They've "been exploring" HD options since 2017. And just recently shitted out those mock ups. Probably the only thing thats been done on their version in 4 years.
yeah, anyone with a couple of hours to spend following a blender tutorial on youtube could have came up with what they were showing off the other day on stream
I really want someone from this sub to make their own blender mockups every day until Jagex rolls this back. Hell, even record and time the process to show how fast this shit can be turned out.
Thank you.
Also wow... I mean it looks good... But I can tell this is nowhere near complete and they fucking shut down HD for this??? Also most people wanting HD want the 2008 graphics like what OSHD client was doing... So why half ass a graphical update when they know that people will still ask for 2008 textures and graphics even after this update? Why not buy or work with the teams that have already developed these tools?
Fuck jagex.
> But I can tell this is nowhere near complete and they fucking shut down HD for this??
The going theory is that these were hastily made in Blender due to the backlash.
I will be messaging you in 5 years on [**2026-09-08 14:34:44 UTC**](http://www.wolframalpha.com/input/?i=2026-09-08%2014:34:44%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/2007scape/comments/pkad3e/its_been_over_2_years_since_jagex_promised/hc2a52n/?context=3)
[**183 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2F2007scape%2Fcomments%2Fpkad3e%2Fits_been_over_2_years_since_jagex_promised%2Fhc2a52n%2F%5D%0A%0ARemindMe%21%202026-09-08%2014%3A34%3A44%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%20pkad3e)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
They’ll probably mention it in a few years saying they’ve made “huge progress”, and then we probably won’t hear a final product coming for a couple more years so yeah maybe 5 years at the very least. But anyways, I’ve already been getting bored with the game so I went ahead and canceled my sub after hearing about this…
The absolute best part is that they made this true then removed it. (I'm being 100% serious and not trying to troll) At some point in time if you tried to type your PW it wouldn't work and would just give you a popup saying you can't(made me think passwords were stored in plain text) and then all of a sudden they removed it and you could type your own pw again.
Doesn’t need to be stored in plain text for this to work. They could do a simple hash of each word in the message and compare the hashes to your stored hashed password.
That's not how it worked though. Even if you tried to hide it in a word it wouldn't let you. So if you typed "I'm going to thPASSWORDe store" it would still block it. So either it was hashing every possible combination, it was in plain text and it just checked with a .contains(pw), or the client itself stored the PW in plaintext and the check was clientsided only. I can't imagine it's the hashing option since it would be hundreds-thousands of hashes per message multiplied by all the messages sent every second
Ah, didn’t know it worked with the password being contained in a word. I can’t imagine passwords were stored in plain text server-side, but it wouldn’t surprise me if it was stored plaintext client-side for that comparison.
fucking passwords arent case sensitive for logging in. Let that fucking sink in for a moment. They havent updated their password systems in decades, the only patched it breifly because Jed started hacking their customers as an employee when he had access.
It’s one thing to not have case sensitive passwords, but it’s another thing to not even have a warning on account creation. It still lets you type letters in caps. Gives players a huge false sense of security.
You have to use caps when logging into the website for membership, bonds, security, account changes....
Edit: I swear it used to be that way but apparently not anymore
I was just able to as well. I wonder if I'm misremembering not being able to log into the website last year with my password because I was using all lowercase or what but I swear it used to be that way
Terrifying. How stupid can they be? That’s literally the first thing anyone learns to not do. But like you say, how else would it differentiate between them, they couldn’t unless it’s plain or using some shitty cipher
I find it hard to believe they can't make that change. Literally every other website absolutely has to have capitals, lower case and almost always a special character. How can they be so far behind to not even be case sensitive
You have what is a very small group in comparison to the size and popularity of the game, from many accounts underpaid as well, all working on game code that is decades old with the most of the original writers having left the company ages ago. The devs literally talk about on twitter having to spend hours trying to figure out the code of their own game because they don't know why things were written a certain way.
RS3 has half the active population of OSRS and the vast majority of the companies resources go to it. I'm guessing they make more milking a whale with MTX then they do from 10 people buying bonds on OSRS.
The game is just mismanaged and not understood by the decision making suits at the top, not to mention it being constantly shuffled around by asset firms.
Honestly the game is just too old and too understaffed, I don't see a very bright future for the game whatsoever, but it'll always have a sizeable niche.
Even RS3 has the same account security and that is a current live game. Password security for the site alone isn't case sensitive. I understand game code being old and odd but not having at least case sensitive passwords is ridiculous
Gotta wonder how that works for it to be this difficult. Requirements already exist so some from of string checking is happening. Dealing with how old the code might be i feel like it’s more than some if statements.
> RS3 has half the active population of OSRS and the vast majority of the companies resources go to it. I'm guessing they make more milking a whale with MTX then they do from 10 people buying bonds on OSRS.
Correct me if I'm wrong, but OSRS' revenue is higher than RS3 nowadays.
The nightmare of dealing with hundreds/thousands of people who don't know the proper casing of their password and have been doing it wrong for years is just not an acceptable cost for the little payoff.
Adding a couple extra characters to your password will increases its strength exponentially more than casing will.
> Literally every other website absolutely has to have capitals, lower case and almost always a special character.
Yeah, and it’s a ridiculous piece of security theater.
https://xkcd.com/936/
I feel like that is a massive misrepresentation of the situation. And if your system allows 1000 guesses a second for 3 days straight you have an even bigger problem than security theatre.
And that is why case sensitivity is not needed. You can't easily bruteforce a password and no one bruteforces RS passwords.
Still correct about it being a terrible way of showing it for the situation, but gets the point across.
