Everyday hundreds of Minecraft accounts are compromised, leading servers to also be prone to this fate. MC2FA is a two factor authentication plugin built to prevent compromised accounts resulting in compromised servers.
- Tested Minecraft Versions:
- Source Code:
- Connor Linfoot
MC2FA uses the well known Google Auth and TOTP authentication to generate a random 6 digit code which changes every 30 seconds. Setup is also quick and easy, a QR code is displayed in-game and can be scanned by mobile 2FA apps.
Please Note: Currently this plugin is in a beta state while I make sure it works as expected without bugs or bypasses. It is possible that there is something I've missed that allows players to bypass the auth point of the login, hopefully this isn't the case but it is possible.
- Designed to work out of the box. Just copy the plugin into your plugins folder and restart your server.
- Custom messages and prefix.
- In-game QR display using maps.
- Ability to force 2FA for players (or just OP)
- Disables tasks such as player movement, block breaking, chat, inventory changes etc.
- BungeeCord support
- MySQL support
- Fallback key, allow players to be given a backup key in the case that they lose their 2FA device
- Admin commands, allow staff to view players with 2FA and disable if needed
- Auto-allow if on the same IP within a certain time (option)
▶ Reporting Bugs/Bypasses
- Bukkit/Spigot 1.8 or later.
- Java 8 or later.
If you do happen to find any bugs or ways to bypass the authentication system I ask that you report non-critical issues on GitHub. If there is a critical bypass you can email [email protected]