[MC-10854] Mojang Account: Don't use security qestions Created: 03/Mar/13  Updated: 24/Jul/20  Resolved: 03/Mar/13

Status: Resolved
Project: Minecraft: Java Edition
Component/s: None
Affects Version/s: Minecraft 1.4.6
Fix Version/s: None

Type: Bug
Reporter: Aaron McBride Assignee: Unassigned
Resolution: Invalid Votes: 0
Labels: security
Environment:

all


Confirmation Status: Unconfirmed

 Description   

Security questions are a terrible way to do security.
http://www.schneier.com/blog/archives/2005/02/the_curse_of_th.html

Please remove them from the Mojang account system or at least provide a secure alternative such as 2-factor authentication. Security questions are too easy to guess through common knowledge or even to brute force. Google provides some nice open source code that you can use.

https://code.google.com/p/google-authenticator/

Sample: http://blog.tinisles.com/2011/10/google-authenticator-one-time-password-algorithm-in-javascript/



 Comments   
Comment by Tails [ 03/Mar/13 ]

This is not a Minecraft bug.

Comment by Tails [ 03/Mar/13 ]

Please do not mark unreleased versions as affected. You do not have access to this yet.

Generated at Sun Jan 12 12:25:44 UTC 2025 using Jira 9.12.2#9120002-sha1:301bf498dd45d800842af0b84230f1bb58606c13.