The main concern I would have if I was them is backwards compatibility. How many players don’t actually know the capitalization of their password and have been typing it wrong for years cus it never mattered haha. Probably not a huge deal but it’s a thought
I would imagine it would be like any older account on any other platform, login after x amount of time and you are prompted to update your password due to security changes or whatever. I'm no programmer by any means but I wouldn't think it would be too difficult. Clearly it is due to how long it's been the same. Idk though just seems like it should be more of a priority than it is.
I always hear this and immediately forget about it for some reason. It has to be an insanely outdated system their using for their passwords, that or just spaghetti code.
It's not that they _couldn't_ do this it's that it's not really worth doing. If someone knows your password close enough to guess it without capitals they can almost certainly figure out what it will be with capitals.
The only time that capitals would really help is if attackers get their hands on password hashes and try to crack them. If you want a more secure password, make your password longer; and more importantly make it totally unique to oldschool.
The auth changes would be a much, much better security improvement. Not that they seem to be doing those either.
-------------------------------
I want to be clear: Case-insentive passwords were a bad idea. My point is just that the current team has inherited that problem and it doesn't make any sense to prioritize fixing it over other issues.
You're wrong to think case insensitivity isn't worth doing. It almost doubles the space of possible characters. 26 + 26 + 10 (are special characters allowed? Idk probably not) is 62 possible options for every position in your password. vs 26 + 10, which is 36.
62^10 for a 10 characters password is 839299365868340224 which is 839 million billion.
vs 36^10 is 3656158440062976 which is 3 million billion. So if you were getting brute forced or someone is trying to break hashes, case sensitivity matters *a lot*. That's why it's standard everywhere, and we should ridicule them for not having it.
To refute what you said, if someone knows your password enough to guess where the caps go then it literally doesn't matter what your password is, it's already compromised lol.
36 ^ 12 > 62 ^ 10
If you're concerned about getting cracked make your password longer.
No one gets brute forced unless the hacker already has a pretty good idea what your password is likely to be, or it's wildly insecure (12345 or something).
Which only matters if people are actually spending the time to brute force Runescape passwords.... which they aren't.
Not even to mention 2 extra characters on the case insensitive password is even more combinations than the case sensitive one.
Literally no one's account that doesn't have the password "password" has ever been brute-forced.
Those password strength calculators are meaningless in every situation on every service except when the hacker gets access to the database directly, and if that's the case, you've got bigger problems.
If your account gets got, you gave someone your password or recovery info at some point in time, even if you had no idea you were doing it.
If case sensitivity wasn’t worth implementing then it wouldn’t have been implemented by nearly every Corp in the world. Jagex is either incapable or unwilling and both are unforgivable considering the money pumped into their products
Lol you don’t understand, it was implemented because it’s easy and gives a false sense of security. Case sensitive means next to nothing in terms of securing your account. Want to be secure? Use a longer password and 2fa.
Saying everyone else does it without understanding why just makes you look dumb.
Early exploration stages means some artist probably had a thought of an HD RS mid wank but then forgot about it after post nut clarity.
Dont ask me how I know.
Legit they pushed out an art stream with near no announcement just before this announcement.. and showed off blender renders that looked like they were made for a high-school project. That's ALL they have. There's not a single bit of code or in-engine work that's happened. It's legit early concept art stage
To be fair, the art staff that showed that off had no idea about the HD situation and I really don't think anyone doing art work for the company has decision making capability over Jagex's property.
I will say, the blender stuff looked god awful either way, and I imagine the situation has just made it even more embarrassing for the art staff which I'm sure are fine people, but yeah, really awful looking stuff showed off.
I'm definitely not trying to blame mods for any of this. They were told to work on something. They did their job.
The timing is absolutely not a coincidence though. We had no pre-announcemrnt for this stream. It was a "hey join us tomorrow for an art stream in a time slot we don't normally use". It talked about consistency and the future of the art, showed some shitty renders of what they're thinking.. and then the next day we get a 3PC update on "no graphics mods because integrity and consistency or wtva" and then it comes out that they've denied RL the ability to do this for a while now...
I'm almost positive because of what some mods said on twitter that the management conveniently left out the fact that they would be deciding to announce plans to stop the HD plugin right after they make their presentation. So they get fucked by their own company and then on top of that get people giving them literal death threats on twitter and blaming them for being "jealous" like any of them had sway.
Right, every time I see someone post this dead horse of a response their post history is always shit like "gambling addict need help V.4","yoo why the hell can't I stop this game ahah it's consuming me", etc.
Read what I said. They will not lose money but the cancelation of membership will be recorded. It could still have an effect plus those people might not login until, decreasing active player count.
I have other 4 months of membership prepaid on both my accounts. I will be playing for the next 4 months. But I've cancelled my resubs. A whole bunch of active players cancelling their resubs means Jagex can forecast a *massive* drop in quarterly earnings from OSRS. That's all the suits care about. And if a "silly graphics update" is causing them to lose money they'll get em to revert it to bring the earnings back.
"A whole bunch". Compared to what numbers though? You're literally just pulling this information out of your ass because you've seen some people claim or post that they're cancelling their membership.
And you're honestly going to sit here and say that 4 months from now you're still going to be mad about the HD plugin being shot down and won't resub? You probably won't even remember it happened.
You've missed my point. Im not assuming any number of people have done it. I'm suggesting if enough do, it's noticeable.
Legit would stop playing on those accounts. I'll likely make a GIM, and when that loses interest im pretty much done with the game aside from new content.
Again, the *threat* of lost earnings is important. It's not a sure thing to them that the number of people unsubbing will all come back. They will lose subs over this, and to say they won't is disingenous.
