Must Read Compromised Account & Account Security

Discussion in 'Information & Rules' started by Nasty, Jul 16, 2018.

Thread Status:
Not open for further replies.
  1. Nasty

    Nasty Manager
    Staff Member Manager

    Joined:
    Jun 9, 2018
    Messages:
    42
    Likes Received:
    6
    Compromised Account & Account Security

    This thread is a FAQ regarding Account Security and Compromised Accounts, this is mainly for appeals and also general knowledge for all.

    =================================​

    IMPORTANT:
    - Please be sure to read this very carefully as it may help your case.
    - We recommend you to ask your Parent/Gurdian to read over the thread if there is anything you don't understand.
    - CurseHQ is not a part of the Mojang Team and we are unable to help you out with Mojang-related issues
    - If you have any Mojang-related questions, feel free to check their own Support FAQ at help.mojang.com

    =================================​

    Migrated Account
    Improving your account's security

    Unmigrated Accounts (Older Minecraft Premium Accounts):
    If you use your account's username to log in to the account, that means that your account is unmigrated. We highly recommend you to migrate your account by following the steps below.
    If you use an email to log in, please scroll down to "Migrated Accounts".

    Migrating your account:
    To migrate your old account, you will need to go to http://account.mojang.com/migrate. Fill in your Old Email, Username, Password and the E-mail you wish to use for your account as well as your Date of Birth, and read over the Tems And Conditions, then click the button to Migrate the account.

    Once migrated, you will be required to log in to Minecraft using your e-mail, instead of your Minecraft Username. Your account will now have some extra security.

    =================================
    Account Security
    Keeping your account secure
    =================================

    Passwords

    Passwords ensure the security of your account and it is your responsibility as a user/player to make sure that your account's passwords are strong and difficult to guess. Here are some tips to making and ensuring that your password is secure. You can also use this tips everywhere!

    1. Length of your password
    Make sure that your password is at least 8 characters long, the more the better. A long password is important to prevent users to try all of the possible combinations for a password.

    2. Make use of lowercase and UPPERCASE
    Use lowercase and uppercase latters throughout your password. If you can't remember which is lowercase and what isn't, you can also do an alternating pattern of lower and upper or any sort of pattern that you can remember easily

    3. Symbols
    You can also use symbols like [email protected]#$%^&*())-+=/:€£¥_^[]{}§|~ so that it will be much harder to guess. You can also replace a with @, s with $ and etc.

    4. Consecutive numbers/letters
    Don't use consecutive numbers or/and letters like 1234, 789, asdf, qwerty and etc. By doing so, it will be even harder to guess your password.

    5. Avoid filling information (passwords, personal information, etc) unless you are on an official site.
    Never enter your Minecraft Account Information anywhere except the official sites like https://minecraft.net/ and https://account.mojang.com/. Also make sure that on the search bar, there must be a gree lock with the word 'secure' next to it. Also, CurseHQ staff member will never ask your personal detail. If there is someone that claims to be CurseHQ staff member, report them to us at [email protected] or contact the managers at [email protected] / [email protected]

    6. Security Questions
    A security question is a form of a shared secred used as an authenticator. Want to change your password? We have to make that we are talking to the real you, not someone who got your password. Try to set your security questions so that you can remember but most importantly, most people won't know the answer. Make sure that the ones you set are 100% sure that you won't forget.

    7. Common words
    Try not to use common words as your password like "strongpassword" or "password" and etc. It will be extremely easy for people to guess.

    8. Try to avoid reusing password for different sites
    For all of the sites you use with sensitive information, use a different password. If someone gets one of your passwords, then they wont be able to access all of the sites you use.

    You can also use Strong Random Password Generator ( https://passwordsgenerator.net/ ) but make sure that you keep it somewhere safe!

    =================================
    Two-Factor Authentication
    Adding another layer of protection
    =================================

    Two Factor Authentication, also known as 2FA, is an extra layer of security that is known as "multi factor authentication" that requires not only a password and username but also something that only, and only, that user has on them.

