back to article 71,000 Minecraft World Map accounts leaked online after 'hack'

Some 71,000 user accounts and IP addresses have been leaked from Minecraft fan website Minecraft World Map. The dumps, reported by Australian security researcher Troy Hunt, include email addresses, IP address data, usernames, and passwords for popular site Minecraft World Map. Login passwords were salted and hashed, and …

  1. Real Ale is Best
    Boffin

    Correct Horse...

    Battery Staple

    1. This post has been deleted by its author

      1. Baldy50

        Re: Correct Horse...

        So does this pass the test?

        The first seven characters are from a previously owned vehicles reg plate and the last two stand for shit car!

        I do this with a few of my passwords and remember them because the vehicle was memorable in some way.

        Mc04dYtSC

        1. Doctor Syntax Silver badge

          Re: Correct Horse...

          "The first seven characters are from a previously owned vehicles reg plate"

          I can only even remember 3 of my car number plates: the first because, well, it was first, second because it was my MG and it was an easy one to remember and my current one because I have to. As soon as one becomes no longer current, it's gone.

    2. Pascal Monett Silver badge

      So we're debating password creation methods ?

      Well I have a root string, a website-dependant string and I tack on the year I created the account.

      So, if we say that my root is "golf" (duh, it isn't), then my password for El Reg could be golfEL2016 if I had created my account this year.

      I have a password manager as well, I use it for sites which I prefer having extended security on. Sites like these, with only forum activity, are not sites which I feel need to have a 32-bit salted cipher.

      1. This post has been deleted by its author

        1. Doctor Syntax Silver badge

          Re: So we're debating password creation methods ?

          "by guessing the year"

          There isn't even a need to guess as far as el Reg is concerned. Just click on the handle at the top of the comment.

  2. Pascal Monett Silver badge

    DHCQ recommends "stop punishing users with regular password resets"

    Coming from them, I immediately think that the sentence should continue with "so that we have more time to crack them".

  3. Cameron Colley

    A password manager?

    So how exactly am I supposed to use a password manager when I don't control the machine I'm working on? My personal passwords are easy enough to remember and I do as mentioned and re-use passwords on sites where money and/or personal details aren't involved. But how can I use a password manager to remember the 8 to 10 passwords I have to use at work daily? Then there's the fact I have two PCs and a phone so I'd need a list somewhere to populate the password managers on those and if I've got a list why do I need password managers when I can just lock up the list? What happens when, for some reason, I loose access to my PCs, how do I get the passwords back?

    Yes, I know password managers an be helpful to some who have a lot of online passwords but they're the answer to a specific case not all cases.

    1. This post has been deleted by its author

      1. Doctor Syntax Silver badge

        Re: A password manager?

        "It's open source."

        Not a lot of use to the OP if he can't install anything on his work machine. The best would be to run it on a personal device and then type in passwords manually.

    2. Doctor Syntax Silver badge

      Re: A password manager?

      "So how exactly am I supposed to use a password manager when I don't control the machine I'm working on?"

      A good point. It's something that sysadmins need to consider. Add a password manager to standard builds. Encourage its use.

    3. Alan Edwards

      Re: A password manager?

      I use KeePass. v1.x doesn't need any extra libraries, runs straight off a USB drive, and doesn't need Admin or anything. That is my master list, DropBox handles syncing the database onto the iPad, phone etc.

      The USB drive has a TrueCrypt volume on it, KeePass sits in the TC volume. The portable version of TrueCrypt also runs without needing Admin IIRC.

  4. ecofeco Silver badge

    Minehack!

    Ought to be a game.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019