Passwords and Security

Passwords and Security
Post by: SiggiJG - June 25th, 2016, 8:47:33 am

It has come to my attention that there are a lot of players who lose their accounts because another person has hijacked the account and changed the password.

At CubeBuilders, security is not something we take lightly. We believe it's extremely important whenever your computer connects to CubeBuilders, the connection is encrypted so no one can read the data sent to and from the server, especially your password when you log into the website.

That's why the website has moved to SSL-only, you should see a lock icon in the address bar of your browser when you're on the CubeBuilders website. If you don't see the lock icon, then you're being watched by the NSA or some other unwanted spy. CubeBuilders also does not use Offline-Mode (we're not a "cracked" server), as Offline-Mode is also another very insecure way of running a server.

The CubeBuilders website also does not use Enjin, as I believe Enjin is very insecure. When you login on an Enjin website, you don't get redirected to for login, you just enter your password directly onto the website you're logging into. This may seem like it's not such a big deal to most, since all Enjin sites are hosted on Enjin servers. But if you think about it, not only are Enjin websites not protected by SSL technology, the way the Enjin login system works actually makes it a lot easier for someone to create a fake website that looks like an Enjin website, and ask people to log in on it, giving them the password in the process.

Anyway, the most common reasons for people losing access to their accounts -- whether it's email, facebook, or a Minecraft account -- is because they use weak passwords, or they simply just fall for some phishing scam because they believe everything someone else says.

Here are some tips on keeping your accounts as secure as possible:

- Use a strong password. Take two words, spell them wrong on purpose in a weird way you could think of, and capitalize a random letter (NOT the first letter!) and either add a number to the end, or change one of the letters to a similar looking number or symbol. Don't use a weak password, like a correctly spelled dictionary word, or your name, or a family member's name, or a birthday, or a famous person, or a character in a popular movie -- these are all bad passwords, they should be usernames, not passwords! (except for birthday, that shouldn't even be in a username either)

- Don't use the same password everywhere, otherwise if someone finds out one of your passwords, well, now they have all of them. Your password for the CubeBuilders website should not be the same as your password for Minecraft.

- When you're logging into a website, always type that website name in your address bar. Don't type your password after clicking a link in an email that was sent to you, as that's very often a phishing scam. Any random email asking you to verify your account by clicking a link and entering your password is always a scam. This isn't always the case -- when you create a new Apple ID, Apple sends you a verification email that asks you to enter your password after clicking a link, however this is the only exception to this rule that I've ever seen, and Apple only does it at the time you create an account, never at any other time. Every other time, it's a scam.

- Use two factor authentication if it's available! It stops account hijackers from getting into your account, even if they have your password. (Two factor authentication is not available on the CubeBuilders website yet, and we can't add it because Mojang does not yet have that feature for Minecraft itself, and being able to reset your CubeBuilders website account using your Minecraft account defeats the purpose of two factor authentication).

- Don't give your password to other people! Not even your best friend. Even if your best friend is very trustworthy, what if his/her phone falls into the wrong hands, and some bad guy reads the texts on the phone and finds your password? What if your best friend turns against you?

- Make sure your computer isn't infected with a virus, and don't talk to a technician on the phone -- always see a technician in person if you have computer problems! There are a lot of fake technicians out there that only want to gain access to your computer in order to gain information about you so they can steal your identity or empty your bank account into their pockets. (and I literally mean their pockets! Not their bank account. Once they've stolen your money, they'll withdraw it as soon as possible, and close their account. By then, that money is gone, and you're not getting it back!)

I hope these tips help you out in keeping things secure.

For those who have already lost their Minecraft accounts, there may be some hope. If you have access to the email account on the Minecraft account, you'll be able to recover it in under a minute. If you don't have access to the email, you'll have to answer the security questions you set on the account.

For those of you no longer have access to the email account, and forgot the answers to security questions, or just simply never set any security questions, you'll have to contact Mojang. Depending on how you bought Minecraft, you'll need to provide Mojang with these details:

Bought by Credit Card: Mojang will likely ask you to provide the last four digits of the credit card used to buy Minecraft.

Bought by PayPal: Mojang will likely ask you to provide the transaction ID, which you can find in your transaction history.

Bought by Minecraft code (for example you purchased a physical card at a store): You'll have to go dig your garbage can for that code again. Because if you don't know the code, you're not getting that account back.

A friend gave you a Minecraft gift code: Your friend should be able to see the gift code on his/her account, you should ask your friend for the code so you can provide that to Mojang when they ask for it to recover your account.

Note: Do NOT provide any of the above details to a CubeBuilders staff member. CubeBuilders staff will never ask for your password, and will never ask for any sensitive information regarding your Minecraft account or your CubeBuilders website account.

Re:Passwords and Security
Post by: OrzaRound - June 25th, 2016, 6:18:47 pm

In my opinion, I agree. But hackers seem to mostly think it's something crazy like 18936fheagvH or a name. So sometimes I think it would be best to try something a hacker might not guess.

Re:Passwords and Security
Post by: SiggiJG - June 26th, 2016, 9:12:01 am

[quote=LegendCraft888]In my opinion, I agree. But hackers seem to mostly think it's something crazy like 18936fheagvH or a name. So sometimes I think it would be best to try something a hacker might not guess.[/quote]

Hackers don't always try passwords manually -- they often use an automated program and multiple IP addresses to perform a wordlist attack. This is why commonly used passwords are always bad passwords, because a lot of people use them, they become more often within the first few attempted passwords in a wordlist attack.

Passwords and Security
Post by: OrzaRound - June 28th, 2016, 9:34:13 pm

Is there anyway to unlog like get rid of an Enjin account? i feel like the 2 Enjin sites I logged on aren't secure and I MIGHT be hacked

Powered by SiggiForum. Copyright © 2018 Use of this website, and the CubeBuilders game server subject to Terms of Service.  View our Privacy Policy.  CubeBuilders is neither endorsed nor affiliated with Mojang Synergies AB.  "Minecraft" is a trademark of Mojang Synergies AB.  Cookies are stored in your browser by this website for the purposes of improving your experience.  By accessing this website, you consent to the placing of cookies on your system. For information on Cookies, see our Cookies page.