Welcome to Pawncraft!

Want to become a part of our growing community? Sign up Today!

Sign Up
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. we are running version 1.12
    | Join us at IP: pawncraft.co.uk |
    Dismiss Notice

Security Update

Discussion in 'Announcements' started by Pawned, 6 Oct 2017.

By Pawned on 6 Oct 2017 at 17:38
  1. Pawned

    Pawned Founder Staff Member

    Top Poster Of Month

    Joined:
    19 Sep 2010
    Posts:
    10,424
    Likes Received:
    687
    Hi All,

    Today I'm bringing you an update to help secure your Pawncraft account.

    From this day forth you will be able to set a password on your account so that when you login to the server you will be unable to do anything unless you type /login <password>.

    The setup is simple, simply type /register <password> <password> in-game to secure your account.

    For those of you thinking "Well what's the point?" I'll name just a couple.

    Scenario A: Your Minecraft account gets hacked, they login to Pawncraft and start griefing yours and other people's stuff. Assuming you get access to your account back you need to go through a lengthy process with the Pawncraft administration to prove that you a) didn't grief in the first place and b) aren't the person who hacked your account. By having a password set within Pawncraft your hacker won't be able to cause any harm, if they try guessing your password they'll be kicked by the third attempt.

    Scenario B: You're sharing your account with a sibling, for playing in SinglePlayer, but your sibling decides to click onto the Multiplayer tab and just can't help but join Pawncraft, they then start breaking your stuff, wreaking havoc upon the world. But having an extra password set within Pawncraft prevents this.

    For those of you curious "Well can't Pawned just check the files and see our passwords?!?!?" the answer is simply no.

    Firstly, when you run the /register and /login commands these are not logged to the console like regular commands, so we have no idea that you've even run the commands. Secondly, all passwords use military grade encryption to ensure that we (or anyone who manages to somehow steal our data) cannot find out your passwords.

    And for the final part of the update... Admins, this is mandatory for you and you will be forced to /register when you next login to the server. This is to ensure the server is safe from massive worldedits being run, etc. should your account get hacked.
     
    #1
    Captain_Reginald and vbguy21 like this.
Tags: this article has not been tagged

Comments

Discussion in 'Announcements' started by Pawned, 6 Oct 2017.

    1. Captain_Reginald
      Captain_Reginald
      Good thing I read this. I was confused for a minute. xD Sounds like a good plan... that should prevent anything like that last destruction of spawn from happening again.
    2. Sushimitzu
      Sushimitzu
      Salted? What hashing algorithm?
    3. Pawned
      Pawned
      Yes, using PBKDF2 with HMAC-SHA1

      Sent from my SM-N950F using Tapatalk

Share This Page