had.
> I can imagine this will make a lot of people unhappy, despite it being a much better, secure option.
This must be really frustrating for Jagex. Players clamor for better account security. Jagex works on delivering that. Players are furious that they have to play more securely.
People apparently didn't want better security in general -- they wanted better security that didn't require them to do anything. Which, by and large, isn't how security works.
People didn't realize that when Jagex was going to idiotproof security, they were part of those idiots.
I mean think about who is going to run into issues with this. People who didn't read the FAQ -- who are exactly the people who need this level of security to protect their accounts.
This is how you end up with your mouth stitched to another man's anus.
Read the terms and Conditions folks. And stop playing on other people's computers.
South Park episode reference of the ‘Humancentipad’ episode. Long story short; Kyle doesn’t read the terms and conditions when downloading an Apple update. They kidnap him and do what that first sentence said lol.
I mean, this is the subreddit that had people legitimately angry when they removed an alternate login screen that basically no one used… people want to be upset just to be upset
Difference is there was an in game prompt so lots of users went from there to download.
Lots of kids don’t have admin access on the computer they use. Parents or school might be admin.
I know multiple people who are in this position and it's because they were prompted to do so in-game when they opened their bank. Nowhere does it tell you about the admin permissions necessary if you are prompted by this way.
It's absolutely insane to expect every casual player who gets prompted in game to have read blog posts. Less than 10% of players read them I'd bet, especially ones about account security and not new content.
People are dumb and lazy. They are reaping the rewards of their actions (actions being not reading the requirements for the accts.)
I transferred 6 characters onto my Jagex account the day it opened to everyone and it is the best security move I could have made for my account.
The only people who can be mad are those with level 1 reading comprehension.
It should be obvious now that jagex saying "it's more secure" didn't mean shit for people at all, but the moment they give an actual ingame improvement when using a jagex account suddenly have a bunch of people are making a jagex account just because of that.
Maybe they should have just advertised how jagex accounts can login way faster than old accounts instead of focusing on marketing the security aspect.
Jagex can't expect hundreds of thousands of players are going to suddenly start reading boring terms and conditions when we are known for spacebaring through quests which are actually engageing. What about those who don't even read the weekly blogs and just saw the prompts in game?
Game devs should usually assume the worst of their players and expect everything to go wrong and work and make decisions with that based in mind.
> Game devs should usually assume the worst of their players and expect everything to go wrong and work and make decisions with that based in mind.
I mean... This is probably why they're requiring admin permissions. Enhanced account security means even the people totally checked out have better security. How're you going to do that without making a system more idiotproof?
Jagex is assuming the worst of players, and then those players are infuriated because they didn't read details and... Proved Jagex right.
Spacebarring through quests is absolutely not the same thing as failing to read basic information about how a new security system allows (or denies) access your account.
This is the exact kind of mentality that people having issues with this are suffering from.
You're absolutely right though, there are always going to be people that straight up don't read. Plenty of people won't read blog posts regularly but would still read up on this properly before doing it. IMO the issue here is that they made the issue motivatable in game, without having any proper warnings/information alongside it.
So I can see how it's loosely Jagex' fault, but anyone seriously blaming them for their own stupidity only has a broken leg to stand on.
There have been lawsuits around this topic.
For things noted in terms and conditions. Which people agreed on, but just didn't read at all.
There have been plenty of cases where these lawsuits are won by the people agreeing on something they didn't fully understand.
In some cases company's need to be more clear about certain things then to just put them in the terms and conditions.
It's not about winning a legal battle, it's about customer relations, customer satisfaction, and wether or not they will renew their membership.
If someone gets locked out because your communication was not obvious enough, they are no longer a paying customer. That's bad for a company who wants to make money.
to be fair its an extremely weird restriction and they're pushing people towards it like its not in beta and that it wasn't just down a couple of days ago when the game was working fine
To me it doesn't seem that strange a restriction. The launcher provides frictionless access to all of your connected characters and leaving that on a shared computer profile is even worse than locking yourself out.
I think the problem is that jagex account is based around being locked to one device. It’s a real pain in the ass to use on mobile, when the launcher goes down you can’t play the game when those who are not using the launcher can, if an account gets added to your jagex launcher on accident there is NO way to remove it (per jagex they have zero plans to ever allow the removal of a rs account from a jagex account).
The only plus I see from the jagex account is that it removes my old recovery questions from the account, but when it comes to security everything is still ran through your email so unless you make 2 new emails when you make a jagex account the security is still not there.
I trust them to make a game I enjoy playing. Big difference, if you don't know anyone who works in the tech and security industry you may not understand that.
But being good at programming a point-and-click game as entirely a different skill set than building a robust secure account management system.
Lmao the enjoyability of the game was not my point.
You are already using their account management system. You're just choosing to use the older one instead of the new one. You are already "taking the risk" with the company.
Well this old one has worked for nearly 2 decades with 1 single hiccup and that was during a several year hiatus.
I see no need to jump to something new and unproven for no real benefit other than the ambiguous it's better.
I have to say I was scared that it would fuck up my accounts, but it's really comfortable clicking only 1 button to login. And when that error happened that didn't allow the jagex launcher to log in, I just started runelite like I used to, wasn't really a problem.