    Large companies such as Google, Microsoft, Apple and Twitter offer this on their accounts already, either via an app such as Google Authenticator or via SMS messages to your phone.

    We also offer Two Factor Authentication for your CurseHQ forum account via a Two-Factor App or email. Check it out at https://cursehq.com/account/two-step

    [​IMG]

    Note:
    Always keep a copy of the backup codes given to you when you setup Two-Factor Authentication on any site just in-case you ever lose your phone. If you lose your phone for any reason and you don’t have these codes, you’re in the same position as a hacker and will be locked out of your accounts.

     
    • Like Like x 1
  2. Nasty

    Nasty Manager
    Staff Member Manager

    Joined:
    Jun 9, 2018
    Messages:
    42
    Likes Received:
    6
    =================================
    Avoid being compromised
    Double check before proceeding!
    =================================

    Here are some things to keep in mind when online:

    1. Check the URL (address bar)!
    When browsing websites, always check the link to make sure that it's what you would expect it to be. If you are prompted with a login form for your Minecraft/Mojang Account, make sure that the address is secure and is what you'd expect it to be (something like mojang.com or minecraft.net). If it is anything other than that (like m0jang.com/login-totally-safe), it's likely a phishing link, and the site is designed in such a way as to steal your login details.

    Ensure that there is a Green Lock with the word [Secure], begins with "https://", or a modified address that look similar like "Cur$ehq.example.com/login.aspx"

    [​IMG]
    [​IMG]

    [​IMG]

    2. Never give out personal information
    There is no reason why anyone should ever need your personal details/password on any site you visit. That information should be private to you and you only. If you are suspicious of it, you can etner random details such as "username", "password" or "homeaddress101". If it let's you "login", it is there to steal your details however, don't use this as a reliable test. Ensure that you've checked the site such as the lock and etc.

    Always double check on what websites you visit before entering your personal/private information!


    =================================
    Someone got my account, what to do?
    I can't login / logged out from my account
    =================================

    Don't panic. There is something wrong along the line and someone has gained access to you account. Do not panic. You'll need to remain clam and follow these simple steps

    Minecraft Account Related
    1. Ensure that your email is not compromised

    Your email address is the most important part of the account you use online and if someone got your email account, they could gain access to all of your account from across the web. If you feel unsure or insecure about it, you can change the password at any point of time.

    2. Minecraft Support Portal
    If your Minecraft or Mojang account got compromised, Mojang actually have a guide on their site about recovering these account. Link > https://help.mojang.com/customer/en/portal/articles/361483-my-account-was-stolen
    [​IMG]

    Other sites
    1. Change the password

    This should be the first thing you should do when any of your account gets compromised. Your email address is the most important part of the account you use online and if someone got your email account, they could gain access to all of your account from across the web.

    2. Try to reset the password on the site that your account got compromised
    After ensuring that your email is secure, try to request a password reset for your account (it should look something like "Forgot password?" or "Reset password" and etc). Follow the on-screen intructions like answering your security questions or enter your email address to verify that it is the real you who wanted to reset the password. Most sites will send an email regarding on the password reset so be sure to check your email once you've requested a password reset. If you can't reset the password, move to step 3. Otherwise, you should have changed the password and your account is no longer compromised.

    3. Attempt to reover the account if you can't reset the password
    If you can't reset the password due to email changed or etc, you can contact the support team or the site owners to help you. For example, if you can't reset your CurseHQ forum's password and your account is compromised, you should contact the support team at [email protected]. Although it may take some time but the support team will be able to assist you in recovering your account.

    =================================
    If you have any questions regarding or concerns about this topic, contact a staff member (preferably a high staff such as Manager) via Direct Message under the Conversation Tab.

    Thanks for reading and I hope that this thread helps you to create a strong password and ensuring that your account isn't compromised. There will be a Appeal (how to, evidence, and more) megathread soon, stay tuned!
    ~CurseHQ Management Team​
     
    • Like Like x 1
Thread Status:
Not open for further replies.