Just saying, traditional two factor authentication does nothing if someone has your e-mail. I've seen individuals try to access my e-mails and steam about 10 times in the past 3 months alone Asking for a password reset on these sites sends a reset code to your e-mail. You then insert the code into the site 'reset area' (or steam reset area) and are able to type any password you want... If you have two-factor authentication, I would 'at minimum' recommend having a separate password for the e-mail from the websites you use the e-mail on ... This way it reduces the chance someone can use the reset option, even if your e-mail is compromised (From knowing the password - If someone has access to the databases, not so much). If you do get your e-mail compromised: Reset your e-mail password Change the associated e-mail on the sites you have initially were using it on.
The authentication we are likely going to be using is a little more special, but great advice for in general practice.
I recommend people use Gmail, in which you can use App Based 2FA. But i'm going to look at non standard means (not email) for the 2FA and make the game/forums not even tell you how to verify the connection, so staff will just know from their training but nothing else will tell you, so unauthorized access wont even know where to try to verify it.
Yeah I feel an external app would be better as it reduces the chances of KeyLogging on the main device you are currently using. Plus I feel having a reset code being sent to the e-mail defeats the whole purpose of preventing unauthorized access. No problem | I also forgot to mention: If you are scared that you might have a KeyLogger (A silent program, virus, extension, etc. that tracks what keys you type) I recommend doing one of three things... Type what you want as your password along with random jargon Then use your mouse to copy/paste what you need - so if someone is keylogging you, it may look jumbled. Reset the password on a different device (Your phone/ipod/tablet etc) Disconnect your device from the internet, clear internet data, run some anti-malware programs, re-enable internet, and reset password using a different browser. It's not always a KeyLogger issue, though - A lot of individuals outside of the United States access databases directly and just sniff out your information... I noticed with me, my gmails were fine, but every affected e-mail kept always being Yahoo (so maybe their security isn't the greatest)
I swear if your password was skittles... "Yes the password is skittles!" said the little troller/hacker.
there were some recent security issues on OTHER minecraft sites, and I'm assuming that's how they got ahold of chins password. The guy's been posting about password leaks. Lesson Learned: Only play on EMC.
Just because someone's SS on EMC doesn't guarantee technology discipline. In life in general, most people tend to slack off until they get bit, and then they get better. It's the sad way most people learn, but it's usually what happens. Case in point: Same thing with me @ my backups.... They were not a member of EMC. They just found Chins password, then found things related to him to try his PW on multiple sites.
I use LastPass and use a unique password on every site. It makes it very easy to do so while using LastPass. I haven't made the jump to using the ubikey for 2-factor as well but this is still pretty secure.