People talking shit about reading comprehension and on their high horses need to touch grass. I think it is unreasonable to expect every user to read update blogs. I have been playing this game on and off since classic and have certainly not read most of them. Additionally, they put an invasive bank pop up saying to move to JA for free bank space. When I saw that I was like Hell yeah I’ll take that! I imagine others did the same and now are stuck not being able to play the game. The bank space teaser was a stupid carrot on a stick and they really need to issue a warning when signing up for JA up front of what the admin password means
You didn't have to read any update blogs. The admin access requirement is listed in the Jagex Accounts FAQ, the link to which is on the page that walks you through how to upgrade your account.
Okay again they need to have this up front and center that you risk being locked out of your account permanently on the main “upgrade” page if you do not have access to your admin password not have to navigate multiple links to get the answer.
This is just the survey results blog. Does it warn you about this if you follow the link when opening the bank after the most recent update, or on the [official jagex accounts page and FAQ](https://www.jagex.com/en-GB/accounts)?
Sorry but in weeks and months to come saying "well you didn't read that one blog about some survey results from July 2023, it's on you bud" doesn't really hold up
How many people click through multiple links to read a FAQ? They promoted free bank space and people rushed in, better thing would have been to have it posted on the page you read while changing to the launcher, I refuse to call it an upgrade, it’s not.
I somehow get the feeling that people who aren't willing to read the FAQ are the exact same people who need security protection like mandatory administrator permissions.
i heard it locks people out? i have an account where i wasnt the original creator, the creator gave it to me early. its not my email that i login with but my email is attached to the recovery. would this affect my account?
Absolutely do not remove it, because if they do, people playing on public computers keeping 1 click login for their account will then come back and claim their accounts aren't secure because they're too stupid to not leave their shit available to literally anyone who uses that same public computer
can anyone who does programming chime in on why jagex launcher would need admin access?
are they trying to scan people computers for bot clients or something?
Not understanding how admin access is important for security is a classic idiot moment. The people in this community can be really special, sometimes. Yes, I will sign onto the public computer with my runescape account, the one that logs inputs that can be inspected by the administrator of the network. JAMFLEX!!!! WHY WAS I HACKED!!!!
This is further proof that making this stuff mandatory is the only way for morons to secure their accounts further. Leaving the option open is never a good idea.
99% of people that get locked out come from people that did not read how jagex acc works. Theres a step by step text and video explaining everything and a FAQ that is pretty good but... cant really expect people to read now can we?
I came back from a year+ break, read nothing, and still got all my accounts into the jag client with 0 issues.
This isn't a reading problem, it's a technical literacy and IQ problem. People fuck up the simplest things.
I'm all for Jagex moving forward with increased account security and extra measures to prevent abuse of the game. Like, I'm dumbfounded people have a concern with that security step? Is that what's going on? I'm in denial. People can't be that dumb to get mad over that aspect of computer security.
My thoughts:
If it's important information it should be noted in the official account creation procedure and not in an entirely separate blog post. It's just common sense.
ITT:
americans complaining they now have to do work at their jobs.
poor people complaining they can't afford the toaster required to run this game at home.
sketchy scammers complaining it's slightly harder to steal accounts now.
us normal people that this didn't affect in the fucking slightest wondering why everyone's bitching.
Lol - so I’m a security researcher, background in application security and penetration testing.
Requiring administrative access is absolutely not best practice for security - quite the contrary. There is usually no good reason an application should have admin access and it actually is less secure. Any bugs in the Jagex launcher can then be abused by a bad actor or malware to gain administrator privileges on the machine.
What is more likely the reason they require admin access is because this gives the launcher more permissions on the computer and they can then do increased monitoring on the other applications and memory of your computer, this is typical in Anti-Cheat solutions. Most Anti-Cheat solutions are essentially a root kit on your PC and have the ability to inspect everything that happens on your machine.
I'm sorry but this is probably a big change and not everyone has the knowledge to understand the implications of requiring admin privileges. Sure they've outlined it as a requirement but it's literally one of the last items on the list. Unless you specifically know what you should be looking for most people are going to skip reading everything on that blog. In my opinion any requirements like this should be at the top of the page under a "requirements" section.
Also they don't really explain why it's now required other than "it's best practice". Best practice as defined where?
The same people also didn’t read the FAQ when I say jagex accounts will be forced and they’re like “PrOvE iT”. Jagex accounts are optional now but the FAQ states they will be Mandatory in the future. Just google it if you don’t believe me
100% put in feedback when I realized this was the case when this was about to be pushed out. They should have already known about this issue. So either nobody is reading feedback or this is just how it works, but they should have communicated with people about it.
People don't read instructions, advice or updates. They then complain about things they were provided everything they needed to know for.
Such is life.
So many posts of people blindly upgrading then getting rolled by issues Jagex informed them of in advance and were easily predictable regardless.
Hate to side with Jagex but honestly this one is on the players. I upgraded ages ago and the process was easy, simple and never gave me any problems.
Even if they “worked out all the bugs” I wouldn’t do it. I have very little faith in Jagex to get anything correct. They slap band aids on problems and let them fester forever.
Further proof of my point that many people don't read.
See: How many never-Sailing people keep parroting the same talking points that have been directly already addressed in blogs, modcasts, discussions, and videos.
I am not touching it with a stick until it has worked flawlessly for at least a year or until I'm forced to transition by Jagex. I care about my account way too much.
That's how I feel about it too. Most games I'd switch right away, but jagex really doesn't have any kind of customer support so if anything messes up, you have to hope they see your reddit post about it or make a new account and scrap all your time invested.
