JackDotJS
commented
4 years ago I might also suggest updating the mod itself to allow you to save access tokens locally, that way you don't need to manually enter it every time you want to edit your cape. Key word here is "locally," so without direct access to your device (which in itself would be cause for much greater concern), hackers would not be able to access your cape.
With the recent increase in number of stolen capes, I've been talking with Jack a bit and I may have come up with an idea which can increase the security of all OptiFine cape accounts without requiring a lot of changes. Would require adding just one more column to the database of accounts, and slightly updating the website.
The idea is that the currently existing logins as they are now would be regarded as "Admin" logins, which lets the user access the full cape page for transfer and editing. However, each account would also have an "Edit" login which people would be able to use to log in to their accounts from within ingame or the website. When logging in using these details, the user can only edit the look of the cape, but not even transfer it to anyone.
There could easily be two login pages, one for cape owners (Admin login) and one for cape users (Edit login). This eliminates the need for gifted cape users to require full account details, which would let them change the owner, and thus steal the cape. It would eliminate all issues of capes being stolen from within Minecraft itself using a stolen Minecraft password, and possibly from a hacked spoofed client (if that is a thing, but it may be).
This access token could be reset to a new one from within the Admin login, so that you can revoke access to the cape, or if you think someone may be editing your cape (this would then even be the only thing a thief can actually change about it).