Can Minecraft be played without giving MS a Phone#?

[OrbitalShotput_]

Microsoft is due to start forcing every single account on Minecraft to a Microsoft if it isn't already, over the next 2 days, I have read. I have learned that if you make a Microsoft account, their system auto-locks you out and forces you to provide them a phone number

I play with my family (it's something we've bonded together over a long time) and we take our privacy seriously, and don't give up our phone numbers to companies , frequently using burner apps or other methods to set up stuff.

However, Microsoft accounts don't accept VOIP numbers it seems, and their official guidance is to find someone near you if you don't have a phone, and use their phone to validate your account. This seems like a huge risk to someone else, with Microsoft now having their number (there's nothing that indicates they don't keep it.) Also, if this is for spam prevention, then if you have a lot of kids, you would be in trouble due to multiple accounts sharing the same number unless you bought every kid a phone.

Apparently alternate email addresses used to be enough, to stop this but the system still automatically flags you. I don't know if TOTP 2 factor authentication works, but have read if you submit the reclaim-your-account form with lots of personal details, Microsoft considers this not-workable if you had setup MFA on your account and won't intervene.

An option with Microsoft accounts is to set up their own dedicated microsoft authentication app to get in passwordlessly (but that feature isn't going to be on the Minecraft launcher, likely) , but this isn't as clear cut over if it pulls your phone number and other details from your phone.

Does anyone know of a method my family could preserve their phone number privacy while continuing to play?

Is there a way to set up a Microsoft account with enough authentication that it doesn't auto-ban you a little bit later and force you to give them more info to keep the account? I don't know if TOTP is enough, there's been mixed results per https://github.com/MultiMC/Launcher/issues/4093

I know some might wonder about third party clients or as some called them it seems ,hacked clients , but those don't support LAN/multiplayer it appears.

Note: the message Microsoft accounts tell you is that they detected suspicious activity, but for those who gave them the info then checked the suspicious activity log in the (new)account, nothing but their own logins are shown, indicating this might be more of a phone-number-obtaining thing. I have trouble believing the tens of millions of players on Minecraft are all able to give phone numbers, and this seems concerning from a privacy point of view.

[hertzrat]

Microsoft will let you sign up for an account without a phone number. They will then fake a security response, citing suspicious behaviour (on an unused account with zero activity no less) to force you to provide a phone number. After providing the number, you may confirm: zero activity whatsoever, let alone suspicious activity

[warning26]

Instagram does this exact same thing as well, and it's such an annoying dark pattern.

[OrbitalShotput_]

This is indeed what I was citing in the opening post- it's effectively requiring a phone number.

[TT-392]

I am surprised this isn't illegal, especially since they are forcing you to do this to keep playing a game you already bought.

[antifa]

> They will then fake a security response, citing suspicious behaviour

It's very obvious they do this, they'll wait until you're a little more invested before revealing it's forced.

[naruhodo]

Yep. I had this exact experience a couple of weeks ago. Infuriating.

[haunter]

Pirate it

>I know some might wonder about third party clients or as some called them it seems ,hacked clients , but those don't support LAN/multiplayer it appears.

They do of course if the server is also cracked. Host on your own, which I assume you already do.

[jiffygist]

Offline mode only means you can't auth with mojang servers, there are many minecraft servers that use their own authentication via server plugin instead of mojang account.

Btw are there any opensource clients that support offline mode?

[bluely]

MultiMC.

[moltke]

The game is easier to run on Linux if you pirate it anyway thanks to the awful new launcher they made.

[vvoid]

I share your concerns. I created a dedicated-purpose Microsoft account by following Mojang's official migration link. The process went smoothly and I have not been asked for a phone number. I am using Fastmail with a custom domain and set up an alias. Everything works including the custom launcher. I completed the entire process on Linux.

I agree with other observations on this thread that individual accounts and phone number authentication would not be safe assumptions for many minecraft households. It will be difficult for Microsoft to tighten this process further.

[OrbitalShotput_]

This is a imporant data point-

I have for the past couple of weeks, tried making microsoft accounts , where I set up 2FA with TOTP, set up an alternate email, even pulled the account recovery code from the security section.

