2 minute read

We always treat our customers seriously and keep trying hard to make sure all the information is secure especially sensitive pieces such as passwords. That’s why we are still not providing password login because of course passwords are absolutely protected if we even don’t ask for them.

Today, we are pushing this further and make the password field for Bot optional!

Why password is needed to run Bot

Our Bot service (McBot) is actually a piece of code simulating Minecraft client to communicate with those Minecraft servers. Minecraft servers require any player must use a working Minecraft account and validate it with a username and password. Therefore, in case to connect to any Minecraft server, either an official Minecraft client, a third-party launcher, or McBot needs to use a username and password to launch the game. After successfully authentication, player can then join the game.

How we store passwords

Our service automatically encrypts all data before it is written to disk, including passwords. It’s done by server-side encryption automatically. We manages the cryptographic keys, and all the data is encrypted under the 256-bit Advanced Encryption Standard. Each encryption key is itself encrypted with a regularly rotated set of master keys. The data is automatically and transparently decrypted when used by an Bot only when necessary.

What is changed

We read some research from anonymous user behavior analysis, many users gave up us after signed in before creating any Bot. It could happen because of any concern regarding providing their Minecraft passwords. Although all data is encrypted persisted, it is a valid opinion still. We understand it and make a big improvement like this:

screenshot of bot creation without password

Password is optional now. Bot will ask for a password only when it starts running:

screenshot of bot asking for password

Instead of storing password before, the piece of information is only transfering through network and server memory. i.e. Password is not getting persisted or saved to disk anywhere across our service. (We also use SSL for any network communication within our services)

Disadvantage

Everything has its drawbacks. Without saving your password, your Bot will ask for password everytime when you try to start it, and the following features will be affected as well:

  • Auto-reconnecting: Since Bot does not remember the password, it may not be able to reconnect to servers if got disconnected.

If you don’t like those disadvantages, you can continue saving the password for your convenience. Remember, all your data is encrypted and stored securely.

You May Also Enjoy

Support Login with Microsoft Account

1 minute read

We have received many user reports regarding Bot login failures: Invalid credentials. Invalid username or password. After investigation, they were because we...

Keep your Minecraft Bot always online

1 minute read

This tutorial will show you how to keep your McBot always online. If you don’t know what McBot is, feel free to read our last tutorial here: AFK your Minecra...

AFK your Minecraft farms without a computer

1 minute read

This tutorial will show you how to AFK your Minecraft farms even without a computer or laptop. You may think it is not possible. Well, it is possible when yo...

Release V1.0 (Cobblestone)

less than 1 minute read

Today, we are excited to announce we finally have released our first public version aka V1.0 (Code name: Cobblestone)!