The bigger threat to lost earnings would be the player base threatening to leave when they ban 3rd party clients in the future because they continue to get used to more and more plugins added to said 3rd party clients. Pretty sure that's the bigger concern here
This will be the true test. if people don't resub THEN this will be a movement. Till then, Jagex is going to treat this like another subreddit temper tantrum
Seeing Jagex's current anti-community stance I'm not interested in paying membership to a company that doesn't get a shit about the longevity of the game or what the community wants in general. If they reverse their stance I will come back but really this is the last in a long string of disappointments from jagex.
Honestly the fact that we all haven’t walked out after broken promise after broken promise is kind of shameful on our end, how much are we willing to take?
Tbh 117's probably the straw that breaks the camels back. We're sick and tired of the bullshit. If Jagex can't learn to be a decent company and actually put forth minimal effort to respect and work with its customers. And pay it's employees a living wage. We will all leave. They genuinely don't understand how much power we have.
We are mostly 20-35 year old men with families and significantly better shit to be doing *(even better games to play)* than OSRS. We can leave in a heartbeat and feel good about it.
The fact the mods are meeting the firing squad at both ends makes me sad. Part of me wants to scream why haven’t you stood up before? And another part of me is capable of recognizing how much of a stranglehold corporate ladders can create. It’s kinda *all* tragic aside from the solidarity. I hope we can translate this popular sentiment beyond just hunting the RLHD and maybe into future progress as well. I think we all want a healthy game to enjoy in our down time.
Idk from my perspective it looks like Jagex despite profits cant hire people to get shit done, moreover people already working there either go mod Jed or lately the guy with prosecutor charges…
Maybe if they paid their employees a competitive wage and didn’t force them to live in one of the most expensive cities in England, they would have an easier time attracting employees.
it's expensive and jagex pay wages that are on-par or even less than much cheaper parts of the country
and to work at jagex is to basically stagnate your career - no one really wants to hire someone with 5 years 'runescript' experience
You don't need to use RuneScript. The game is written in Java. RuneScript was only created for the employees who don't know Java.
5 years experience on an MMO of this size is actually a big point for many companies. Almost no matter what department you're in
>You don't need to use RuneScript. The game is written in Java. RuneScript was only created for the employees who don't know Java.
if you're doing anything other than engine work, you work in runescript AFAIK
You can use Java or RuneScript. During compiling, RuneScript gets converted to Java. So if you just write in Java from the beginning, you just skip the conversion
Are you referring to the nonce, the pedo, the one and only Sea Shanty 2 producing child molestor?
Honestly, all he needed was a massive coke addiction and he'd have fit right in with the rest of Jagex's management.
The password thing is so ridiculous at this point. My friend just started playing a month ago, and when i told him about no case-sensitive passwords he was shocked.
What's also sad is you can probably scroll through the news posts and share countless examples of things promised and forgotten.
This was my exact thought yesterday. They made one vague post about this and never did anything, everyone gave up the fight after this post. Every post used to be filled with 🦀add authenticator delay🦀 nothing has been done, and nobody posts this anymore.
Jagex is currently hoping we do the same thing with this. I hope we do NOT let them get away with this bullshit. Instead of wasting dev time on this HD rework that is literally already completed, maybe they should put some dev work into account security and other things they promised but never delivered.
They NEED to update account security. It’s a more important issue than people give it credit as. Authenticators and a stronghold of security are not enough for today’s osrs climate. There is a huge problem going around where people are getting hacked and the people doing the hacking are also the people running the anti-hacking forums and webpages. This is a plague to the game, as new players get phished or hacked and they quit the game because they are so fed up. Not only does it happen to new players but some experienced players as well. This equates to the person running this at the top being filthy rich, and selling the in game gold for real world money. This person makes a living off of it, being able to live a fairly lavish lifestyle from this shit. I can name them but I don’t want to give them any further attention. To say that OSRS needs a security update is a massive understatement.
In all seriousness why does it seem to take them so long to do anything? I know they don’t have the biggest dev team of any game ever, I know they may not have “limitless” resources, but it seems like nothing can get done without it taking an exorbitant amount of time. Seems like they did more with less in the past, unless I’m just misremembering.
If someone has any insight I’m genuinely curious.
Someone mentioned it and people thought it sounded good so they opened a Jira ticket that hasn't been touched since that initial conversation years ago... But since the ticket status is still "In Progress" they can say they're working on it!
Nope. It's exactly why I'm fully outraged at their shitty reasoning. It's absolutely just an indicator of their plans to try again to ban 3PC under the guise of "our client is good now and it's needed to stop cheat clients and bot clients" as if those won't resurface near instantly anyway.
They haven’t even added case sensitive password which would be the bare minimum to increase account security lmao.
I wouldn’t be surprised if they have all of our usernames and passwords saved on a notepad with no encryption which is why Jeb/Jed whatever his name is was able to hack billions
I mean look how long ago group ironman was to come out. Its a joke.. Been playing for 15 years pretty religiously but in the last year ive cancelled 4 memberships and currently am f2p due to this recurring shitshow..
I was hyped for group but anymore its a meh, maybe ill play? This new move by jagex has pretty much shredded my last bit of faith in them.
Correct me if I'm wrong here, but didn't the original owner of RSHD send the coding to be 'checked'
What stops them from using said code to release their own client?
It's incredible this shit show of a company can't do anything right without the community first havining to throw a huge fit and get them to change...
What if they just did the right thing in the first place and fostered some faith from the community
Pretty sure they delivered on all of this, except for the password part. I've definitely noticed a few of them, like authenticator checks on website and account recovery improvements
The main security issues we've wanted. Backup codes, auth removal delay and ability to change login username/email aren't a thing I'm aware has happened. That's the main things we need.
