MC2FA - Two Factor Authentication in Minecraft 0.1.0

QR TOTP Two Factor Authentication

  1. ConnorLinfoot
    Tested Minecraft Versions:
    • 1.8
    • 1.9
    • 1.10
    • 1.11
    • 1.12
    Source Code:
    Connor Linfoot
    Everyday hundreds of Minecraft accounts are compromised, leading servers to also be prone to this fate. MC2FA is a two factor authentication plugin built to prevent compromised accounts resulting in compromised servers.

    MC2FA uses the well known Google Auth and TOTP authentication to generate a random 6 digit code which changes every 30 seconds. Setup is also quick and easy, a QR code is displayed in-game and can be scanned by mobile 2FA apps.

    Please Note: Currently this plugin is in a beta state while I make sure it works as expected without bugs or bypasses. It is possible that there is something I've missed that allows players to bypass the auth point of the login, hopefully this isn't the case but it is possible.​

    ▶ Features
    • Designed to work out of the box. Just copy the plugin into your plugins folder and restart your server.
    • Custom messages and prefix.
    • In-game QR display using maps.
    • Ability to force 2FA for players (or just OP)
    • Disables tasks such as player movement, block breaking, chat, inventory changes etc.
    ▶ Planned
    • BungeeCord support
    • MySQL support
    • Fallback key, allow players to be given a backup key in the case that they lose their 2FA device
    • Admin commands, allow staff to view players with 2FA and disable if needed
    • Auto-allow if on the same IP within a certain time (option)
    ▶ Requirements
    • Bukkit/Spigot 1.8 or later.
    • Java 8 or later.
    ▶ Reporting Bugs/Bypasses

    If you do happen to find any bugs or ways to bypass the authentication system I ask that you report non-critical issues on GitHub. If there is a critical bypass you can email [email protected]

    ▶ Screenshots

    Roy7885 likes this.

Recent Reviews

  1. Nodio
    Version: 0.1.0
    there is no answer from support, there is no permission node, there is no update at all, sucks
  2. skino0
    Version: 0.1.0
    Im excited when i found this plugin.. but all works perfect until im gonna put for first time 2fa key from Authy app .. it says invalid key all keys i typed and i typed 5 different new keys , account is connected to app with correct OTP Label
  3. drtshock
    Version: 0.1.0
    Using it on and working very well across many servers. Thanks for writing a free 2fa plugin that works great and has QR codes.
  4. R00t
    Version: 0.1.0
    Simply a work of art, and using this on my server, great job with the code! I don’t know how you did it, thanks!
  5. oliverjdk
    Version: 0.1.0
    - - - - - - - - - - - - - - - - - - - - - - -
    Pls fix ip log else god plugin
    - - - - - - - - - - - - - - - - - - - - - - -
  6. untuned
    Version: 0.1.0
    Once you add stuff like forcing people with permission, and adding admin commands, you could easily out-do md_5 with this. The only problem is that I hope it stays free :3
  7. BrettPlayMC
    Version: 0.1.0
    Amazing plugin! Works perfect and is free! I think you've out done md_5! Thanks for this piece of art!