In going to change my password, I've found another flaw in your security. Specifically, this, "Not strong enough! Must be at least 6 characters. Mix numbers, letters and symbols."
Why is this a security flaw? It's a set of rules. A program designed to "brute force" a password (and technically more sophisticated ones as well) can be coded to follow those rules. That means that it has just drastically reduced the number of possible "passwords" that it has to attempt in order to find the real one, because each combination of characters that is not "at least 6 characters. Mix numbers, letters and symbols." is automatically not a password, and thus not attempted. However, it's actually even worse than that. Anyone with a passing knowledge of psychology can take things one step further with their cracking software. By limiting the attempted passwords to things that follow certain common patterns, like "leet speak" or tacking a number onto the beginning/end of a password (typically either a single digit, a birthdate, the last part of a social security number, or the end of a phone number), it is possible to eliminate a large volume of valid but unlikely passwords. While this may sometimes result in missed matches, it will more often than not speed up accessing an account...and you can't simply make a rule against it, because 1) a hard rule would just be one more thing that a hacker could code for, and 2) it is easier to code these behaviours for a cracker than for the password system, because one does not have to concern itself with the inconvenience of "false positives".
So, in short, strict rules on password composition may be great for keeping out characters from the 90's movie "Hackers", but they're actually pretty counter-productive when it comes to methods of automated intrusion.
I am not going to change my password. It's the best password ever and there is 0% chance of anybody finding it out. You would have to be a member of my family to know a single part of it, and even then there are an infinite amount of words and names in the english language.
Because your password may have been seen before the exploit was fixed. In any case, having 1 password for everything is dangerous. All it takes is for somebody to guess that 1 password and then they have everything from game logins to credit card and bank info. If you have trouble remembering passwords there are tools that can help with that, LastPass for example.
I don't even understand what this hacking thing is. Why are they attempting to hack our accounts? It doesn't seem like a big deal to me, unless somebody actually hacks my account and destroys it.
No, openSSL has an exploit. That includes many other sites other than mojang/minecraft. I just need to know if those other sites have any vulnerabilities, and apparently steam does and a huge chunk of other sites according to multiple sources.
(I found this out now via my research)
EDIT: Apparently only linux based systems are affected by this, good thing I have windows.
I have windows 7 too so do I have to change my password?
What is a Mojang Acount???? i have a minecraft account, but how do i change my password?? by the way i was trying to play on some servers but it says: Failed to login:Invalid session (try restarting your game). does this mean ived been hacked?!?!?!?!?
Well so there's something called OpenSSL. It protects what you typed (like passwords and so). But the- re's a bug that people can see what you typed. AKA they can see your passwords etc. Websites that use passwords are affected by this bug. So you can get hacked. Mojang fixed this ,but they are telling you to change your password just in case someone saw you password. Oh and the invalid session thing does NOT mean you've been hacked.
The Meaning of Life, the Universe, and Everything.
its not just minecraft, its called SSL Heartbleed, its affecting millions of websites, like yahoo, facebook, steam, possibly the google services we use like gmail and youtube, the list is seemingly endless, so its recommended u change ur password to most if not all websites you use and are a member of
Rollback Post to RevisionRollBack
"Hello, this is Cayde-6 of the Vanguard. I realize that this is an abuse of the Tower PA, but whoever took my Sparrow, I will find you. And you'll wear a sign that says you stole... nevermin, nevermind. It's right here, sorry"