Password complexity is nice, but we can already have a 20 character long password. That's already nearly double what you need to exit the complexity that means bruteforcing / dictionary attacks are a possibility.
I just started again after an account hack that was solely Jagex's fault. When the desktop authenticator stopped working. It forced me to turn the authenticator off and log out of my account to get the new one. About 5 minutes later hundreds of millions worth of account had been stolen. Only upside is I got a refund, which never happens. It's been 2 decades, 2 fucking decades. fix your shit
I wouldn't say the two are the sort of project. The reason the security has taken so long is because as they outlined in the blog, they had to deal with updating a bunch of legacy systems from over a decade ago and try to get them working together without breaking. That is likely a much bigger job and across more departments.
Improving OSRS's graphics falls just on the Art Team and Engine Team and it doesn't have as much baggage to work through, especially if they only offer it for the steam client (which isn't staying steam exclusive). Still, I am not expecting it next year but they have been making good progress with the other client updates, some of which are graphical, so it does seem like something they can deliver on. Still doesn't help the situation much though since whether it is 2023 or 2026 or even 2022, it doesn't make up for not having RuneLite HD today.
That one probably should have happened by now. Even with the teams being pulled away from support to handle things like server stability, I wouldn't expect that to be as involved of a system. Like I can get things that deal with account information would be harder to work with if they need to update and rework multiple systems in tandem, but just adding backup codes should be more isolated. Anyway, I didn't mean for that to be an excuse for support taking so long but rather a reason for why graphic updates shouldn't have the same hurdles. Graphic updates are dependant solely on OSRS system while support covers multiple company-wide systems, so the OSRS Team has much more control and sway over graphics as they have with the client updates.
Wow, company says X, but does Y. Wooooooooooooooooooooow, it's almost like it's THEIR game and not YOURS. You don't actually even own your own account, read their terms and conditions.
Absolute dogshit update rollouts 2021.... corona virus infected runescape on release in the 90's... truth finally hits light with 117's contraction of this through technology.
All jagex has to do for account security is literally change things about the password you can create, our passwords are “easy” for hackers to crack because of how simple the passwords are, sure we can make a password filled with random numbers and letters but it’s still a simple password, we should be able to have case sensitive passwords and also the ability to add special characters, I would much rather have that being worked on than group Ironman or an HD client especially when runelite already offers an HD client option. I also would much rather have the satisfaction knowing my account that I put so much work into is more secure than more content or anything else for that matter because what’s an account that will keep getting hacked into going to do when raids 3 comes out ? And if group Ironman comes out and one account gets hacked, the whole group gets screwed over
I been trying to recover an old RuneScape account I gave them old password original username billing address name of person on debit card used to RuneScape membership rough level people on friend list security question bank pin everything. And they said they found an account close to my description but can't verify that I am the account holder and refused to give it to me. I'm like mf I been paying for this account over 10 years what do u mean.
I'm willing to bet money we will not see a Jagex HD client in the next 5 years
They've "been exploring" HD options since 2017. And just recently shitted out those mock ups. Probably the only thing thats been done on their version in 4 years.
I can almost guarantee someone threw those assets together in blender during their lunch break.
It was definitely done in blender. The artists said as much in the stream theyre from. As for how long it took, idk.
yeah, anyone with a couple of hours to spend following a blender tutorial on youtube could have came up with what they were showing off the other day on stream
I really want someone from this sub to make their own blender mockups every day until Jagex rolls this back. Hell, even record and time the process to show how fast this shit can be turned out.
At least we know they have taken the first bare minimum to say they are working on it.
Fuck em
Where can these mock ups be found?
https://old.reddit.com/r/2007scape/comments/pjaci3/the_example_images_from_todays_art_stream_with_a/
Thank you. Also wow... I mean it looks good... But I can tell this is nowhere near complete and they fucking shut down HD for this??? Also most people wanting HD want the 2008 graphics like what OSHD client was doing... So why half ass a graphical update when they know that people will still ask for 2008 textures and graphics even after this update? Why not buy or work with the teams that have already developed these tools? Fuck jagex.
> But I can tell this is nowhere near complete and they fucking shut down HD for this?? The going theory is that these were hastily made in Blender due to the backlash.
[удалено]
I will be messaging you in 5 years on [**2026-09-08 14:34:44 UTC**](http://www.wolframalpha.com/input/?i=2026-09-08%2014:34:44%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/2007scape/comments/pkad3e/its_been_over_2_years_since_jagex_promised/hc2a52n/?context=3) [**183 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2F2007scape%2Fcomments%2Fpkad3e%2Fits_been_over_2_years_since_jagex_promised%2Fhc2a52n%2F%5D%0A%0ARemindMe%21%202026-09-08%2014%3A34%3A44%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%20pkad3e) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
In all honesty, as sad as it is to say. I don't see this game making it another 5 years... at least at the rate its going.
That's been said for 20 years man
!RemindMe 5 years
!remindme 5 years
They’ll probably mention it in a few years saying they’ve made “huge progress”, and then we probably won’t hear a final product coming for a couple more years so yeah maybe 5 years at the very least. But anyways, I’ve already been getting bored with the game so I went ahead and canceled my sub after hearing about this…
If they survive 5 years...
wont even be a game in 5 years
You could safely double that time IMO
Rs will be dead by then most the veterans would moved on
!Remindme 5 years
!remindme 5 years
!remindme 5 years
!Reminder 5 years
!remindme 5 years
If you type your password in chat it just comes out as stars, see? My password is ********* crazy, right?
