User talk:67.4.39.26

Talk:Jagex Account Guardian
Hello, your question regarding The Jagex Account Guardian (JAG) has been answered. I'm not sure if you checked the talk page, however I'm leaving you a message here for you to be updated on this topic. I have done tests myself under multiple setups. I can conclude that JAG works off of a user's MAC address, which is a unique identification number given to each and every individual system, whether it be a computer, phone, printer, etc. You can read more about MAC addresses here. As per potential hi-jacking, it is very important and I want to stress this: The more information you put out there on the web, the more vulnerable your account is (of course this depends also on the level of desirability of your account in the hi-jacker's hands; e.g. if you are a well-known and/or are rich). By means of social engineering, otherwise known as doxing, is the most convenient way for the hi-jacker to collect enough valid information for Jagex to grant access to the user attempting to gain access. This could (and would) be abused via the Customer Support Center in the RuneScape Official Forums.

I have two things to say regarding this &mdash; and that is...
 * Hi-jackers have seen JAG to be a barricade to them from getting into others' accounts and in turn, thus they have spread ideas across the forums that people would lose access to their accounts if they forgot the answers to the questions. To be quite honest, Jagex's recent change to that idea with them easing off of the high security and allowing for a customer support center almost makes JAG useless if the hacker can gain information about a person that would potentially help them recover the account (which isn't theirs). I believe the questions provided are not subject to change and are very personal, so if a player sets them, I can be strongly confident that he/she wouldn't forget them.
 * With all this being said, JAG initially was brought out to be a brick wall of security and has kind of let out, in a sense, of being that. The hi-jackers say "What if we forget the answers to the questions? We might permanent access to our accounts! OMG!" and everyone joins the bandwagon in fear of that idea, when in actuality it's a way of giving hi-jackers some bit of hope for recovering accounts through collected information (and yes, even hacked databases). Since it's a new security system and people aren't familiar with it, hi-jackers can easily spread this idea since they are familiar with the security measures companies take and their work-arounds to getting past them.

All in all, JAG works off your MAC address which means it's ONLY to that device, although you can still log into the website (strangely) without answering the JAG questions. You have nothing to worry about, so all I can say is be very wise with the information you give out. Even adding someone on Skype and them knowing your name is a very easy way for a hi-jacker to begin collecting vital information for the final process - recovering your account! 23:47, September 19, 2012 (UTC)