Why don’t you want me to play?

Some time ago, I signed up to Runescape as I figured it would be worth trying out the largest free-to-play MMO in the world. It was definitely some time ago and I’m pretty sure it wasn’t this year and it may well have been 2008 or prior to that. I know I wrote about free-to-play games on this site 3 years ago so maybe it was after that. I should probably have an email about it somewhere but it’s also possible it’s on an old PC that is going to be difficult to resurrect.

This is relevant. I’ll come back to it.

This morning I thought I’d give Runescape another look – partly because it had come up in conversation in my guild chat last night and partly because of an article published over at Massively the other day. And hey, it’s slow at work at the moment and it might pass the time during my lunch break.

Before I could play, however, there was the little matter of logging in.

Bearing in mind that I had previously signed up to play, I figured it wouldn’t be too difficult to log in again – provided, of course, I could remember what my username & password was. – which, inevitably I couldn’t. Off to the password reminder page! Now generally, up until earlier this year, I tended to use one single email address for FreeToPlay games and Runescape neither objected to me entering this address and did actually send me an email with a link to reset my password. Working as intended – game on!

I’ll come back to this in a bit as well.

Being an IT professional (although I use “professional” in the loosest possible sense) I recognise the importance of security protocols and procedures, especially in terms of lost or forgotten passwords. So, apparently, do Jagex.

This is the top of their password reset screen

(clicken to embiggen)

What. The. Frak?

First off, I’m expected to give the answers to up to five recovery questions – questions that, obviously, I should remember. Except I don’t because a) lots of sites ask me for answers to security questions and b) most of them actually ask the question that they want the answer for! Favourite colour? Name of first pet? Air speed velocity of an unladen swallow? Seriously, I could have been asked anything – give me a damn clue!

Oh look – a checkbox to say I didn’t set any recovery questions. That’s alright then.

Next up – list any of your old passwords. Well, okay, that should be simple en — wait, what? This is a password recovery page because I can’t remember my password. And I’m pretty sure I only had the one so, nope, sorry – can’t fill this in. Next question.

When did you sign up your account?

That bit about not remembering when I signed up? Turns out I should have been paying more attention. I suppose at least they only want month and year and not day, hour and minute.

Other information they want – name of the ISP I was using when I signed up. What? I mean, what? Really? It’s probably a good thing that I’ve been with the same company for the last 7 years. Except that the company has changed its name several times and I’m not sure I can remember what it was called when I signed up on account of not remembering when I signed up and not keeping track of what the company was called.

At the bottom of the form, Just above the submit button, there’s a little bit of text that evaluates how well you’ve filled in the form. It read “Very Poor”. I could almost hear the tut and see the look of disapproval.

I submitted regardless. It turned out that even if I’ve never changed my password, I still had to enter an old password so I entered some random alphanumerics. The evalution text change to “Poor”. For a moment, I felt like I’d accomplished something but I swear there was a rolling of eyes and even more disapproval. On the other hand, I had, after about 30 minutes, finally submitted the form.

The message I got basically told me not to hold my breath for a password reset and they might get back to me sometime next year. On that non-committal response, I decided to sign up for a new account regardless so that’s exactly what I did. Comparatively it was quick and straightforward and within minutes I was at the character creation screen.

Curious, however, that they let me use the email address that I was trying to reset the password on and that they had used to email me the reset link. Was it too much trouble to check that information before sending me to that damn form?

I dearly hope that their in-game UI and logic is better.

tl;dr – Cool story, bro!

9 thoughts on “Why don’t you want me to play?”

  1. Good grief. That has to be a candidate for the most unhelpful form ever. Not even telling you your “secret questions” is just mean.

    By the way – I strongly recommend “Keepass” its a password safe that uses state of the art encryption to keep all of your passwords in one place. I have managed to train myself to always record passwords even ones I don’t plan on using for very long.

    1. I track all those security question answers for each site.

      I’m trying to find software for passwords that will sync between my work and home pcs and my windows 7 phone. Also that would integrate with the browser so I don’t have to type them, allowing long random passwords. I’m not really sure I WANT to put encrypted files in my windows live cloud drive though, if there was a solution that would sync only on the usb cable, that would work better.

  2. I have lost access to so many games that way. I now have an email I use for all my gaming so if in ten years I want to reactivate my daoc account I can.

    I just wish companies could think of a new way instead of emailing resets.

    1. This is something else I had to do recently – having to remember character names was a bit of a stretch but luckily I tend to just keep the same character names from game to game.

  3. I’ve seen that whole “answer these security questions that we won’t even show to you” schtick before, and it wasn’t on Runescape because I don’t play that. I found it kind of frightening in its stupidity.

Comments are closed.