Keeping Your Account Secure
From MC Public Wiki
Minecraft accounts are very easy to secure to a reasonable level of protection. If someone else gets access to your account it's almost certainly because you did not follow a few basic steps, which I have outlined below.
- Use a strong password. Do not use a word that you can find in a dictionary. For the best security, have a password 10 or more characters long that includes at least 2 different character sets (e.g. letter, numbers, capital letters, symbols). This is probably the most important step to take, as a large proportion of compromised accounts are due to brute force/dictionary attacks on the password.
- Do not use hacked clients or mods unless you or a person you trust has been through the code for it. Any of these have the potential ability to read/write files, connect to external servers, etc. The most common use is to grab your last login file and send it to someone's server to be decrypted (but other purposes could be to install malware on your computer or delete your files). Having a strong password does not protect you against this, you removed that barrier by allowing their code to access your system. Of course, getting at your last login file requires that you have one, which brings me to the next point...
- Do not tick the save password box if you think there is a possibility of someone accessing your computer. This also goes for if you ignore my advice above and use mods/clients you aren't completely sure about, as that is essentially the same as letting in the person who wrote the code. If you have a sibling that uses or can use your computer and you do not use a password on the computer itself you have no excuse for leaving this box ticked.
- Do not get banned on any server that uses a ban system with public ban lists. This may seem like unusual advice, but if you end up on one of these lists, your password is almost certainly going to get tested at some point by people trying to crack it. People after alt accounts monitor these ban lists (MCBans is the most commonly used, but I expect that people do use MCBouncer for this) for new account names that they can run password cracking scripts on.
- Do not log into servers that people randomly ask you to join unless you trust the person asking you. It is still possible at this point in time for a server to steal your session key, allowing another person to log into servers using your name. This only lasts until you log into the launcher again, so if you are unsure about a server that you have joined, close Minecraft after you leave the server, reopen it and log into the launcher.