Hello everyone, Today I'd like to raise awareness about a little something called '2 Factor Authentication', or '2fa' for short. It's a handy thing that'll stop your account from becoming compromised. You may think 'Oh, no one would hack me, I'm too smart for that!', well if we look at recent events - we see that anyone is at risk of having their account compromised (Mojang pls). So what can I do? How do I keep my precious ECD from being stolen by a keyboard warrior? Simple - if you're a donator; 2 Factor authentication. Step 1. Type '/2fa' into chat. You should receive a map. Step 2. Download google authenticator for free at: Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en IOS: https://itunes.apple.com/au/app/google-authenticator/id388497605?mt=8 Step 3. Type in the really long code that is written on the top of the map you get from typing '/2fa' and now you have linked Google Authenticator to Minecraft! Alternatively you can scan the QR code on the map. Step 4. Now type /2fa and the 6 digit code you are given on the Google Authenticator application. Step 5. Now whenever you log in on a different IP you will be required to type '/2fa <code>' for security purposes - you simply get this code from the Google Authenticator application. But I haven't donated to the server - and I don't plan to do so any time soon, how do I keep my account safe? Well here are some general tips for non-donors and donors - Use different passwords for everything - Change your passwords regularly - Set security questions for your account at http://www.mojang.com/ to ensure no one can steal your account. - Don't tell anyone your password - Don't send your .minecraft to other users - Common sense If you need anything clarified or have other tips please feel free to ask/respond.
Did you guys insure that it wasn't the forums that were compromised? Someone could have implemented a back door into the forum database. If said person uses the same password for both MC and forums their account would be compromised. Id check I.P logs to be safe.
Technically is wasn't the password but it might as well have been. It was the session authentication token. I'm not sure how much I'm allowed to disclose but for the benefit of everyone else. DO NOT SHARE YOUR .minecraft FOLDER! In a file called launcher_profiles.json it contains your session authentication token. Your account can be hijacked with this token. This token doesn't allow someone to change your Minecraft password but it does allow them access your account until the session is re-authenticated. If you do feel the need to share your Minecraft folder make sure you remove the launcher_profiles.json and all the log files. Disclaimer: I can't guarantee this is all you need do to ensure you're safe from this form of attack. Exercise extreme caution and only share with people you trust, or better still don't share with anyone. There really is no reason to share your entire .minecraft folder.
