I'd like to create an account here, but I do not want to register with Twitch or link an existing Twitch account. Is there any way to create a MCF account directly? Thanks for your help.
I know, I know -- "You just posted. You've already got an account!" I was forced to create this throwaway account just to post this question, but will not be using it beyond this post and will just have to settle for not having an account here at all if I can't create an MCF specific one
Minecraft Forum is owned and operated by a subsidiary of Twitch, we do not offer the option to create a Minecraft Forum account directly, you must create a new Twitch account or log in with an existing Twitch account.
Bummer. I do not use logins that are shared across sites because of the security risk they present, so I guess I'll do without having an account here or maintain two Twitch accounts (annoying). Thanks for the reply.
Bummer. I do not use logins that are shared across sites because of the security risk they present, so I guess I'll do without having an account here or maintain two Twitch accounts (annoying). Thanks for the reply.
Can you clarify the security risk you're talking about? I can help you better understand our system if you're concerned. Due to the way that our system works there should be no security risk of using Twitch login, and because Twitch offers 2 factor authentication your account is more secure than it would have been under the previous on-site system -- which didn't offer 2fa.
Can you clarify the security risk you're talking about? I can help you better understand our system if you're concerned. Due to the way that our system works there should be no security risk of using Twitch login, and because Twitch offers 2 factor authentication your account is more secure than it would have been under the previous on-site system -- which didn't offer 2fa.
Do you use the same login for MCF and your bank account, yes ???
Then I should rather inform you (an admin) about the fact that (among other) there is the rule never to use the same login (same username and password) for several pages. Otherwise there is a risk that if one access is stolen, the attacker has access to all others. And you've implemented this vulnerability here .... good job.
And besides, it's pointless to ask for a twitch account from someone (like me) which only contributes to the wiki. What's next: A cooperation with Apple, Google or your favorite dentist? And should I also create an account with them, just to continue working on the wiki ?
And then to your highly praised 2-factor authentication: First, it is not a 100% protection, there are several ways to counteract such things (eg,
man-in-the-middle attacks). In addition, you offer this only via mobile phone app. Why no software token such as WinAuth (https://github.com/winauth/winauth) ? Oh right ... you want our mobile number.
A question on the edge: How much money or benefits do you actually get from analytic- and advertising companies or maybe secret services for an account and the mobile number ?
Do you use the same login for MCF and your bank account, yes ???
Then I should rather inform you (an admin) about the fact that (among other) there is the rule never to use the same login (same username and password) for several pages. Otherwise there is a risk that if one access is stolen, the attacker has access to all others. And you've implemented this vulnerability here .... good job.
And besides, it's pointless to ask for a twitch account from someone (like me) which only contributes to the wiki. What's next: A cooperation with Apple, Google or your favorite dentist? And should I also create an account with them, just to continue working on the wiki ?
And then to your highly praised 2-factor authentication: First, it is not a 100% protection, there are several ways to counteract such things (eg,
man-in-the-middle attacks). In addition, you offer this only via mobile phone app. Why no software token such as WinAuth (https://github.com/winauth/winauth) ? Oh right ... you want our mobile number.
A question on the edge: How much money or benefits do you actually get from analytic- and advertising companies or maybe secret services for an account and the mobile number ?
You're misunderstanding what "shared login" means. Shared logins are a security concern when you're sharing a password across multiple services. This is a security concern because you do not know what a service is doing with your password, the service could be storing your password in a recoverable form. However, with OAuth (and OpenID) you are not sharing your password across multiple services. The Minecraft Forum does not know your password and can not know your password. You click log in on the Minecraft Forum and you are loading a Twitch served page, which accepts your password and authenticates you. This is not a security concern, this is the same approach that companies like Amazon, Google and Facebook use.
The Minecraft Forum does not have access to your mobile phone number and we can not (and would not) sell your mobile phone number to any third party. The 2FA service Twitch uses (called Authy) is an authentication service, not a marketing service. You can read the or reach out to the Twitch support team for any further information you require.
As far as I know (although I'm not a security professional) there is no man in the middle weakness in 2FA itself, rather some implementations (i.e sms based) can have vulnerabilities. However, as noted, Twitch makes use of Authy which does not require the use of SMS (although it does support it, if you wish to use it). Personally, I do not use SMS for 2FA when logging into the Minecraft Forum or any other Twitch website.
[...] You click log in on the Minecraft Forum and you are loading a Twitch served page, which accepts your password and authenticates you. This is not a security concern, this is the same approach that companies like Amazon, Google and Facebook use.