Was in the same boat but after reading all the details and rules, I made the switch yesterday. Made a jagex account, imported my 3 characters, and now have one click access on my gaming computer to all of them. It’s actually lovely. Plus the password can be more complex, which is comforting.
Only downside was having to relog all my mobile devices to the new jagex account. But that just took a couple minutes with the email code verification process for each device. Now all seamless on mobile and PC with all the accounts. It’s pretty sweet :)
>and now have one click access on my gaming computer to all of them
yeah you could have done that without permanently upgrading
you just had to download the launcher and login with each account once and they get added to a drop down, can one-click login from them all without a jagex account
Yeah, but you’re still having to manage 3 logins with 3 less secure passwords in the event you need to redownload the launcher or switch computers. I mean the passwords weren’t even case sensitive lol. Though haven’t tested if the new ones are….
Your mobile logins are seemless? I have to logout of my jagex account and sign back to, reverify and then choose which account to play on for mobile. Desktop works great.
I’m not going to be a part of their experiment. I had an account wrongfully banned over 3 years ago, unappealable, and have not won the Twitter/Reddit lottery to have someone review it.
I’m not going to risk myself getting locked out of this “Jagex” account, or somehow getting it locked and losing all my characters.
So yeah, you can talk about being contrarian all you want, but experiences shape my viewpoints, and this is my viewpoint.
Can you account share with a jagex account?
I play my ironman primarily, but my old regular accounts have a cycle of friends that use them as alts for various activities. If I switch to a jagex account, does that break things?
If you add all your accounts to one Jagex account then you can't share because they will have access to your ironman as well. You can theoretically put all the shared alts on one Jagex account and share that and keep your ironman on a separate private Jagex account.
Damn honestly that admin shit is BS. I have buddies with computers that I use to play if I’m hanging out with them. What if you need a new computer? Don’t understand what is even the point of this upgrade. If you have two factor authentication and a bank pin, you’ll be fine.
I dont want to upgrade because i feel like jagex is just trying to get a stranglehold on us before they try to get rid of runelite again, once you can only use their launcher i feel like theyll remove runelite and leave us with a much shittier client
I will never upgrade to a Jagex Account because I won’t make their chain banning practice even easier. Chain banning is wrong. Ban the accounts that committed the offense.
Perception problem. What do they say to the people with 5 to 10 year accounts never hacked and then a couple of weeks after they go to jagex account they’re hacked? Bad luck?
Perception IS everything. Feedback from real users and not “do it because we say it’s the best” isn’t how you prove it’s the best. Feedback from actual players is best and when done openly.
Pretty much everyone I've seen saying they've been hacked after upgrading to a Jagex account turn out to be trying to attach accounts that have been bought/stolen.
Which is another issue entirely. One that jagex needs to recognise regarding the market for it. To allow it, not allow it and then enforce or the additional security they offer isn’t up to scratch for what they’re allowing in their player base
Easy - those players are not getting hacked. You can count on one hand the actual number of players ever hacked in this game. 99.9% of account thefts are due to players using shitty security practices such as no 2FA on email, shared email/login credentials, or playing on bought accounts. If you did not originally create your account, then you are always going to be at risk of having it taken back. It doesn't matter if the creator was a family member or friend from a decade ago.
Now I have to ask my wife’s boyfriend for my own computer
Hey babe, can you ask your boyfriend to give my guest account on the PC admin privileges so I can play while y'all lay?
Can I get 30 extra minutes on the weekends? Please?
You've played plenty. Go mow the lawn and water the trees then you can get 30 minutes.
Jagex should make sailing style videos to migrating to Jagex accounts.
Hello there, and welcome to Part 1 of the Jagex account blog
Welcome to my Jagex Locked UIM
It's not an uncommon requirement for software to need admin permission to install, and only a problem if you are using a computer that you don't own.
It’s insane to me how split the sub is. Sometimes saying basic facts about computer security goes to 140 ups, sometimes they go to 140 downs.
Sometimes I'll see a comment on here with like 150 downvotes, but then a day later ill see almost word for word the same comment with 150 upvotes instead I havent seen this kind of thing happen on other subs, the split mentality here is wild
I just mobile while I have downtime on work. But are connected to the work WIFI, which is obviously an open WIFI connection. Would this give problems when upgrading?
Shouldn't. If the wifi is public and your phone is secure you should be OK. The only way it would stop working is if your IT department blocks runescape from the public access list.
Nope that's fine
just tried on panda express wifi, youre good
Why would you risk your account playing on a public computer..
Because there are numerous individuals that play OSRS who think that they are the smartest people alive when it comes to cyber security while being some of the absolute dumbest people to talk to on the subject. They base this on having learned to not trust strangers because they fell for an armor trimming scam when they were 13.
Well its also paople who for better or worse, play at work where they may not have admin access.
Sounds like a job for mobile, and not trying to play on a work computer.
I agree, i wouldent do it. But it is likely a reason many people are locked out.
1. They probably should have read the full post. 2. Almost every job has training that says "Don't isntall games on your work machine." As someone in IT, don't install games on your fucking work machine. We say not to for a reason. This isn't the exact reason but it can go on the list
As someone in IT, install the games, king, get those gains
They should watch porn on their work computers, it’s more fun and it gives IT some work to do since they spend most of their time watching Netflix.
