Start a conversation

Account Security Guide

In this guide, we’ll be providing some general advice on how to keep secure online, including some tips of passwords, two-factor security, avoiding becoming compromised, and how to recover accounts which have been compromised.

Passwords

Passwords are something all of us have online, for all of the various accounts we have. To help you to create secure passwords, we’ve come up with some general password security tips which you can find below.

Password Security Tips:

  • Use reasonably long passwords.
    Where possible, use passwords which are at least 12 or more characters in length (a longer password is better). This helps to make your password far harder for a person or machine to guess or brute force (obtain through lots of login attempts).

  • Use a range of characters for your passwords.
    Use a variety of character types, including letters (capital and lowercase), numbers and special characters (e.g. !, @ and #). That said, be careful with common substitutions. “P4aS5W0rd!” is still not a necessarily a secure password and can be guessed.

  • Keep passwords unique for each account online.
    This makes sure that if a person obtains your password for one site, they don’t have your password for any others, and restricts any damage they can do.

    If you struggle to remember passwords, you can use a password manager application to remember them for you, and some even come with strong password generators to make secure passwords for you for each service you need one for.

  • Setup security questions.
    Where available, setup security questions so that websites will confirm that you are you when taking certain actions on them. For example, Mojang accounts with security questions can’t change their passwords or email addresses without filling out the security questions.

As a extra tip on email addresses rather than just passwords, you may also want to use a separate email address which is not given out to anyone for more important accounts or, if you use Google's Gmail, using a postfix on your address to make it unique (and harder to guess) for some accounts.

  • Gmail Address:

    • If you use a Gmail email for your accounts, you can use this trick to "change" your email to make it more unique and harder to guess.

      You can do this by adding a + after the name part of your email address (before the "@" sign), and then adding some text after that. For example, if you owned the email address [email protected], you could use example+123@gmail.com, example+jamie@gmail.com or example+manycharacters@gmail.com. Any email sent to any of those addresses will end up in the inbox for [email protected]

      Of course, you still need to remember this email yourself to login to these accounts, so don't make it too random that you don't remember it yourself just like your password.

Two-Factor Authentication

On top of passwords, some sites offer a service called Two-Factor Authentication (sometimes also called 2FA or Multi-Factor Authentication). This method of security uses a second device to generate a code which you need to login to your account, and means that even if your password is discovered by someone else they still cannot login to your account as they can’t generate a code for your account.

Large companies such as Google, Microsoft, Apple and Twitter offer this on their accounts already, either via an app such as Google Authenticator or via SMS messages to your phone. We also offer Two-Factor Authentication for your Hypixel forums account on the website via a Two-Factor app on your phone, which you can find out more about here.

Though this is something that most people won’t use for all of their accounts, we do advise it for your more important accounts such as email accounts.

Note: Always keep a copy of the backup codes given to you when you setup Two-Factor Authentication on any site just in-case you ever lose your phone. If you lose your phone for any reason and you don’t have these codes, you’re in the same position as a hacker and will be locked out of your accounts.

Avoiding Becoming Compromised

There are some general things which you should always keep in mind when on the internet to make sure that you don’t accidentally give out your password to someone or do anything which may lead to that happening. To help you with this, we’ve come up with a list of things to do to make sure you are secure when browsing the internet.

Things to keep in mind when online:

  • Always check the URL (address bar)!
    When clicking on any links on the internet, always check the link to make sure it’s what you expect it to be. For example, if you’re being presented with a login form for your Minecraft / Mojang account, make sure the address is what you’d expect it to be (either something at mojang.com or minecraft.net). If it’s anything else, it’s likely a phishing link, and the site is designed in such a way as to steal your login details.

    This example is based on the Hypixel website. A login request on the top one would be safe to fill out with your account details, however the second two would not and would likely be there in an attempt to steal your login details.

    Real link:
    Fake links:
     
  • If it’s too good to be true, it is!
    A generally good principle to use everywhere. If something seems to good to be true online, it almost certainly is. If you get a message from someone saying they just found a link to get free Minecon capes, this is a prime example. After all, do you really think that a random person just happened to come across a link to get free capes?

  • Never give out personal details!
    The main one to take note of here. There is no reason why anyone should ever need to ask you for your password on any site you visit ever. That information should be private to you and you only.

    As a general tip, if you get a site asking for you to login and you’re suspicious of it, try entering some random details such as “username” and “password”. If it let’s you “login”, it’s there to steal your details. That said, don’t treat this as a reliable test either.

I’ve Been Hacked! What Do I Do?!

So something’s gone wrong somewhere along the line and someone has gained access to your account. First things first: don’t panic. While this is a serious situation, you’ll need to be calm while sorting things out as you would in any emergency situation.

  1. Change the password on your email account.
    This is the first thing you should do when any account of yours becomes compromised. Your email address is the central part of the accounts you use online and if someone were to get access to it they could potentially gain access to all of your other accounts.

  2. Attempt to recover the compromised account by resetting password.
    Once your email is secure, attempt to request a password reset for the compromised account. With any luck the email address was not changed and fixing the matter should be as simple as receiving the password reset email and changing your password. If this works, change the password to something new (following our password advice above), and you’re in the clear. If it doesn’t work, move on to step 3.

  3. Attempt to recover the compromised account if you can't reset the password.
    If the email address has been changed, your next step is to attempt to contact the owners of the service the account was for. For example, if your Hypixel website account became compromised your next step would be to contact our support team using the ticketing system at support.hypixel.net. Though these may take some time, most support teams will be able to assist you in recovering your account.

If it's your Minecraft or Mojang account which has been compromised, Mojang have a brief guide on their support site about recovering these accounts here: https://help.mojang.com/customer/en/portal/articles/361483-my-account-was-stolen

Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Jamie

  2. Posted

Comments