Forums

6 to 8 digit Bank Pins

Quick find code: 322-323-959-66125844

Sorg
Jul Member 2019

Sorg

Posts: 157Iron Posts by user Forum Profile RuneMetrics Profile
I mentioned this to Mod Ash over on Twitter earlier today about the idea of using 6 or even 8 digit bank pins instead of the 4-digit pins we use now. He said this would be possible but would require rearrangement of the memory needed for storing higher numerical values. And would also have to make sure people wouldn't have to type 0000's before their pin.


A 4-digit bank pin has 10,000 different possible combinations.


A 6-digit bank pin would have 1,000,000 different possible combinations.

An 8-digit bank pin would have 100,000,000 different possible combinations.



I feel like rather than forcing this as a requirement for all players to have to switch to a higher value, we could give them the option to switch to a higher digit pin combination, simply by talking to a banker or maybe an option via the banking interface.





Why?
I have seen more accounts being hacked or broken into via account recovery and people losing their entire banks. Note that a lot of them are due to malicious programs and viruses through an infected computer, but another small amount of them are due to account recovery and people using the same passwords on other websites.

After some searching on the internet, I found some bank-pin solvers and guessing software that is evidently able to find bank pins by running the 10,000 different combinations and hackers are able to purchase this on hacking forums.

I believe that by increasing the bank digits, we would create thousands and possibly millions of different combinations that may secure a player's items when under an attack from a hacker. Of course this is not 100% fool-proof but it just may slow down the hacker's attempts enough for you to regain access of your account.
Twitter:
@Sorg_RS
// Needing help on the forum? Check Forum Help

19-Oct-2019 01:18:04

DraftDogeDib
Oct Member 2019

DraftDogeDib

Posts: 909Gold Posts by user Forum Profile RuneMetrics Profile
Ummmm, why not add an authenticator delay first? Draft dodger btw. Too scared to attack an enemy that tried to harm my loved ones so "I only learned to defend". Typical boomer born right after the era where my parents suffered the solitude of WWII, deprivation of the Great Depression while I never had to suffer jack or risk a thing. :)

19-Oct-2019 01:29:51

Applejuiceaj
Nov
fmod Member
2011

Applejuiceaj

Forum Moderator Posts: 42,679Sapphire Posts by user Forum Profile RuneMetrics Profile
While adding additional digits certainly would add more combinations, it is truly necessary?

The bank pin system already has brute force protection on it - if you enter it wrong a few times, it locks you out, so there is no way for someone to brute force 10,000 combinations with it continually locking the user out and not allowing them to continue. As stated in the Wiki:

"After two failed attempts to enter the bank PIN, the system locks the player out for 10 seconds and tells them to use the "cancel" option if they have made a mistake in entering their PIN. After another failed attempt the system locks the player out for 15 seconds. Once four fail attempts are made, the player must wait 10 minutes before trying again."

If a hijacker is getting past the bank pin, it likely isn't because it was successfully brute forced - instead, the hijacker knew it or was able to easily guess it.

19-Oct-2019 01:39:13

DraftDogeDib
Oct Member 2019

DraftDogeDib

Posts: 909Gold Posts by user Forum Profile RuneMetrics Profile
Applejuiceaj said:
While adding additional digits certainly would add more combinations, it is truly necessary?

The bank pin system already has brute force protection on it - if you enter it wrong a few times, it locks you out, so there is no way for someone to brute force 10,000 combinations with it continually locking the user out and not allowing them to continue. As stated in the Wiki:

"After two failed attempts to enter the bank PIN, the system locks the player out for 10 seconds and tells them to use the "cancel" option if they have made a mistake in entering their PIN. After another failed attempt the system locks the player out for 15 seconds. Once four fail attempts are made, the player must wait 10 minutes before trying again."

If a hijacker is getting past the bank pin, it likely isn't because it was successfully brute forced - instead, the hijacker knew it or was able to easily guess it.
Draft dodger btw. Too scared to attack an enemy that tried to harm my loved ones so "I only learned to defend". Typical boomer born right after the era where my parents suffered the solitude of WWII, deprivation of the Great Depression while I never had to suffer jack or risk a thing. :)

19-Oct-2019 03:53:55

kynetik
Dec Member 2018

kynetik

Posts: 305Silver Posts by user Forum Profile RuneMetrics Profile
Applejuiceaj said:
While adding additional digits certainly would add more combinations, it is truly necessary?

The bank pin system already has brute force protection on it - if you enter it wrong a few times, it locks you out, so there is no way for someone to brute force 10,000 combinations with it continually locking the user out and not allowing them to continue. As stated in the Wiki:

"After two failed attempts to enter the bank PIN, the system locks the player out for 10 seconds and tells them to use the "cancel" option if they have made a mistake in entering their PIN. After another failed attempt the system locks the player out for 15 seconds. Once four fail attempts are made, the player must wait 10 minutes before trying again."

If a hijacker is getting past the bank pin, it likely isn't because it was successfully brute forced - instead, the hijacker knew it or was able to easily guess it.
I am not against the idea of this pin system but the problem isnt the bank pins the problem would be the fact people are not securing their accounts there is a Two-Step system in place and if people are getting to the bank pin and getting in then either tgey know the information to gain access to someone elses account or they are not using the two-step system. The idea is a good idea but people need to first practice the actually system that is already in place and unfortunately if someone someone did manage to brute force a bank pin then im sure they would have no problem in extending a system to brute force at a higher rate.

19-Oct-2019 04:59:26

DraftDogeDib
Oct Member 2019

DraftDogeDib

Posts: 909Gold Posts by user Forum Profile RuneMetrics Profile
No, it's not. People get hacked through that due to database leaks. There's a reason the HLC gets hacked nonstop. That has got to be the most idiotic statement I've ever heard. Even Jagex admitted that it's a flaw in their system and that it's outdated from like 2002. Several WR raiders have been hacked for their 10b+ banks for things that weren't even their fault. Most of them quit since they get zero respect on the matter and just get flamed for how it's on them when it clearly was out of their control. Issues like this are what're severely plaguing this game and sending it on a downward trend. Draft dodger btw. Too scared to attack an enemy that tried to harm my loved ones so "I only learned to defend". Typical boomer born right after the era where my parents suffered the solitude of WWII, deprivation of the Great Depression while I never had to suffer jack or risk a thing. :)

19-Oct-2019 06:40:05

Quick find code: 322-323-959-66125844Back to Top