OK it's not the same as "the same login for MCF and the bank account" ... but the danger is the same, through the bundling of multiple services/plattforms. If anyone steals my twitch password, whether from me or from your servers, he has access to Twitch, MCF, Gamepedia, and to all other platforms that have been incorporated (which I haven't had to merge to my Twitch account yet).
Yes, and it says: "However, no security precautions or systems can be completely secure." And I can understand that.
Besides I know that you must comply with the legal data protection regulations (such as Facebook... lol). But the problem is that, as in many countries, the laws are insignificant for some state institutions, and no longer worth the paper (or harddrive) they're written on.
That's no offense to you. But your choices to bundle access and to provide only 2FA via mobile phone number, provides a lot of targets for others.
I'd like to create an account here, but I do not want to register with Twitch or link an existing Twitch account. Is there any way to create a MCF account directly? Thanks for your help.
I know, I know -- "You just posted. You've already got an account!" I was forced to create this throwaway account just to post this question, but will not be using it beyond this post and will just have to settle for not having an account here at all if I can't create an MCF specific one
Minecraft Forum is owned and operated by a subsidiary of Twitch, we do not offer the option to create a Minecraft Forum account directly, you must create a new Twitch account or log in with an existing Twitch account.
Bummer. I do not use logins that are shared across sites because of the security risk they present, so I guess I'll do without having an account here or maintain two Twitch accounts (annoying). Thanks for the reply.
Can you clarify the security risk you're talking about? I can help you better understand our system if you're concerned. Due to the way that our system works there should be no security risk of using Twitch login, and because Twitch offers 2 factor authentication your account is more secure than it would have been under the previous on-site system -- which didn't offer 2fa.
Do you use the same login for MCF and your bank account, yes ???
Then I should rather inform you (an admin) about the fact that (among other) there is the rule never to use the same login (same username and password) for several pages. Otherwise there is a risk that if one access is stolen, the attacker has access to all others. And you've implemented this vulnerability here .... good job.
And besides, it's pointless to ask for a twitch account from someone (like me) which only contributes to the wiki. What's next: A cooperation with Apple, Google or your favorite dentist? And should I also create an account with them, just to continue working on the wiki ?
And then to your highly praised 2-factor authentication: First, it is not a 100% protection, there are several ways to counteract such things (eg,
man-in-the-middle attacks). In addition, you offer this only via mobile phone app. Why no software token such as WinAuth (https://github.com/winauth/winauth) ? Oh right ... you want our mobile number.
A question on the edge: How much money or benefits do you actually get from analytic- and advertising companies or maybe secret services for an account and the mobile number ?
You're misunderstanding what "shared login" means. Shared logins are a security concern when you're sharing a password across multiple services. This is a security concern because you do not know what a service is doing with your password, the service could be storing your password in a recoverable form. However, with OAuth (and OpenID) you are not sharing your password across multiple services. The Minecraft Forum does not know your password and can not know your password. You click log in on the Minecraft Forum and you are loading a Twitch served page, which accepts your password and authenticates you. This is not a security concern, this is the same approach that companies like Amazon, Google and Facebook use.
The Minecraft Forum does not have access to your mobile phone number and we can not (and would not) sell your mobile phone number to any third party. The 2FA service Twitch uses (called Authy) is an authentication service, not a marketing service. You can read the or reach out to the Twitch support team for any further information you require.
As far as I know (although I'm not a security professional) there is no man in the middle weakness in 2FA itself, rather some implementations (i.e sms based) can have vulnerabilities. However, as noted, Twitch makes use of Authy which does not require the use of SMS (although it does support it, if you wish to use it). Personally, I do not use SMS for 2FA when logging into the Minecraft Forum or any other Twitch website.
OK it's not the same as "the same login for MCF and the bank account" ... but the danger is the same, through the bundling of multiple services/plattforms. If anyone steals my twitch password, whether from me or from your servers, he has access to Twitch, MCF, Gamepedia, and to all other platforms that have been incorporated (which I haven't had to merge to my Twitch account yet).
Yes, and it says: "However, no security precautions or systems can be completely secure." And I can understand that.
Besides I know that you must comply with the legal data protection regulations (such as Facebook... lol). But the problem is that, as in many countries, the laws are insignificant for some state institutions, and no longer worth the paper (or harddrive) they're written on.
That's no offense to you. But your choices to bundle access and to provide only 2FA via mobile phone number, provides a lot of targets for others.