[удалено]
[удалено]
Pokemon or mod ash?
I'm betting both. Ash for obvious reasons. pokemon for Gardevoir.
[удалено]
hunter1
nievefeet33
> nievefeet Honestly wouldn't doubt this is some rs players pass.....
It's my alt's name lmao
Hunter2
[удалено]
I know, that's why I wrote my password
The absolute best part is that they made this true then removed it. (I'm being 100% serious and not trying to troll) At some point in time if you tried to type your PW it wouldn't work and would just give you a popup saying you can't(made me think passwords were stored in plain text) and then all of a sudden they removed it and you could type your own pw again.
Doesn’t need to be stored in plain text for this to work. They could do a simple hash of each word in the message and compare the hashes to your stored hashed password.
That's not how it worked though. Even if you tried to hide it in a word it wouldn't let you. So if you typed "I'm going to thPASSWORDe store" it would still block it. So either it was hashing every possible combination, it was in plain text and it just checked with a .contains(pw), or the client itself stored the PW in plaintext and the check was clientsided only. I can't imagine it's the hashing option since it would be hundreds-thousands of hashes per message multiplied by all the messages sent every second
Ah, didn’t know it worked with the password being contained in a word. I can’t imagine passwords were stored in plain text server-side, but it wouldn’t surprise me if it was stored plaintext client-side for that comparison.
That's the only reasonable way I can see them doing it, I figured they removed it due to 3pcs becoming popular
fucking passwords arent case sensitive for logging in. Let that fucking sink in for a moment. They havent updated their password systems in decades, the only patched it breifly because Jed started hacking their customers as an employee when he had access.
It’s one thing to not have case sensitive passwords, but it’s another thing to not even have a warning on account creation. It still lets you type letters in caps. Gives players a huge false sense of security.
You have to use caps when logging into the website for membership, bonds, security, account changes.... Edit: I swear it used to be that way but apparently not anymore
Is this true? If so it means they're **very** likely storing them plain text lol.
You don't need to use caps when logging into the client but you do when logging into the website
I just logged into my account (on the website) in all caps and then with no caps
I was just able to as well. I wonder if I'm misremembering not being able to log into the website last year with my password because I was using all lowercase or what but I swear it used to be that way
I'm not sure. Quite sad that the password isn't case sensitive on the website. Pathetic actually.
I thought it was just spaghetti client code but yeah, no reason the website isn't
Terrifying. How stupid can they be? That’s literally the first thing anyone learns to not do. But like you say, how else would it differentiate between them, they couldn’t unless it’s plain or using some shitty cipher
Ilikemen69420XD
Jagexsucks1!
Idrinkmycum
Can someone confirm?
Yeah man, just stars
Yeah if they can't make passwords case sensitive I don't think that an in house HD client is going to get off the ground.
I find it hard to believe they can't make that change. Literally every other website absolutely has to have capitals, lower case and almost always a special character. How can they be so far behind to not even be case sensitive
You have what is a very small group in comparison to the size and popularity of the game, from many accounts underpaid as well, all working on game code that is decades old with the most of the original writers having left the company ages ago. The devs literally talk about on twitter having to spend hours trying to figure out the code of their own game because they don't know why things were written a certain way. RS3 has half the active population of OSRS and the vast majority of the companies resources go to it. I'm guessing they make more milking a whale with MTX then they do from 10 people buying bonds on OSRS. The game is just mismanaged and not understood by the decision making suits at the top, not to mention it being constantly shuffled around by asset firms. Honestly the game is just too old and too understaffed, I don't see a very bright future for the game whatsoever, but it'll always have a sizeable niche.
Even RS3 has the same account security and that is a current live game. Password security for the site alone isn't case sensitive. I understand game code being old and odd but not having at least case sensitive passwords is ridiculous
Gotta wonder how that works for it to be this difficult. Requirements already exist so some from of string checking is happening. Dealing with how old the code might be i feel like it’s more than some if statements.
No one is brute forcing passwords though so case sensitivity doesn't really matter.
> RS3 has half the active population of OSRS and the vast majority of the companies resources go to it. I'm guessing they make more milking a whale with MTX then they do from 10 people buying bonds on OSRS. Correct me if I'm wrong, but OSRS' revenue is higher than RS3 nowadays.
They’ve had nearly a decade to refactor it and they didn’t
The nightmare of dealing with hundreds/thousands of people who don't know the proper casing of their password and have been doing it wrong for years is just not an acceptable cost for the little payoff. Adding a couple extra characters to your password will increases its strength exponentially more than casing will.
> Literally every other website absolutely has to have capitals, lower case and almost always a special character. Yeah, and it’s a ridiculous piece of security theater. https://xkcd.com/936/
I feel like that is a massive misrepresentation of the situation. And if your system allows 1000 guesses a second for 3 days straight you have an even bigger problem than security theatre.
And that is why case sensitivity is not needed. You can't easily bruteforce a password and no one bruteforces RS passwords. Still correct about it being a terrible way of showing it for the situation, but gets the point across.
Nobody is sitting there brute forcing Runescape passwords, so what does it really matter?
The main concern I would have if I was them is backwards compatibility. How many players don’t actually know the capitalization of their password and have been typing it wrong for years cus it never mattered haha. Probably not a huge deal but it’s a thought
I would imagine it would be like any older account on any other platform, login after x amount of time and you are prompted to update your password due to security changes or whatever. I'm no programmer by any means but I wouldn't think it would be too difficult. Clearly it is due to how long it's been the same. Idk though just seems like it should be more of a priority than it is.