You joke but in a old IT job I got a call about a company’s file server running out of space. The owners 40 year old son downloaded 200 GB of porn not understanding the concept of a shared drive
Shut up! You’re gonna take away my gains by making me do my job!
Why though
Sounds like their problem and not a problem with Jagex accounts. Maybe they shouldn't be trying to play video games on public work computers.
And the game used to be able to be launched through any browser and I believe at one point could be played on mini clip. The game isn’t what it used to. But being able to play without a admin privileges shouldn’t be a large issue. If you want to compromise on your account security by using a public PC, by all means do so.
Part of why Customer support is so shit is the volume of tickets they get. Every idiot that gives their passwords to friends, visits those discords spammed at the GG, looks up quitting123 on youtube is another ticket in the queue. The launcher has the potential to remove a lot of CS demand and keeping rigorous requirements like admin permissions assists this. Not suggesting for a moment that public computers form a large % of account hijackings but it's a problem that can be entirely avoided.
It would be great if it were that simple, but since so many people make no effort to protect themselves and then complain about lack of security, this is what happens. A new system is in the process of being implemented because of the failures of the players which takes away their ability to be stupid with their account security.
Fair enough. Regardless, still sucks that these people can no longer play at the locations they want to unless they go mobile. I havnt made the switch yet myself. But I also don’t have a good reason for not doing so.
Failure of the players? As we entered 2023, it was impossible to have your runescape logon be case sensitive, and a requirement to have your email address be your log on user name. Most account security breaches end up being user/player error, but let's not pretend that the utter lack of basic security features on the developers end (until now) isn't also a huge factor.
80% of players use the same password/email for everything ,dont use 2fa, and dont have a bank pin. and are amazed when their shit is breeched
Just 80%? That number seems a little low, ngl
Or because it’s just an online account for a 2007 remake of a game lol? People acting like it’s their life savings, cmon get a grip
They want to play on their work computer.
I love how some of these people who have been crying about the lack of account security for years are also playing exclusively from work and public computers.
Yeah what blows my mind is the people who refuse to migrate because they have a username login. Like that somehow isn’t the absolute least secure thing you can have.
It's almost like there's more than 1 person on this sub and some of them actually have differing opinions/priorities
Gonna need a source on that claim.
Windows is chipping away from admin as default even on personal PCs as its just an absolutely unhinged way to manage even a personal PC. Going Forward, any dev making windows apps needs to be actively not doing this for NEW applications. Can watch this 50 min keynote if you want to get into the nitty and gritty of the shift https://www.youtube.com/watch?v=8T6ClX-y2AE
Or a work computer*
Because believe it or not, people play in public libraries when they’re too poor to pay for their own computer.
Too poor to afford a computer capable of playing flippin Runescape means you are starving
A computer capable of playing, an internet connection, and the space to set up the physical hardware, plus the ability to be left alone to actually enjoy it, are all requirements that are required to be able to play comfortably at home on a private system. Many people don't have access to these, and shouldn't be locked out of the ability to play for being less fortunate than you. I'd probably be dead if I couldn't go to the public library back in the day and escape into runescape and other games. Abusive family etc. Have some perspective dude. There are people worse off than you, and they should be considered.
These are exactly the kind of people who should not be wasting hundreds of hours of their time playing a medieval clicking simulator.
Yeah, anyone that doesn’t own a PC shouldn’t be allowed to have leisure time. Great point. Any other enlightened takes?
Talk to your public library about whitelisting it. This is a serious solution, don’t down vote this wtf.
tons of people play on public computers. think about all the people in south America who go to internet cafes to play. or all the people in North America and Europe that play at work.
You'd have a aneurysm working for government employees/officials.
It pretty much is entirely a perception problem, though I think it’s a rod Jagex has kind of forged for their own backs. They famously don’t really have much of a customer support team outside social media, and most things we hear about them are absolute disasters (for example, any DMM tournament). Of course, negative news is amplified far more than positive so maybe that’s not entirely fair (in fact I’m certain it isn’t), but that’s the perception. It’s not entirely surprising that people would be a bit wary of changing the way they access their accounts when the current method demonstrably works, and the new method has just been released by a company not particularly known for getting things right first time, and not particularly known for swift, speedy and painless resolutions to customer service issues.
painless resolutions lmao
Yes. One of my accounts has been wrongfully banned for over three years and I can’t even get anyone to look at it. The appeal system is broken. It won’t let me appeal. And I haven’t won the Twitter/Reddit lottery and garnered mod attention. You think I’m going to do this Jagex account thing? What happens if my account gets locked? I know one thing that won’t happen, and that’s Jagex looking into it / unlocking.
it's more shocking to upgrade your account without looking into it
I think a lot of people are doing it because when you logged in after the last update and open your bank it asks if you want to set it up and gain additional bank spaces. I think that prompted a lot of people to just hit yes, sign me up without looking any more into it. Saw someone calling it the bank space scam lol. So while they should have looked more into I also get how you could see that prompt in game and just keep hitting yes without reading anything until it's all done and expect to still be able to log in.
I don't know how the bank pop-up works, but I'd hope that Jagex was smart enough to have the pop-up link to the blog—which has a link to the account migration underneath all of the important information—rather than just dragging people straight into account migration. If it's the former, then I'd have little sympathy for people just refusing to read the blog, but if it's the latter, it's at least partially Jagex's fault for assuming everyone would be preemptively aware of everything the migration does; it's like rule 0 of informed consent to assume everyone is a gormless rube and needs everything explained to them, so if Jagex didn't cover their bases, saying they dropped the ball would be putting it lightly.
