If you were on staff I would expect you to remove an automatic 2fa authenticator if you had one.

 

Yeah... that could be bad

 

My worthless thoughts. :)

I started using the 2fa here when I received no less than five alerts over the course of several months someone was trying to reset my password to minecraft.

This was in conjunction with another minecraft related breach attempt. The person was never successful, But I figured if I had 2fa on, even if they were successful in resetting the password and locking me out, they would not have access to ECC since they would not be on my pc. It would only be a matter of time for me to prove my identity and get things back to normal with minimal issues. I didn't care about other servers since I don't play anywhere else.

Using 2fa because my pc being compromised wasn't even a thought. So to have something automate it from the pc would have been fine with me.

For the forum, I even had the 30 day thing always on, since I didn't want to be bothered every I came to the forum. It was a hassle, but an understandable one that I endured.

That was until it stopped working for no reason and locked me out. Now, I think it is more of a hassle than the risk.

I think if such a tool/app/program/whatever existed, I would have used it. I understand the want and use for something like this.

 

In all honesty that seems more like someone has an email that's pretty similar to yours and messed em up, but that's just my two cents.

 

Scenario:
I 'break the algorithm'. Provided anyone can feasibly do this for a minecraft client within a time limit.
I give out my applet out to a few friends and show off on the forums.
This gets leaked/found by the people behind 2fa.
Creators of 2fa want to kill me, get rid of the exploit.

Something like this simply won't happen.
Honestly if you want to keep using 2fa but don't want to keep your phone near you I would just install the bluestacks emulator and download the 2fa app to it.
@Expipiplusone


EDIT: I'm not familiar with the 2fa plugin, but I'd imagine that there's a way of setting it to allow extended logins from the same ip? Maybe make a suggestion?

 

iirc you're only asked to authenticate once a week if your IP doesn't change

 

multi-factor authentication is not a matter of "breaking the algorithm" Nor are there any "people behind 2fa". It's a system that relies on secure cryptographical alhorithms. The algorithms are public knowledge, standardized, and many implementations exist. But the fact that it's secure is a proven fact.
idk wtf you're on about. But it's definitely not something from our reality.

 

I suppose I worded that poorly, it was a long night.

What I was (atleast trying to) saying is that if someone had a way to determine something as secure as a 2fa key is accredited to be, from something as simple as a minecraft client, then the algorithm and the plugin would be updated for sure, as it's entire purpose is providing an additional level of security.
IE. If I were to make a plugin that would decript an RSA key in a few seconds, it would change. All possibilities of doing that aside (Yes, I know, it won't happen, similarly to this topic altogether), if I were to do that then either nobody would use that method of securing their stuff, or the method itself would change.

 

It's the secret code the server gave you that we're going after though...

 

It's both time-based and secret key based. So unless you shared your secret key with some malicious people, there is zero chance of "cracking" this. (you shouldn't share the secret key with anything or anyone. though)