Some time ago, I signed up to Runescape as I figured it would be worth trying out the largest free-to-play MMO in the world. It was definitely some time ago and I’m pretty sure it wasn’t this year and it may well have been 2008 or prior to that. I know I wrote about free-to-play games on this site 3 years ago so maybe it was after that. I should probably have an email about it somewhere but it’s also possible it’s on an old PC that is going to be difficult to resurrect.
This is relevant. I’ll come back to it.
This morning I thought I’d give Runescape another look – partly because it had come up in conversation in my guild chat last night and partly because of an article published over at Massively the other day. And hey, it’s slow at work at the moment and it might pass the time during my lunch break.
Before I could play, however, there was the little matter of logging in.
Bearing in mind that I had previously signed up to play, I figured it wouldn’t be too difficult to log in again – provided, of course, I could remember what my username & password was. – which, inevitably I couldn’t. Off to the password reminder page! Now generally, up until earlier this year, I tended to use one single email address for FreeToPlay games and Runescape neither objected to me entering this address and did actually send me an email with a link to reset my password. Working as intended – game on!
I’ll come back to this in a bit as well.
Being an IT professional (although I use “professional” in the loosest possible sense) I recognise the importance of security protocols and procedures, especially in terms of lost or forgotten passwords. So, apparently, do Jagex.
What. The. Frak?
First off, I’m expected to give the answers to up to five recovery questions – questions that, obviously, I should remember. Except I don’t because a) lots of sites ask me for answers to security questions and b) most of them actually ask the question that they want the answer for! Favourite colour? Name of first pet? Air speed velocity of an unladen swallow? Seriously, I could have been asked anything – give me a damn clue!
Oh look – a checkbox to say I didn’t set any recovery questions. That’s alright then.
Next up – list any of your old passwords. Well, okay, that should be simple en — wait, what? This is a password recovery page because I can’t remember my password. And I’m pretty sure I only had the one so, nope, sorry – can’t fill this in. Next question.
When did you sign up your account?
That bit about not remembering when I signed up? Turns out I should have been paying more attention. I suppose at least they only want month and year and not day, hour and minute.
Other information they want – name of the ISP I was using when I signed up. What? I mean, what? Really? It’s probably a good thing that I’ve been with the same company for the last 7 years. Except that the company has changed its name several times and I’m not sure I can remember what it was called when I signed up on account of not remembering when I signed up and not keeping track of what the company was called.
At the bottom of the form, Just above the submit button, there’s a little bit of text that evaluates how well you’ve filled in the form. It read “Very Poor”. I could almost hear the tut and see the look of disapproval.
I submitted regardless. It turned out that even if I’ve never changed my password, I still had to enter an old password so I entered some random alphanumerics. The evalution text change to “Poor”. For a moment, I felt like I’d accomplished something but I swear there was a rolling of eyes and even more disapproval. On the other hand, I had, after about 30 minutes, finally submitted the form.
The message I got basically told me not to hold my breath for a password reset and they might get back to me sometime next year. On that non-committal response, I decided to sign up for a new account regardless so that’s exactly what I did. Comparatively it was quick and straightforward and within minutes I was at the character creation screen.
Curious, however, that they let me use the email address that I was trying to reset the password on and that they had used to email me the reset link. Was it too much trouble to check that information before sending me to that damn form?
I dearly hope that their in-game UI and logic is better.
tl;dr – Cool story, bro!