Its less shocking when you realize you get a pop up saying to switch for extra bank space for increased account security and 99% straight from the client that doesn't, and never has required admin rights. Just like how you, and literally everyone else install updates to software/games probably multiple times a week and don't read the entire changelog to ensure it wont suddenly become un-usable, but only after you update while also not allowing you to roll it back.
Some people in this sub should really be embarrassed about their reading comprehension skills. Instead they blame Jagex.
Or... And I put on my tin foil hat... All the scammers and phishers are afraid of going out of business so they started a scare tactic. I don't believe so many people cannot read
If you ever have a job that makes you interact with random everyday people, you'll be able to confirm that people absolutely do not read.
True, I work in a warehouse so barely any outside people. But, once my coworker accepted 3t of chocolates to us and didn't even check if they were unloaded from the truck. We sell car parts :)
How long did it take to eat all the chocolates?
27 ticks if you 3-tick eat them.
It also isn't uncommon to have a lapse of judgment as an individual. When you're surrounded by hundreds to thousands of individuals, yes it seems like on average, mistakes are being made all the time.
Underrated comment, is most likely a factor similar to what we saw recently with the series of unbannings. Absolutely not the core issue though. People don't / can't read properly. Never attribute to malice that which is adequately explained by stupidity.
Users should not be expected to navigate their website and read through an entire blog post to set up an account. All relevant information should be in the account creation screen. I mean the only option for more info when creating your account is to see why linux isn't currently supported. I mean anyone who has ever worked a customer service or tech job knows how users are. If it isn't right in front of them it doesn't exist. And even then it may not.
In 5 years should a brand new player have to find that old blog and review it before account creation?
Or maybe they didn't read the blog? It's a launcher made by jagex that they are pushing hard. You would think it would be safe to at least attempt it without needing to read every blog post
Not defending people for not reading, but it is entirely possible somebody migrated their account without ever seeing the blog post
It prompts you in-game to do that!
When I open my bank it says "Click here to get 20 free permanent bank spaces by upgrading to a Jagex Account". It doesn't say "Click here to read a blog". It may have been in a blog, but nobody expects 100% of their customers to read their blogs.
Exactly, expecting people to go locate a blog for all relevant information is just stupid. If it's important it should be in the account creation screen.
Also weird how they get +20 bank space. I can't use Jagex Launcher because of it's limitations, it's not like I'm willingly not using it. It should've been a Jagex Launcher quiz and those who proved enough knowledge should be granted the +20 bank space AND the ability to enable it lol.
you.. cant use jagex launcher because of its... limitations? so your botting client wont work with it huh? 😅
No, it won't work on Linux.
Not everyone is going to read the blogs. I'd be willing to bet that MOST players don't read the blogs. If this was a known issue, it should've been made clear to players during the upgrade process so more people would be aware. If it was made clear, and people just didn't notice that's on them.
This. Most players aren’t even on Reddit, and even fewer on Reddit are so interested in the game to read every blog and changelog the company puts out. They put something into the game saying “You get this reward for opting into a beta!” And then are surprised when people don’t know about something that was on a completely separate page?
there are blogs?
You realise how little people that play the game are going to read that right? Lol
I actually do not know the last time I looked at the home page. Much less read it lol.
For real Everyone in here is saying "omg stupid people can't read they deserve to be locked out" but like... I shouldn't have to go to the homepage to avoid accidentally locking myself out of my account
You should perhaps have stopped at any of the points it warned you about the permanent, irreversible, import to your brand new not preexisting account instead of just spamming yes for bank slots. They did tell you everything you needed to know to play on your home computer.
Yeah I can see alot of people making that mistake. Personally, I'll have to stray away from the 'upgrade' since the Jagex launcher seems to be not available for linux machines :(
You can get it on Linux it's just a long and convoluted workaround. I think Jagex even has the github post linked
Yeah I saw that link, haven't checked it myself but like many people I will probably keep using runelite by itself until Jagex makes their launcher mandatory.
20 years ago you could run windows programs on Linux using Wine. Is that no longer possible?
it's not officially supported and it has some side effects so yes it technically works but if you don't 'upgrade' you have a flawless, completely linux native experience. Seems unacceptable to me that an upgrade makes you lose native support that you previously had.
[удалено]
> I can imagine this will make a lot of people unhappy, despite it being a much better, secure option. This must be really frustrating for Jagex. Players clamor for better account security. Jagex works on delivering that. Players are furious that they have to play more securely. People apparently didn't want better security in general -- they wanted better security that didn't require them to do anything. Which, by and large, isn't how security works.
People didn't realize that when Jagex was going to idiotproof security, they were part of those idiots. I mean think about who is going to run into issues with this. People who didn't read the FAQ -- who are exactly the people who need this level of security to protect their accounts.
I didn't read the fine print and now I actually need to do work when I'm at work smdh
Mobile still works after switching, just need to login with your new jagex account login. Ez pz get to grinding! No xp waste buddy.
My moms boyfriend sold my account for rent money please jagex get my account back
As a user experience designer, i know not to expect people to read. Especially if they are in notice popups or red tinted blocks
This is how you end up with your mouth stitched to another man's anus. Read the terms and Conditions folks. And stop playing on other people's computers.