One was banned after a week, the other one hasn't been banned yet, but was made a little bit later than the first one's creation- so it might just be a matter of time. Neither one has a phone number, but I did notice i was in a different location when the first one got banned, so I suspect if you play on a laptop or mobile device and the IP does not match up, you're considered gone by the system. If it's not a auto-timer as it seems to somewhat be.

This was on Windows in both instances.

The difficulty here is , if it does flag it- how would you recover it without giving them a phone number, since you couldn't access something allowing you to migrate to a different microsoft account at that stage.

[testesttest]

You can buy a prepaid SIM card with SMS support for 5$ that are good for a month. I have a stack on my desk for stuff like this.

[OrbitalShotput_]

Question: With this method, what would you do if , in a few months, Microsoft flags the account and asks you to verify with a text SMS? (I'm aware if one sets up TOTP hopefully they wouldn't do this, but one never knows) - can you reactivate the SIM smoothly?

[gruez]

1. create account with phone #

2. add TOTP authentication

3. remove phone #

[bscphil]

I think your parent comment is saying MS flags the account as questionable and asks you to confirm your current phone number (the one you already used a burner for).

[gruez]

Having TOTP enabled should ward off the "suspicious login" prompts that ask for your phone number. If they still want your phone number for whatever reason, you'll have no choice but to buy another burner phone, but there's no reason they wouldn't accept a new phone number. You did remove that phone number from your account, after all (people change their phone numbers all the time).

[Postosuchus]

Any tips on SIMs? I'm only seeing $20 ones from Tracfone.

[bitwize]

Time to get into MineTest. It's open source and fairly mature; got some great games and mods for it.

It doesn't matter how many 24k eggs a golden goose lays; if a bigco like Microsoft buys it, they're sharpening the axe to kill it.

[moltke]

Minetest is neat but it lacks the "soul" of Minecraft. I don't know how else to say it, it's not "fun" for some reason. Despite being free I've never managed to get my friends into the game.

[bitwize]

If you think MineTest lacks soul, wait till you see Minecraft itself after Microsoft finishes picking the bones clean.

[bscphil]

I apologize if this isn't useful, but I played a lot of Minecraft back in the day, and I seem to remember that the login cookie check was only done in two places: the launcher, and in multiplayer (servers could request you send proof of a valid, unexpired login credential, and kick you if you didn't have one). The latter could be disabled server-side. The game itself would run fine indefinitely with an expired login (i.e. one not valid for multiplayer).

Perhaps someone with a better recollection than me can say whether that's how it worked, and if so, it would suggest you don't need a MS account at all - there are alternate launchers, even open source ones.

[polski-g]

You can disable online-mode in server.properties and play multiplayer with no account at all.

[1shooner]

As you might expect, this does disable the 'whitelist' mod functionality.

[dmonitor]

No skins either, right?

[WhyNotHugo]

Back in the day, skins still worked with this setup. A friend had set his username to his given name and got some stranger's skin.

[rstat1]

My MS account does not have a phone number attached to it. Had the same account for over a decade. Never been locked out over it.

I do use the Authenticator app on my phone to login in though.

[OrbitalShotput_]

I suspect the MS Authenticator app is why- the question is then of course, does the app give Microsoft your phone number on it's own once installed?

[ianburrell]

Microsoft account supports TOTP. You don't need to use Microsoft's authenticator app, you can use any that supports TOTP. Google Authenticator is unlikely to send your phone number to Microsoft.

[LWIRVoltage]

Indeed, but some of my test accounts setup using TOTP still have been hit by the phone number prompt, where this poster didn't- so they might treat their own authenticator higher. (And if they do, i have to wonder if it means it sends more data back than others do)

[dendriti]

If I trust Microsoft enough with my privacy to control my operating system, then I trust Microsoft enough to have my phone number. So this issue has not arisen for me.

[TT-392]

Minecraft runs fine on linux (I do not trust microsoft with my OS)

[SahAssar]

For many people those are two different kinds of privacy, not to mention that many of us bought minecraft before it was even associated with MS.

Minecraft also has many versions that don't run on MS OS'es.