Security Update

SamsungRemotePC · Apr 13, 2022

Better safe then sorry!

RileyN · Apr 13, 2022

Appreciate you taking steps to ensure our safety and maintain resource integrity. Thank you!

c0ntxt · Apr 13, 2022

Well, that's gonna make a huge impact on the forums activity

byteful · Apr 13, 2022

This'll definitely affect site traffic, but it's probably worth it as many people will end up blaming MC-Market for their compromised accounts.

Analyticus · Apr 13, 2022

Thank you for taking good care of our account security!!!

Spaceley · Apr 13, 2022

Fry said:
There's a pro and a con to this.

User security is key but now users will be turned away from the site for having to use google authy now.

I would prefer google auth tbh, all though it's just 2FA through email? what's wrong with that?

Jasmine · Apr 13, 2022

I can see this going negatively for new users but most users with many purchases and is active probably has 2 auth anyways.

Ellie · Apr 13, 2022

Ministry said:
I like how everyone is supportive of this, but i'm not. MC-Market should not enforce 2FA upon their users. They can endorse it more, but they're going to loose a large chunk of users for this update.

We'll definitely look at alternate options as we want accessing and using MCM to be a smooth process. However, we have had to ban hundreds of accounts over just the last 24 hours due to the leak site automating the process completely. Whilst it is annoying and we would like to make it easier, please understand that the issue is serious and had to be addressed as such. It's not a couple people going through accounts one at a time, it's been completely automated and a constant stream of accounts each minute.

Hopefully we'll have an alternative soon, we've already begun looking into it.

BOOP · Apr 13, 2022

Ministry said:
I like how everyone is supportive of this, but i'm not. MC-Market should not enforce 2FA upon their users. They can endorse it more, but they're going to loose a large chunk of users for this update.

honestly, if someone is so against 2fa that they leave, I'd rather them just leave than try to please them

stifflered · Apr 13, 2022

Love the change! It may be tough for some people, but I value security

Ivan. · Apr 13, 2022

PG Bhai · Apr 13, 2022

Justis said:
View attachment 501531

Hey everyone!

Many of you are probably pretty annoyed right now at having to update your account credentials and enable 2FA. That’s completely understandable. So we wanted to take a minute to explain what’s going on and why it needed to happen.

Up until now, 2FA has been optional. Nobody likes having to navigate to their emails or find their phone in order to log into a website they frequently access, and we’ve always wanted to make using MCM a painless process.

However, unfortunately, not everyone can be trusted to use a strong and unique password for their MC-Market account, and in a marketplace like ours, trust is everything. If a resource buyer uses the same password for their MC-Market account as they use on another platform and that platform’s database is compromised, the resource authors that user purchased from are instantly at risk of having their products leaked.

Leak sites know this, and they’ve recently increased their efforts to get into the accounts of users of MC-Market as well as other resource oriented platforms, and download both the products the user has purchased as well as the products the user has authored themselves. We’ve even traced back the source of the credentials they’re using to be their own leaked database.

If you have an account on a leak site, you should assume that they’re going to use that account’s password to try logging into your accounts on other websites.

In a marketplace like ours, your account security doesn’t just impact you. It impacts everyone who relies on you to keep your account secured.

That’s why, starting today and for the foreseeable future, everyone will be required to set up 2FA. This way, we can trust and everyone can trust, that the only person who will ever be accessing your account is you. We may replace the 2FA requirement with other security features as we look for other options, but for now, this is how it must be.

If you have not already set up 2FA and you haven’t changed your password within the last week, you should have received an email prompting you to change your password as well.

We’d like to clarify for those who aren’t familiar with the terminology, that MC-Market’s database has not been leaked or compromised. It is merely 3rd party databases that are being used to test credentials against our platform. Nonetheless, this poses a threat to our users and we intend to protect against it.

A reminder to everyone, never under any circumstances use a password on more than one website. Also, please secure your emails. Your email is your last line of defense. If someone compromises your email, they have effectively compromised every account linked to that email. If you are at all unsure in your email’s security, go secure it now.

Thank you everyone for your patience and understanding.

thanks, a good decision for this community !!!

Post automatically merged: Apr 13, 2022

I suggest Google Authenticator and email authentication

L3GION · Apr 13, 2022

this 2fa enforce system changed the activity of mc market a lot lesser than earlier

in previous day before implementing the 2fa , i get daily 5-6 customers but now i got nothing after this implemented so i guess its mc market loss in this

Justis · Apr 13, 2022

Gulu said:
this 2fa enforce system changed the activity of mc market a lot lesser than earlier

in previous day before implementing the 2fa , i get daily 5-6 customers but now i got nothing after this implemented so i guess its mc market loss in this

It hasn’t even been nine hours since the change was made, and these last nine hours are historically some of the most inactive for the site because both the US and UK timezones are asleep. Let’s wait a full day before deciding if the day has been inactive.

SamsungRemotePC · Apr 13, 2022

Justis said:
It hasn’t even been nine hours since the change was made, and these last nine hours are historically some of the most inactive for the site because both the US and UK timezones are asleep. Let’s wait a full day before deciding if the day has been inactive.

We're awake now

Most of us, at least.

Ally · Apr 13, 2022

Justis said:
A reminder to everyone, never under any circumstances use a password on more than one website.

And wherever possible, use SSO. If a service offers Google login, use it (for example).
As counterintuitive as it seems, if it matters, you can reduce the number of places you can be breached by using SSO and subsequently fortify only your email.

Niccckk · Apr 13, 2022

I like the idea of requiring 2FA mostly.. IDK if this is possible, for example, if I sign into PayPal on my phone, You have to scan your fingerprint (or Face ID for you iphoners) to access your account. Something like that would be cool for MCM but I'm not sure how it'd be implemented on a website haha.

Post automatically merged: Apr 13, 2022

Ministry said:
I like how everyone is supportive of this, but i'm not. MC-Market should not enforce 2FA upon their users. They can endorse it more, but they're going to loose a large chunk of users for this update.

Why would they lose a large chunk of users? People are over dramatizing how "difficult" it is to use 2FA. You can make it remember your device for 30 days, so you only have to check your authenticator app once a month... it's not that hard.

Security Update

Justis

Community Member

SamsungRemotePC

RileyN

Net Sys Admin | AstroVPN CEO

c0ntxt

Advertisement God

byteful

Analyticus

Spaceley

❖ Flirting With Death ❖ https://spaceydevs.com

Jasmine

discord: jazminemc06

Ellie

Artist

BOOP

Director of Ops @ Zelphra

stifflered

Product Manager at GamerSafer (he/him)

Ivan.

PG Bhai

L3GION

Justis

Community Member

SamsungRemotePC

Ally

gσ∂∂єѕѕ σƒ мαтнѕ αη∂ мєℓσηѕ χσ

Niccckk

Niccckk's Services ▼ niccckk.xyz