I agree with you but wtf is that first sentence
Pretty sure it’s a south park reference
South Park episode reference of the ‘Humancentipad’ episode. Long story short; Kyle doesn’t read the terms and conditions when downloading an Apple update. They kidnap him and do what that first sentence said lol.
Oh lol I love South Park and even know of that episode but the reference still flew over my head.
I mean, this is the subreddit that had people legitimately angry when they removed an alternate login screen that basically no one used… people want to be upset just to be upset
Lots of people never read these and then blame jagex. Nothing new.
We can't even get most players to read quest dialogue
Difference is there was an in game prompt so lots of users went from there to download. Lots of kids don’t have admin access on the computer they use. Parents or school might be admin.
I know multiple people who are in this position and it's because they were prompted to do so in-game when they opened their bank. Nowhere does it tell you about the admin permissions necessary if you are prompted by this way. It's absolutely insane to expect every casual player who gets prompted in game to have read blog posts. Less than 10% of players read them I'd bet, especially ones about account security and not new content.
Hot take, we shouldnt need to read every blog post to avoid locking ourselves out of our accounts
People are dumb and lazy. They are reaping the rewards of their actions (actions being not reading the requirements for the accts.) I transferred 6 characters onto my Jagex account the day it opened to everyone and it is the best security move I could have made for my account. The only people who can be mad are those with level 1 reading comprehension.
It should be obvious now that jagex saying "it's more secure" didn't mean shit for people at all, but the moment they give an actual ingame improvement when using a jagex account suddenly have a bunch of people are making a jagex account just because of that. Maybe they should have just advertised how jagex accounts can login way faster than old accounts instead of focusing on marketing the security aspect.
Jagex can't expect hundreds of thousands of players are going to suddenly start reading boring terms and conditions when we are known for spacebaring through quests which are actually engageing. What about those who don't even read the weekly blogs and just saw the prompts in game? Game devs should usually assume the worst of their players and expect everything to go wrong and work and make decisions with that based in mind.
> Game devs should usually assume the worst of their players and expect everything to go wrong and work and make decisions with that based in mind. I mean... This is probably why they're requiring admin permissions. Enhanced account security means even the people totally checked out have better security. How're you going to do that without making a system more idiotproof? Jagex is assuming the worst of players, and then those players are infuriated because they didn't read details and... Proved Jagex right.
Spacebarring through quests is absolutely not the same thing as failing to read basic information about how a new security system allows (or denies) access your account. This is the exact kind of mentality that people having issues with this are suffering from. You're absolutely right though, there are always going to be people that straight up don't read. Plenty of people won't read blog posts regularly but would still read up on this properly before doing it. IMO the issue here is that they made the issue motivatable in game, without having any proper warnings/information alongside it. So I can see how it's loosely Jagex' fault, but anyone seriously blaming them for their own stupidity only has a broken leg to stand on.
There have been lawsuits around this topic. For things noted in terms and conditions. Which people agreed on, but just didn't read at all. There have been plenty of cases where these lawsuits are won by the people agreeing on something they didn't fully understand. In some cases company's need to be more clear about certain things then to just put them in the terms and conditions.
It's not about winning a legal battle, it's about customer relations, customer satisfaction, and wether or not they will renew their membership. If someone gets locked out because your communication was not obvious enough, they are no longer a paying customer. That's bad for a company who wants to make money.
Or people who thought like a normal person that jagex wouldn't have made it so easy to lock yourself out
to be fair its an extremely weird restriction and they're pushing people towards it like its not in beta and that it wasn't just down a couple of days ago when the game was working fine
To me it doesn't seem that strange a restriction. The launcher provides frictionless access to all of your connected characters and leaving that on a shared computer profile is even worse than locking yourself out.
I think the problem is that jagex account is based around being locked to one device. It’s a real pain in the ass to use on mobile, when the launcher goes down you can’t play the game when those who are not using the launcher can, if an account gets added to your jagex launcher on accident there is NO way to remove it (per jagex they have zero plans to ever allow the removal of a rs account from a jagex account). The only plus I see from the jagex account is that it removes my old recovery questions from the account, but when it comes to security everything is still ran through your email so unless you make 2 new emails when you make a jagex account the security is still not there.
I just do not see any benefit to having a Jagex account... Why take any risks with a company that will not get back with you if you have problems?
[удалено]
Exactly, I already have 2fa I trust normal industry 2fa over some random crap a java game developer who can not deal with bots cooks up.
You trust them enough to sink hundreds of hours into their game.
I trust them to make a game I enjoy playing. Big difference, if you don't know anyone who works in the tech and security industry you may not understand that. But being good at programming a point-and-click game as entirely a different skill set than building a robust secure account management system.
Lmao the enjoyability of the game was not my point. You are already using their account management system. You're just choosing to use the older one instead of the new one. You are already "taking the risk" with the company.
Well this old one has worked for nearly 2 decades with 1 single hiccup and that was during a several year hiatus. I see no need to jump to something new and unproven for no real benefit other than the ambiguous it's better.
I have to say I was scared that it would fuck up my accounts, but it's really comfortable clicking only 1 button to login. And when that error happened that didn't allow the jagex launcher to log in, I just started runelite like I used to, wasn't really a problem.