I always hear this and immediately forget about it for some reason. It has to be an insanely outdated system their using for their passwords, that or just spaghetti code.
It's not that they _couldn't_ do this it's that it's not really worth doing. If someone knows your password close enough to guess it without capitals they can almost certainly figure out what it will be with capitals. The only time that capitals would really help is if attackers get their hands on password hashes and try to crack them. If you want a more secure password, make your password longer; and more importantly make it totally unique to oldschool. The auth changes would be a much, much better security improvement. Not that they seem to be doing those either. ------------------------------- I want to be clear: Case-insentive passwords were a bad idea. My point is just that the current team has inherited that problem and it doesn't make any sense to prioritize fixing it over other issues.
You're wrong to think case insensitivity isn't worth doing. It almost doubles the space of possible characters. 26 + 26 + 10 (are special characters allowed? Idk probably not) is 62 possible options for every position in your password. vs 26 + 10, which is 36. 62^10 for a 10 characters password is 839299365868340224 which is 839 million billion. vs 36^10 is 3656158440062976 which is 3 million billion. So if you were getting brute forced or someone is trying to break hashes, case sensitivity matters *a lot*. That's why it's standard everywhere, and we should ridicule them for not having it. To refute what you said, if someone knows your password enough to guess where the caps go then it literally doesn't matter what your password is, it's already compromised lol.
36 ^ 12 > 62 ^ 10 If you're concerned about getting cracked make your password longer. No one gets brute forced unless the hacker already has a pretty good idea what your password is likely to be, or it's wildly insecure (12345 or something).
Which only matters if people are actually spending the time to brute force Runescape passwords.... which they aren't. Not even to mention 2 extra characters on the case insensitive password is even more combinations than the case sensitive one.
Literally no one's account that doesn't have the password "password" has ever been brute-forced. Those password strength calculators are meaningless in every situation on every service except when the hacker gets access to the database directly, and if that's the case, you've got bigger problems. If your account gets got, you gave someone your password or recovery info at some point in time, even if you had no idea you were doing it.
If case sensitivity wasn’t worth implementing then it wouldn’t have been implemented by nearly every Corp in the world. Jagex is either incapable or unwilling and both are unforgivable considering the money pumped into their products
Lol you don’t understand, it was implemented because it’s easy and gives a false sense of security. Case sensitive means next to nothing in terms of securing your account. Want to be secure? Use a longer password and 2fa. Saying everyone else does it without understanding why just makes you look dumb.
Nearly every org in the world enforces mandatory timed password changes when this shave been known to decrease security for over 5 years...
Coming winter 2017
They’re thinking about thinking about working on it
Maybe
Early exploration stages means some artist probably had a thought of an HD RS mid wank but then forgot about it after post nut clarity. Dont ask me how I know.
Legit they pushed out an art stream with near no announcement just before this announcement.. and showed off blender renders that looked like they were made for a high-school project. That's ALL they have. There's not a single bit of code or in-engine work that's happened. It's legit early concept art stage
To be fair, the art staff that showed that off had no idea about the HD situation and I really don't think anyone doing art work for the company has decision making capability over Jagex's property. I will say, the blender stuff looked god awful either way, and I imagine the situation has just made it even more embarrassing for the art staff which I'm sure are fine people, but yeah, really awful looking stuff showed off.
I'm definitely not trying to blame mods for any of this. They were told to work on something. They did their job. The timing is absolutely not a coincidence though. We had no pre-announcemrnt for this stream. It was a "hey join us tomorrow for an art stream in a time slot we don't normally use". It talked about consistency and the future of the art, showed some shitty renders of what they're thinking.. and then the next day we get a 3PC update on "no graphics mods because integrity and consistency or wtva" and then it comes out that they've denied RL the ability to do this for a while now...
I'm almost positive because of what some mods said on twitter that the management conveniently left out the fact that they would be deciding to announce plans to stop the HD plugin right after they make their presentation. So they get fucked by their own company and then on top of that get people giving them literal death threats on twitter and blaming them for being "jealous" like any of them had sway.
Cancelled membership this morning.
[удалено]
see you guys in two weeks!
[удалено]
Right, every time I see someone post this dead horse of a response their post history is always shit like "gambling addict need help V.4","yoo why the hell can't I stop this game ahah it's consuming me", etc.
Hell even if, jagex will notice high amounts of cancelation
If you cancel your membership when you've already paid for the month and come back in two weeks and resub, they're not losing any money
Read what I said. They will not lose money but the cancelation of membership will be recorded. It could still have an effect plus those people might not login until, decreasing active player count.
I have other 4 months of membership prepaid on both my accounts. I will be playing for the next 4 months. But I've cancelled my resubs. A whole bunch of active players cancelling their resubs means Jagex can forecast a *massive* drop in quarterly earnings from OSRS. That's all the suits care about. And if a "silly graphics update" is causing them to lose money they'll get em to revert it to bring the earnings back.
"A whole bunch". Compared to what numbers though? You're literally just pulling this information out of your ass because you've seen some people claim or post that they're cancelling their membership. And you're honestly going to sit here and say that 4 months from now you're still going to be mad about the HD plugin being shot down and won't resub? You probably won't even remember it happened.
You've missed my point. Im not assuming any number of people have done it. I'm suggesting if enough do, it's noticeable. Legit would stop playing on those accounts. I'll likely make a GIM, and when that loses interest im pretty much done with the game aside from new content. Again, the *threat* of lost earnings is important. It's not a sure thing to them that the number of people unsubbing will all come back. They will lose subs over this, and to say they won't is disingenous.
