Offline Mode is a feature of Minecraft servers that allows disabling user authentication. This feature allows accessing the game while Mojang's servers are down, but it's also often used for piracy as it means the user does not need to log in with their Microsoft account. Offline Mode does, however, come with security risks and less software support.
What is it for?
Offline Mode exists for a few reasons. The most obvious is to let players use a local server offline. This can be somewhere without an internet connection or a firewall that prevents access to the Minecraft authentication servers. Common examples could be schools, workplaces, or some countries.
In the earlier days of Minecraft, Offline Mode was also useful as the authentication servers would go down a lot. Many people would switch to Offline Mode when that happened rather than be locked out from playing with their friends.
Security Risks
Using offline mode comes with some significant security risks. The most major is that it entirely disables authentication, meaning anyone can join with any username. This vulnerability is even more of an issue on servers with players with OP privileges or permissions given via a permissions plugin. Anyone can join using those accounts and have elevated permissions.
Some authentication plugins such as AuthMe on Bukkit servers can partially mitigate these vulnerabilities; however, it's possible other plugins or mods on the server still provide elevated access or that a vulnerability is found within the authentication plugin. Authentication plugins can also be annoying to the user, leading to low-security passwords such as their username.
Software Support
UUID Breakages
When using Offline Mode, the UUID that each Minecraft account is uniquely tied to is different. These modified UUIDs can cause problems in many plugins, especially those needing to look up user data. For example, it might cause WorldGuard to fail to look up usernames for offline players.
This UUID breakage is also an issue when turning Offline Mode on and off. The server and its plugins will have stored all data using one UUID format, and changing whether Offline Mode is enabled will make it expect the other format, causing all existing user data to break.
Given these issues, most plugins that store user data will not provide support when Offline Mode is in use, as it is often the cause of problems.
Piracy-related issues
As Offline Mode is generally used for piracy, most large pieces of Minecraft-related software will not support it. Large projects need to stay EULA compliant, and on Mojang's good side, so most projects will have a stance against piracy.
If Offline Mode is in use for a non-piracy reason, such as a local school Minecraft server on a firewalled network, most projects are still happy to help. In some cases, the communities of those projects will still help too, but you'll receive no support from the actual developers.
Proxies and related software
One partial myth about running Minecraft servers is that server proxies require using Offline Mode. While this is true for ancient proxy software, or when proxies are used with unsupported server platforms, most proxy software has workarounds to allow the server to be in Online Mode.
With most proxies, the server can look like it's in Offline Mode but behave like it's in Online Mode. This is primarily the case with Velocity or Waterfall, which use an IP Forwarding system. While the problem mentioned above regarding UUID breakages do not apply here, this opens up potential security issues if the server is not firewalled correctly to prevent connections from anything but the proxy.
In saying this, if the proxy itself is set to Offline Mode, everything in this article then applies to the proxy as well.
Conclusion
Offline Mode can be a helpful setting in some situations but should not be used for piracy. It introduces security problems, potential breakages of software and reduces your ability to get help when you encounter problems.
About the Author
Hi, I'm Maddy Miller, a Senior Software Engineer at Clipchamp at Microsoft. In my spare time I love writing articles, and I also develop the Minecraft mods WorldEdit, WorldGuard, and CraftBook. My opinions are my own and do not represent those of my employer in any capacity.