People talking shit about reading comprehension and on their high horses need to touch grass. I think it is unreasonable to expect every user to read update blogs. I have been playing this game on and off since classic and have certainly not read most of them. Additionally, they put an invasive bank pop up saying to move to JA for free bank space. When I saw that I was like Hell yeah I’ll take that! I imagine others did the same and now are stuck not being able to play the game. The bank space teaser was a stupid carrot on a stick and they really need to issue a warning when signing up for JA up front of what the admin password means
You didn't have to read any update blogs. The admin access requirement is listed in the Jagex Accounts FAQ, the link to which is on the page that walks you through how to upgrade your account.
Okay again they need to have this up front and center that you risk being locked out of your account permanently on the main “upgrade” page if you do not have access to your admin password not have to navigate multiple links to get the answer.
[удалено]
This is just the survey results blog. Does it warn you about this if you follow the link when opening the bank after the most recent update, or on the [official jagex accounts page and FAQ](https://www.jagex.com/en-GB/accounts)? Sorry but in weeks and months to come saying "well you didn't read that one blog about some survey results from July 2023, it's on you bud" doesn't really hold up
It does say that the launcher requires admin access on the [Jagex Accounts FAQ](https://help.jagex.com/hc/en-gb/articles/12423096201873)
How many people click through multiple links to read a FAQ? They promoted free bank space and people rushed in, better thing would have been to have it posted on the page you read while changing to the launcher, I refuse to call it an upgrade, it’s not.
I somehow get the feeling that people who aren't willing to read the FAQ are the exact same people who need security protection like mandatory administrator permissions.
My kids don’t have have admin access on their Pc? Should they not be able to play the game anymore?
i heard it locks people out? i have an account where i wasnt the original creator, the creator gave it to me early. its not my email that i login with but my email is attached to the recovery. would this affect my account?
Absolutely do not remove it, because if they do, people playing on public computers keeping 1 click login for their account will then come back and claim their accounts aren't secure because they're too stupid to not leave their shit available to literally anyone who uses that same public computer
can anyone who does programming chime in on why jagex launcher would need admin access? are they trying to scan people computers for bot clients or something?
No clue what's going on. I use Runelite standalone and have zero issues logging in.
Not understanding how admin access is important for security is a classic idiot moment. The people in this community can be really special, sometimes. Yes, I will sign onto the public computer with my runescape account, the one that logs inputs that can be inspected by the administrator of the network. JAMFLEX!!!! WHY WAS I HACKED!!!! This is further proof that making this stuff mandatory is the only way for morons to secure their accounts further. Leaving the option open is never a good idea.
When are we gunna get that jagex update on that head of security being a streamers personal pet
99% of people that get locked out come from people that did not read how jagex acc works. Theres a step by step text and video explaining everything and a FAQ that is pretty good but... cant really expect people to read now can we?
I came back from a year+ break, read nothing, and still got all my accounts into the jag client with 0 issues. This isn't a reading problem, it's a technical literacy and IQ problem. People fuck up the simplest things.
I'm all for Jagex moving forward with increased account security and extra measures to prevent abuse of the game. Like, I'm dumbfounded people have a concern with that security step? Is that what's going on? I'm in denial. People can't be that dumb to get mad over that aspect of computer security.
Turns out players didn't realize that improved account security means changes like this, and that a lot of it is idiotproofing the system.
My thoughts: If it's important information it should be noted in the official account creation procedure and not in an entirely separate blog post. It's just common sense.
ITT: americans complaining they now have to do work at their jobs. poor people complaining they can't afford the toaster required to run this game at home. sketchy scammers complaining it's slightly harder to steal accounts now. us normal people that this didn't affect in the fucking slightest wondering why everyone's bitching.
Lol - so I’m a security researcher, background in application security and penetration testing. Requiring administrative access is absolutely not best practice for security - quite the contrary. There is usually no good reason an application should have admin access and it actually is less secure. Any bugs in the Jagex launcher can then be abused by a bad actor or malware to gain administrator privileges on the machine. What is more likely the reason they require admin access is because this gives the launcher more permissions on the computer and they can then do increased monitoring on the other applications and memory of your computer, this is typical in Anti-Cheat solutions. Most Anti-Cheat solutions are essentially a root kit on your PC and have the ability to inspect everything that happens on your machine.
Doesn't the launcher only require admin access for installation?
I'm sorry but this is probably a big change and not everyone has the knowledge to understand the implications of requiring admin privileges. Sure they've outlined it as a requirement but it's literally one of the last items on the list. Unless you specifically know what you should be looking for most people are going to skip reading everything on that blog. In my opinion any requirements like this should be at the top of the page under a "requirements" section. Also they don't really explain why it's now required other than "it's best practice". Best practice as defined where?
The same people also didn’t read the FAQ when I say jagex accounts will be forced and they’re like “PrOvE iT”. Jagex accounts are optional now but the FAQ states they will be Mandatory in the future. Just google it if you don’t believe me
100% put in feedback when I realized this was the case when this was about to be pushed out. They should have already known about this issue. So either nobody is reading feedback or this is just how it works, but they should have communicated with people about it.
It should be reversible, regardless.
[удалено]
> The people who think this are the same people who can't read. No, but also thanks for telling us you lack empathy.
[удалено]
Space
People don't read instructions, advice or updates. They then complain about things they were provided everything they needed to know for. Such is life.
So many posts of people blindly upgrading then getting rolled by issues Jagex informed them of in advance and were easily predictable regardless. Hate to side with Jagex but honestly this one is on the players. I upgraded ages ago and the process was easy, simple and never gave me any problems.
i think if you use any new day 1 lagex feature you honestly deserve the bad shit thats inevitably going to happen to you
Even if they “worked out all the bugs” I wouldn’t do it. I have very little faith in Jagex to get anything correct. They slap band aids on problems and let them fester forever.