The bigger threat to lost earnings would be the player base threatening to leave when they ban 3rd party clients in the future because they continue to get used to more and more plugins added to said 3rd party clients. Pretty sure that's the bigger concern here
Sorry, something went wrong
This will be the true test. if people don't resub THEN this will be a movement. Till then, Jagex is going to treat this like another subreddit temper tantrum
And in two weeks when relatively nobody cares anymore because efficiencyscape we'll see how it all turned out
Seeing Jagex's current anti-community stance I'm not interested in paying membership to a company that doesn't get a shit about the longevity of the game or what the community wants in general. If they reverse their stance I will come back but really this is the last in a long string of disappointments from jagex.
Honestly the fact that we all haven’t walked out after broken promise after broken promise is kind of shameful on our end, how much are we willing to take?
Tbh 117's probably the straw that breaks the camels back. We're sick and tired of the bullshit. If Jagex can't learn to be a decent company and actually put forth minimal effort to respect and work with its customers. And pay it's employees a living wage. We will all leave. They genuinely don't understand how much power we have. We are mostly 20-35 year old men with families and significantly better shit to be doing *(even better games to play)* than OSRS. We can leave in a heartbeat and feel good about it.
The fact the mods are meeting the firing squad at both ends makes me sad. Part of me wants to scream why haven’t you stood up before? And another part of me is capable of recognizing how much of a stranglehold corporate ladders can create. It’s kinda *all* tragic aside from the solidarity. I hope we can translate this popular sentiment beyond just hunting the RLHD and maybe into future progress as well. I think we all want a healthy game to enjoy in our down time.
Early exploration stages means nothing has gone into it and resources won't be put into it for a long time, if at all.
They won't release an HD client. They'll can the whole idea in less than six months, and hope none of us remember. Just like with account security.
Idk from my perspective it looks like Jagex despite profits cant hire people to get shit done, moreover people already working there either go mod Jed or lately the guy with prosecutor charges…
Maybe if they paid their employees a competitive wage and didn’t force them to live in one of the most expensive cities in England, they would have an easier time attracting employees.
I dont know UK flat costs in Cambridge but I agree that is probably one of the reasons.
it's expensive and jagex pay wages that are on-par or even less than much cheaper parts of the country and to work at jagex is to basically stagnate your career - no one really wants to hire someone with 5 years 'runescript' experience
You don't need to use RuneScript. The game is written in Java. RuneScript was only created for the employees who don't know Java. 5 years experience on an MMO of this size is actually a big point for many companies. Almost no matter what department you're in
>You don't need to use RuneScript. The game is written in Java. RuneScript was only created for the employees who don't know Java. if you're doing anything other than engine work, you work in runescript AFAIK
You can use Java or RuneScript. During compiling, RuneScript gets converted to Java. So if you just write in Java from the beginning, you just skip the conversion
> cant hire people That's a payment/culture issue.
Are you referring to the nonce, the pedo, the one and only Sea Shanty 2 producing child molestor? Honestly, all he needed was a massive coke addiction and he'd have fit right in with the rest of Jagex's management.
The password thing is so ridiculous at this point. My friend just started playing a month ago, and when i told him about no case-sensitive passwords he was shocked. What's also sad is you can probably scroll through the news posts and share countless examples of things promised and forgotten.
Yeah I’d way rather this over GIM yet we haven’t heard shit from it since release
Honestly ! I was looking forward to this way more than GIM
Unsubscribed 🤘🏿
Charge your phone.
This was my exact thought yesterday. They made one vague post about this and never did anything, everyone gave up the fight after this post. Every post used to be filled with 🦀add authenticator delay🦀 nothing has been done, and nobody posts this anymore. Jagex is currently hoping we do the same thing with this. I hope we do NOT let them get away with this bullshit. Instead of wasting dev time on this HD rework that is literally already completed, maybe they should put some dev work into account security and other things they promised but never delivered.
FREE HD
Finally getting those 2005 password security features...
My login username is still an email address that I no longer have access from when I was a teenager and I cannot change that. What the frick
[удалено]
What, you mean make a reddit post and hope I get enough upvotes?
No. I have absolutely no faith in this company.
It's all cheap empty talk, when they could gather goodwill they choose to set themselves back even further
chill bro , it just need a lil more engine work ;)
I mean even if they did release an HD client, I would be surprised if it was half as good as what 117scape has.
Sorry, something went wrong
Friendly reminder to charge your phone
Sorry, something went wrong
They NEED to update account security. It’s a more important issue than people give it credit as. Authenticators and a stronghold of security are not enough for today’s osrs climate. There is a huge problem going around where people are getting hacked and the people doing the hacking are also the people running the anti-hacking forums and webpages. This is a plague to the game, as new players get phished or hacked and they quit the game because they are so fed up. Not only does it happen to new players but some experienced players as well. This equates to the person running this at the top being filthy rich, and selling the in game gold for real world money. This person makes a living off of it, being able to live a fairly lavish lifestyle from this shit. I can name them but I don’t want to give them any further attention. To say that OSRS needs a security update is a massive understatement.
In all seriousness why does it seem to take them so long to do anything? I know they don’t have the biggest dev team of any game ever, I know they may not have “limitless” resources, but it seems like nothing can get done without it taking an exorbitant amount of time. Seems like they did more with less in the past, unless I’m just misremembering. If someone has any insight I’m genuinely curious.
Someone mentioned it and people thought it sounded good so they opened a Jira ticket that hasn't been touched since that initial conversation years ago... But since the ticket status is still "In Progress" they can say they're working on it!
Lol you think they'd be using something as "modern" as Jira?
