[MC-10854] Mojang Account: Don't use security qestions Created: 03/Mar/13 Updated: 24/Jul/20 Resolved: 03/Mar/13 |
|
| Status: | Resolved |
| Project: | Minecraft: Java Edition |
| Component/s: | None |
| Affects Version/s: | Minecraft 1.4.6 |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Aaron McBride | Assignee: | Unassigned |
| Resolution: | Invalid | Votes: | 0 |
| Labels: | security | ||
| Environment: |
all |
||
| Confirmation Status: | Unconfirmed |
| Description |
|
Security questions are a terrible way to do security. Please remove them from the Mojang account system or at least provide a secure alternative such as 2-factor authentication. Security questions are too easy to guess through common knowledge or even to brute force. Google provides some nice open source code that you can use. https://code.google.com/p/google-authenticator/ Sample: http://blog.tinisles.com/2011/10/google-authenticator-one-time-password-algorithm-in-javascript/ |
| Comments |
| Comment by Tails [ 03/Mar/13 ] |
|
This is not a Minecraft bug. |
| Comment by Tails [ 03/Mar/13 ] |
|
Please do not mark unreleased versions as affected. You do not have access to this yet. |