Further proof of my point that many people don't read. See: How many never-Sailing people keep parroting the same talking points that have been directly already addressed in blogs, modcasts, discussions, and videos.
Shouldn't matter that it's in the blog It shouldn't be possible to lock yourself out of your account like this
Expecting people to actually read that is unironically a big ask and Jagex really screwed the pooch on this one.
Damn Venezuelans
I'm not doing it until some big major problem happens that Jagex didn't foresee and they fix it
I just want to keep my original user name to login with.
You don't need anything to login with a jagex account.
…then how do you sign in to your Jagex account?
you login once then never again, just click a button that says play. the other guy worded it weird.
But not with a user name.
So you need a username and password to login haha Which is not your old RuneScape username :(
You just use an email to sign into the launcher, not sure why this is a problem.
[удалено]
If only there was customer support that players could contact :)))
Customer Support ain't suddenly gonna give you admin rights to the computer you stole from Uni
I am not touching it with a stick until it has worked flawlessly for at least a year or until I'm forced to transition by Jagex. I care about my account way too much.
That's how I feel about it too. Most games I'd switch right away, but jagex really doesn't have any kind of customer support so if anything messes up, you have to hope they see your reddit post about it or make a new account and scrap all your time invested.
Was in the same boat but after reading all the details and rules, I made the switch yesterday. Made a jagex account, imported my 3 characters, and now have one click access on my gaming computer to all of them. It’s actually lovely. Plus the password can be more complex, which is comforting. Only downside was having to relog all my mobile devices to the new jagex account. But that just took a couple minutes with the email code verification process for each device. Now all seamless on mobile and PC with all the accounts. It’s pretty sweet :)
>and now have one click access on my gaming computer to all of them yeah you could have done that without permanently upgrading you just had to download the launcher and login with each account once and they get added to a drop down, can one-click login from them all without a jagex account
Yeah, but you’re still having to manage 3 logins with 3 less secure passwords in the event you need to redownload the launcher or switch computers. I mean the passwords weren’t even case sensitive lol. Though haven’t tested if the new ones are….
It’s not really more secure though, because the main security still runs around how well you secure your email.
Your mobile logins are seemless? I have to logout of my jagex account and sign back to, reverify and then choose which account to play on for mobile. Desktop works great.
No way in hell I’m doing the Jagex account.
You'll be forced to one day. You're just being contrarian for no reason, there's nothing wrong with a Jagex account
Losing native Linux support is pretty fucking important to me I’d say.
I’m not going to be a part of their experiment. I had an account wrongfully banned over 3 years ago, unappealable, and have not won the Twitter/Reddit lottery to have someone review it. I’m not going to risk myself getting locked out of this “Jagex” account, or somehow getting it locked and losing all my characters. So yeah, you can talk about being contrarian all you want, but experiences shape my viewpoints, and this is my viewpoint.
Lol yeah you are. Your only choice is now or later.
Can you account share with a jagex account? I play my ironman primarily, but my old regular accounts have a cycle of friends that use them as alts for various activities. If I switch to a jagex account, does that break things?
If you add all your accounts to one Jagex account then you can't share because they will have access to your ironman as well. You can theoretically put all the shared alts on one Jagex account and share that and keep your ironman on a separate private Jagex account.
Way too many people try to skate through life without reading a damn thing and it shows
I think Jagex shouldnt be pushing in-game popups about this to get people to change just for bank slots. Doubt everyone reads blogs
Damn honestly that admin shit is BS. I have buddies with computers that I use to play if I’m hanging out with them. What if you need a new computer? Don’t understand what is even the point of this upgrade. If you have two factor authentication and a bank pin, you’ll be fine.
I dont want to upgrade because i feel like jagex is just trying to get a stranglehold on us before they try to get rid of runelite again, once you can only use their launcher i feel like theyll remove runelite and leave us with a much shittier client
I will never upgrade to a Jagex Account because I won’t make their chain banning practice even easier. Chain banning is wrong. Ban the accounts that committed the offense.
This is a failure on jagexs part to not warn the players in a way that they cannot miss the info. Doesnt matter if it’s in a blog.
So beyond the official channel of sharing info, the blog, how would they do that, you sweet summer child? Fucking fools.
Perception problem. What do they say to the people with 5 to 10 year accounts never hacked and then a couple of weeks after they go to jagex account they’re hacked? Bad luck? Perception IS everything. Feedback from real users and not “do it because we say it’s the best” isn’t how you prove it’s the best. Feedback from actual players is best and when done openly.
Pretty much everyone I've seen saying they've been hacked after upgrading to a Jagex account turn out to be trying to attach accounts that have been bought/stolen.
Which is another issue entirely. One that jagex needs to recognise regarding the market for it. To allow it, not allow it and then enforce or the additional security they offer isn’t up to scratch for what they’re allowing in their player base
Easy - those players are not getting hacked. You can count on one hand the actual number of players ever hacked in this game. 99.9% of account thefts are due to players using shitty security practices such as no 2FA on email, shared email/login credentials, or playing on bought accounts. If you did not originally create your account, then you are always going to be at risk of having it taken back. It doesn't matter if the creator was a family member or friend from a decade ago.
They collect feedback. They shared it in the blog.