Start a conversation

Account Security Guide

In this guide you will learn about general account security, and why your account may have been banned.

Your account may have had suspicious activity or even worse it was compromised. We’ll explain why you may have been banned, how to appeal your ban, and give you account security advice along with preventing yourself from being compromised.

If you are not banned but you are still looking for advice then you can click the Account Security Advice section found below in Contents.

My account was banned, why?
How can I get unbanned?
Account Security Advice
Two Factor Authentication
Avoiding being Compromised
I've been hacked! What do I do?!

Clicking a section will take you directly to it.

 My account was banned, why?

We issue these bans for a few reasons; these include but are not limited to:

  • Irregular login activity on your account
    Multiple countries in quick succession
  • Irregular chat activity on your account
    Spambot-like behavior
  • Account Sharing
    If your account was used for cheating, most likely you will get a cheating ban. Regardless of who was cheating, we can't know who's sitting at the computer.
    If the person you share with cheats, and we connect you to said person, we might ban you to keep your account safe.
  • VPN Usage
    VPN usage could lead to a ban because other people might be using the same one and cheating.
  • Exposure to phishing
    In some cases, depending on the nature of the attempt, we may preemptively ban your account just in case.

   How can I get unbanned?

In most cases, the issue is as simple as securing your Minecraft account. You should change your password and use security questions if you do not already. If you have a Mojang account, you can do this at the Mojang website on the accounts page here:

If you have an older account and have not migrated it over to a Mojang account, you should do this first as these accounts are more secure in general than older accounts and have other benefits as well. The way you can tell if you have done this is the username you use to login to Minecraft. If you use an email address, you have already migrated your account. If you still use your Minecraft username (the one displayed in-game) to log in, you have not migrated your account.

After you have received a ban for Compromised Account or Account Security Alert, you will be able to create and submit an appeal here:

You will need a account to appeal. If you do not have one then you can create one by following this guide:

Once your appeal has been accepted, you will enter a recovery phase and will be able to access the server again after 30 days. You will NOT be allowed to appeal this temporary ban and support will not lift the ban before it expires.

Use this time to read the rest of our guide to ensure you secure your accounts and prevent yourself from being compromised. Make sure you change passwords, emails, and security questions of other accounts as any other accounts you have may have been compromised as well.

While we understand that mistakes happen, if your account is repeatedly broken into the Appeals team will not be able to unban it continually. 

If you are having issues appealing your Account Security Alert ban or Compromised Account ban, then please view our Common Appeals Issue guide found here:

   Account Security Advice

No Account sharing! First and foremost, the only person who should have access to your account is yourself. It is ultimately up to you to secure your account and avoid being compromised. We can only do so much to protect our players and that is why you are responsible for any actions taken on your account. Read further for advice on passwords, 2fa, avoiding being compromised and what to do if you've been hacked.


Passwords are something all of us have online, for all of the various accounts we have. To help you to create secure passwords, we’ve come up with some general password security tips which you can find below.

Password Security Tips:

  • Use reasonably long passwords.
    Where possible, use passwords which are at least 12 or more characters in length (a longer password is better). This helps to make your password far harder for a person or machine to guess or brute force (obtain through lots of login attempts).

  • Use a range of characters for your passwords.
    Use a variety of character types, including letters (capital and lowercase), numbers and special characters (e.g. !, @ and #). That said, be careful with common substitutions. “P4aS5W0rd!” is still not a necessarily a secure password and can be guessed.

  • Keep passwords unique for each account online.
    This makes sure that if a person obtains your password for one site, they don’t have your password for any others, and restricts any damage they can do.

    If you struggle to remember passwords, you can use a password manager application to remember them for you and some even come with strong password generators to make secure passwords for you for each service you need one for.

  • Setup security questions.
    Where available, setup security questions so that websites will confirm that you are you when taking certain actions on them. For example, Mojang accounts with security questions can’t change their passwords or email addresses without filling out the security questions.

As a extra tip on email addresses rather than just passwords, you may also want to use a separate email address which is not given out to anyone for more important accounts or, if you use Google's Gmail, using a postfix on your address to make it unique (and harder to guess) for some accounts.

  • Gmail Address:

    • If you use a Gmail email for your accounts, you can use this trick to "change" your email to make it more unique and harder to guess.

