I recently received an email from Mojang notifying me that someone had attempted to gain access to my account and that my password had been reset to protect my account. The email went on to mention that Mojang had not been hacked, and that my password was "stored in a strongly encrypted format". While most of you here on PMC won't know this, I spend my days writing code , and that sentence does not make me feel like my data is safe, because I understand what the word encrypted means, and I know that when it comes to passwords, encrypted helps, but is not much better then storing passwords in the open.The reason for this is that encrypting something means that you scramble and change it in a very specific way so that it looks like garbage to anyone looking at it. The problem is that you can use the same method to unscramble the information, and for passwords, this should never be an option. If you run a Google search on password security, you will find endless blogs discussing the right way to store passwords and what programs and algorithms to use, but they will all tell you a few things the same, and those are that storing passwords in plaintext (meaning exactly as typed) is the worst, and encrypting them is not much better.The proper way to store a password is with something called a salted hash. What this means is that you are scrambling your password similar to how encryption works, but it cannot be unscrambled. The end result of not being able to read the password is the same, but you have the added security of making it nearly impossible to find out what the password originally was. A salt is a small piece of additional data that is added to your password before this scrambling takes place so that someone cannot simply take the hash and try and figure out every possible password and what the hash is to compare against (a thing called a rainbow table).With this knowledge in hand, I went to the Mojang support as mentioned in the email about resetting my password to ask if this is what they meant when they mentioned strongly encrypted, as I understand most people that don't deal with computer security on a regular basis would not know the difference between encrypted and hashed, and I was hoping that they would respond with a quick "Ya, we hash them like McDonald's breakfast" and I would go on my merry way. What happened instead is that I received a message from Mojang support that they could not discuss that for security reasons. While it is reasonable to not be able to tell me which program or algorithm was used to scramble my password, not being able to tell me whether they can unscramble it is not.As Microsoft has recently purchased Minecraft for no small amount of money, I tried to contact their support team for assistance as they might be able to provide me with more information. While they were helpful, the only information they were able to provide me about Mojang and passwords was a link to their FAQ about making a good password, which can be seen here . If you have not yet checked out that article, do so and make sure that you follow it, as there is good information in it. The problem with the article is that it also does not mention whether the passwords are stored encrypted or hashed.I decided to write as I believe I have run out of options for getting an answer from a Mojang staff person regarding the security of my password data in the event of a data breach. While I follow the password guidelines and don't really have anything to lose other than my password for my Minecraft account, I know that our community has more than 20 million players on PC alone, and more than 100 million registered accounts, and that number is growing. While searching for some basic info about this, I stumbled upon this blog post from January 2015 from Mojang, which mentions that passwords are "super encrypted". I found this through the Reddit thread that it was linked from, and many of the same arguments I have listed here were listed in that discussion as well (thread can be found here ), and while there was official response to some of the comments, it was asking about accounts that had been compromised, not about the password policy.Everyone has heard about Minecraft accounts getting hacked in the past, it is a thing that happens, though usually from someone downloading a shady Minecraft client or installing some bad mods and has not, so far, been the result of a breach of Mojang's databases. With that said, nobody is unbreachable, as massive companies breaches on companies like Twitch, Sony, and Nintendo prove year after year ( List of hacks ). With the massive size of Minecraft and their acquisition by Microsoft for $2 billion, they will eventually be targeted for an attack, and the security of how they store their data will determine how bad the eventual breach is. I hope everyone joins me in asking Mojang to be transparent on how our data is stored and to let us know if our password information is safe.~Zaralith