Planet FunOrb

I’ve done my own sleuthing to bring you some information on the upcoming USB security dongle from Jagex.

Read more…

“Hi, 

I’ve noticed the Jagex Security Key poll is causing some heated debate, so thought I’d better pop in and post some clarifications. 

The first thing to bear in mind, (which we really should have mentioned in the poll), is we are NOT looking to make a profit from this key. The price is to cover the cost of buying the device and shipping it. In fact these devices aren’t particularly cheap and if we do go ahead with this I expect we will probably LOSE money doing it. To be able to get it down to $10 we would almost certainly have to either heavily subsidize the cost of the key (i.e sell it at a loss), or buy in such huge bulk that we would end up with a large number we’d never sell (Still making a loss). So this really ISNT about making some quick money. The main reason for the poll is to see if there is enough interest to make it practical at all. 

Now you’re probably wondering why we would even consider doing this if we would be losing money. The reason is simple, we’re in this for the long run, not for a quick buck, and therefore player satisfaction is extremely important to us. And a player who has had their account stolen (even though due to a keylogger/virus on their own computer) is generally not very satisified! We feel that the benefit of keeping our players safe outweighs the cost, and so we are willing to potentially take a bit of a hit on this. 

Which brings us on to the ‘bank space’ incentive. Which is exactly that… an incentive. 

The problem we face is the VAST majority of players don’t actually believe they need extra security (until it is too late), and it seems very hard to convince them otherwise. I’ve been working on computer security for years, and the problem is people assume if they have an antivirus and a firewall and don’t tell people their password they are bound to be safe. This ISNT true! It certainly makes you safer, and is a very good idea, but it sadly doesn’t make you invulnerable. Even if you are very careful – believe it or not you can still end up with a keylogger on your computer. For starters all of the commonly used web-browsers are written in C++, and repeatedly suffer flaws where if you visit a malicious webpage, even without clicking on anything your computer can be compromised. I’m more up to speed on computer security than most, but I still use a bank pin on my account, and will still be using a Jagex Security key on my account. Because I don’t suffer from the delusion that I’m somehow magically immune. 

So the problem we face is we know lots of our players lose their passwords, we also know those very same players point blank refuse to believe anything bad could possible happen to them, and think they are secure (until it is too late), and therefore probably won’t buy a security key. The evidence for this is clear, just look at our own forums and all the people saying “I’m secure, I don’t need a key!”. So we started wondering what we could do about that. If we can incentive people to buy a key some other way perhaps we can still protect their account. Of course even if the key does ultimately protect them, they will probably never even realize that it happened, and will probably go on thinking that they didn’t need it, but at least their account is secure. 

We chose extra bank space for the proposed incentive, because a) we already give extra bank space to members anyway, so this doesn’t unbalance things further in any way b) it kind of makes sense that the people with the fullest banks are the ones with most to lose, so the ones who most need a key. 

So this isn’t about RWT (any more than the members game we already sell isn’t about RWT), and it isn’t about trying to make a quick profit. It really is simply about keeping our players accounts secure. 

If we were in it for a quick buck we would just sell the bank space and forget the loss making key idea entirely (then we WOULD make lots of money), we’re not going to do that, because that’s not what this is about.