      You can do this by adding a + after the name part of your email address (before the "@" sign), and then adding some text after that. For example, if you owned the email address [email protected], you could use, or Any email sent to any of those addresses will end up in the inbox for [email protected]

      Of course, you still need to remember this email yourself to login to these accounts, so don't make it too random that you don't remember it yourself just like your password.

 Two-Factor Authentication

On top of passwords, some sites offer a service called Two-Factor Authentication (sometimes also called 2FA or Multi-Factor Authentication). This method of security uses a second device to generate a code which you need to login to your account, and means that even if your password is discovered by someone else they still cannot login to your account as they can’t generate a code for your account.

Large companies such as Google, Microsoft, Apple, and Twitter offer this on their accounts already, either via an app such as Google Authenticator or via SMS messages to your phone. We also offer Two-Factor Authentication for your Hypixel forums account on the website via a Two-Factor app on your phone, which you can find out more about here.

Though this is something that most people won’t use for all of their accounts, we do advise it for your more important accounts such as email accounts.

Note: Always keep a copy of the backup codes given to you when you setup Two-Factor Authentication on any site just in-case you ever lose your phone. If you lose your phone for any reason and you don’t have these codes, you’re in the same position as a hacker and will be locked out of your accounts.

 Avoiding Becoming Compromised

There are some general things which you should always keep in mind when on the internet to make sure that you don’t accidentally give out your password to someone or do anything which may lead to that happening. To help you with this, we’ve come up with a list of things to do to make sure you are secure when browsing the internet.

Things to keep in mind when online:

  • Always check the URL (address bar)!
    When clicking on any links on the internet, always check the link to make sure it’s what you expect it to be. For example, if you’re being presented with a login form for your Minecraft / Mojang account, make sure the address is what you’d expect it to be (either something at or If it’s anything else, it’s likely a phishing link, and the site is designed in such a way as to steal your login details.

    This example is based on the Hypixel website. A login request on the top one would be safe to fill out with your account details, however the second two would not and would likely be there in an attempt to steal your login details.

    Real links:

    Currently newer browsers do not have the lock colored green nor do they show Hypixel, Inc. next to them. The example below shows a real link with an older browser.

    Fake links:
    Hard to spotNotice the extra i in "". This an example of a more realistic phishing link. Sometimes attackers will use "secure" websites with very similar looking urls.

    Easy to spot: These websites are clear examples of fake or phishing websites as they are not "secure" and easily explain what they are for (I.E "give-me-your-password.aspx" at the end of the url.)
  • If it’s too good to be true, it is!
    A generally good principle to use everywhere. If something seems to good to be true online, it almost certainly is. If you get a message from someone saying they just found a link to get free Minecon capes, this is a prime example. After all, do you really think that a random person just happened to come across a link to get free capes?

  • Never give out personal details!
    The main one to take note of here. There is no reason why anyone should ever need to ask you for your password on any site you visit ever. That information should be private to you and you only.

  • Do not click on sketchy links!
    If you are unsure whether a link is safe, you should not click it. If someone is sending you these type of links in-game you should /report them.

    As a general tip, if you get a site asking for you to login and you’re suspicious of it, try entering some random details such as “username” and “password”. If it let’s you “login”, it’s there to steal your details. That said, don’t treat this as a reliable test either.

 I’ve Been Hacked! What Do I Do?!

So something’s gone wrong somewhere along the line and someone has gained access to your account. First things first: don’t panic. While this is a serious situation, you’ll need to be calm while sorting things out as you would in any emergency situation.

  1. Change the password on your email account.
    This is the first thing you should do when any account of yours becomes compromised. Your email address is the central part of the accounts you use online and if someone were to get access to it they could potentially gain access to all of your other accounts.

  2. Attempt to recover the compromised account by resetting password.
    Once your email is secure, attempt to request a password reset for the compromised account. With any luck the email address was not changed and fixing the matter should be as simple as receiving the password reset email and changing your password. If this works, change the password to something new (following our password advice above), and you’re in the clear. If it doesn’t work, move on to step 3.

  3. Attempt to recover the compromised account if you can't reset the password.
    If the email address has been changed, your next step is to attempt to contact the owners of the service the account was for. For example, if your Hypixel website account became compromised your next step would be to contact our support team using the ticketing system at Though these may take some time, most support teams will be able to assist you in recovering your account.

If it's your Minecraft or Mojang account which has been compromised, Mojang have a brief guide on their support site about recovering these accounts here:

Choose files or drag and drop files
Was this article helpful?
  1. Hypixel Support

  2. Posted
  3. Updated