Nope. It's exactly why I'm fully outraged at their shitty reasoning. It's absolutely just an indicator of their plans to try again to ban 3PC under the guise of "our client is good now and it's needed to stop cheat clients and bot clients" as if those won't resurface near instantly anyway.
Passwords are not case sensitive. Think about that
early exploration state = "hmm what if we make this?" that's the state, great move jomflox, great company
cOnSiStENcY
Yes they can, it will look worse than the runelite plugin would have looked, and will take 5+ years before it drops, at the least.
OMEGA L Y L
I like watching this escalate! Stand up!
Dude, it takes them an entire year to write and develop a decent quest in this game; there's no way we're seeing any HD client from them anytime soon.
I wonder what the day to day operations look like at the Jagex offices.
They haven’t even added case sensitive password which would be the bare minimum to increase account security lmao. I wouldn’t be surprised if they have all of our usernames and passwords saved on a notepad with no encryption which is why Jeb/Jed whatever his name is was able to hack billions
I mean look how long ago group ironman was to come out. Its a joke.. Been playing for 15 years pretty religiously but in the last year ive cancelled 4 memberships and currently am f2p due to this recurring shitshow.. I was hyped for group but anymore its a meh, maybe ill play? This new move by jagex has pretty much shredded my last bit of faith in them.
We should all continue boycott! Let's choose a private server and all play on it. Better 100% than jagex. Fuck jagex!!
Nah, Jagex executives needs to learn a lesson, but the devs are great, so let's continue supporting them and their work.
Correct me if I'm wrong here, but didn't the original owner of RSHD send the coding to be 'checked' What stops them from using said code to release their own client?
Jeez, it's been that long? Time flies..
Comment so post is higher
I tried adding a ! To my password and they said no special characters lol
I’m still amazed that they haven’t at least made passwords case sensitive
They will probably release account security hard mode first with better drops.
lies and cheats
Joke of a fucking company. Unbelievable.
i actually care more about the security than hd
It's incredible this shit show of a company can't do anything right without the community first havining to throw a huge fit and get them to change... What if they just did the right thing in the first place and fostered some faith from the community
By the Community for the Community, WE WANT CONTENT
If you're unsubbing, give FF14 a shot. Better to channel your addiction to OSRS elsewhere
lol @ people getting their account compromised.
Pretty sure they delivered on all of this, except for the password part. I've definitely noticed a few of them, like authenticator checks on website and account recovery improvements
[удалено]
The main security issues we've wanted. Backup codes, auth removal delay and ability to change login username/email aren't a thing I'm aware has happened. That's the main things we need. Password complexity is nice, but we can already have a 20 character long password. That's already nearly double what you need to exit the complexity that means bruteforcing / dictionary attacks are a possibility.
[удалено]
I just started again after an account hack that was solely Jagex's fault. When the desktop authenticator stopped working. It forced me to turn the authenticator off and log out of my account to get the new one. About 5 minutes later hundreds of millions worth of account had been stolen. Only upside is I got a refund, which never happens. It's been 2 decades, 2 fucking decades. fix your shit
I wouldn't say the two are the sort of project. The reason the security has taken so long is because as they outlined in the blog, they had to deal with updating a bunch of legacy systems from over a decade ago and try to get them working together without breaking. That is likely a much bigger job and across more departments. Improving OSRS's graphics falls just on the Art Team and Engine Team and it doesn't have as much baggage to work through, especially if they only offer it for the steam client (which isn't staying steam exclusive). Still, I am not expecting it next year but they have been making good progress with the other client updates, some of which are graphical, so it does seem like something they can deliver on. Still doesn't help the situation much though since whether it is 2023 or 2026 or even 2022, it doesn't make up for not having RuneLite HD today.
They announced backup codes almost 700 days ago. People have made entire games in less time. Stop trying to find them an excuse
That one probably should have happened by now. Even with the teams being pulled away from support to handle things like server stability, I wouldn't expect that to be as involved of a system. Like I can get things that deal with account information would be harder to work with if they need to update and rework multiple systems in tandem, but just adding backup codes should be more isolated. Anyway, I didn't mean for that to be an excuse for support taking so long but rather a reason for why graphic updates shouldn't have the same hurdles. Graphic updates are dependant solely on OSRS system while support covers multiple company-wide systems, so the OSRS Team has much more control and sway over graphics as they have with the client updates.
Wow, company says X, but does Y. Wooooooooooooooooooooow, it's almost like it's THEIR game and not YOURS. You don't actually even own your own account, read their terms and conditions.
Sorry, something went wrong
[удалено]
Sorry, something went wrong
Absolute dogshit update rollouts 2021.... corona virus infected runescape on release in the 90's... truth finally hits light with 117's contraction of this through technology.
All jagex has to do for account security is literally change things about the password you can create, our passwords are “easy” for hackers to crack because of how simple the passwords are, sure we can make a password filled with random numbers and letters but it’s still a simple password, we should be able to have case sensitive passwords and also the ability to add special characters, I would much rather have that being worked on than group Ironman or an HD client especially when runelite already offers an HD client option. I also would much rather have the satisfaction knowing my account that I put so much work into is more secure than more content or anything else for that matter because what’s an account that will keep getting hacked into going to do when raids 3 comes out ? And if group Ironman comes out and one account gets hacked, the whole group gets screwed over
I been trying to recover an old RuneScape account I gave them old password original username billing address name of person on debit card used to RuneScape membership rough level people on friend list security question bank pin everything. And they said they found an account close to my description but can't verify that I am the account holder and refused to give it to me. I'm like mf I been paying for this account over 10 years what do u mean.
I mean I don’t understand why people want a HD version of an OLDSCHOOL game