MCAuthenticator 2.0.4

Free and comprehensive 2FA (TOTP) authentication for Bukkit servers/networks

  1. Ichbinjoe
    Contributors:
    aaomidi
    MCAuthenticator is a Bukkit/BungeeCord API based plugin designed to allow for 2 Factor Authentication (otherwise known as TOTP, or the Time-Based One-Time Password Algorithm (RFC6238)) for all players on a server to optionally use, with configurable enforcement for certain players through permission nodes. This is designed to allow for more secure Minecraft server environments, especially when account cracking and hacking are so prevalent. This plugin reduces the risk of a compromised staff account greatly, making it much harder to compromise a staff account and compromise a server in general.

    Why free?

    I believe that security components should be audit-able by a wide variety of people in order to get the most secure solution we can all collectively use. You may freely inspect and update the code as much as you want, as per the MIT License of this project. I encourage pull requests and feature requests! This project is located on Github.

    Installation


    To install MCAuthenticator, you simply put the `MCAuthenticator.jar` within the `plugins/` folder of your Bukkit/Spigot server. Once you start the server, the plugin will generate a configuration as described below.

    Commands

    MCAuthenticator uses 1 root command, /auth (with aliases /2fa,
    /authenticator, and /mcauthenticator) with a set of sub commands:
    • /auth enable [player] - Enables 2FA on an account, or your own account if a player isn't specified.
    • /auth disable [player] - Disables 2FA on an account, or your own account if a player isn't specified.
    • /auth reset [player] - Keeps 2FA enabled, but resets the 2FA on your account or another player's if player is specified.
    • /auth reload - Reloads the configuration, then re-authenticates all players based on configured authentication rules.
    Permissions
    • `mcauthenticator.use` (default: op) - Allows for the root use of the /auth command. In order to do anything with the /auth command, the player __must__ have this permission.
    • `mcauthenticator.enable` (default: op) - Allows for the user to do /auth enable on themselves. This does not control whether the player is allowed to have 2FA enabled on their account; if console or a player with `mcauthenticator.enable.other` enables 2FA on their account, the plugin will let them.
    • `mcauthenticator.disable` (default: op) - Allows for the user to do /auth disable on themselves.
    • `mcauthenticator.enable.other` (default: console only) - Allows for the user to perform /auth enable <player>, enabling authentication for another player. The other player does not need to have `mcauthenticator.enable` in order to have 2FA enabled on their account.
    • `mcauthenticator.disable.other` (default: console only) - Allows for the user to perform /auth disable <player>, disabling another player's authentication.
    • `mcauthenticator.reset` (default: op) - Allows for a player to reset their own account's authentication.
    • `mcauthenticator.reset.other` (default: console only) - Allows for the user to reset other user's authentications.
    • `mcauthenticator.reload` (default: console only) - Allows for the user to reload the configuration
    • `mcauthenticator.lock` (default: op) - Does one of 2 things: 1. Forces the user to always 2FA enabled, not allowing them to disable or reset their own authentication 2. Does not allow anyone but console to reset or disable their authentication. Even if the user has any of the `.other` permission nodes, the plugin will
      __not__ allow them to perform any changes to authentication. This should be given to any staff members, as it will prevent any other compromised account from then chainly compromising other staff (or important persons) accounts.
    Configuration

    Configuration is outlined on the plugin Github page in the Configuration section. It will probably change between updates, and the information in the plugin page could become outdated.

    Configuration Guide


    All other information about the plugin is listed on the configuration guide. Please post questions and other inquiries in the discussion section of this plugin. All bugs should go on the issue board of the plugin's Github project.

    I want to give an extra special thanks to @aaomidi, who wrote the first version of this plugin, and allowed me to actively maintain it.

Recent Updates

  1. More Various Fixes
  2. Proper URL Encoding
  3. Various fixes

Recent Reviews

  1. SMCDiego
    SMCDiego
    4/5,
    Version: 2.0.4
    When I stop the server and start it again, my google auth code resets and I have to enable the 2fa again. Am I doing something wrong?
  2. Phoenix616
    Phoenix616
    5/5,
    Version: 2.0.4
    Awesome plugin. Have been using this for ages now in a BungeeCord setup without any issues!
  3. Shon
  4. InsanityFactions
    InsanityFactions
    5/5,
    Version: 2.0.4
    All around good, only downside little things in the config can break it. Just need to hit the nail on the head with the config first try and it will run smoothly.
  5. 9gigsofram
    9gigsofram
    5/5,
    Version: 2.0.4
    Works as expected and does everything i need. For those having issues with "incorrect codes" keep in mind that your system time needs to be within 30 seconds of the actual time. So you'll need to install a ntp client, or keep your system time accurate another way in order to reliably use this plugin, just like ALL other TOTP auth plugins.
  6. PyraFox
    PyraFox
    1/5,
    Version: 2.0.4
    Having an issue with logging in, if I have the plugin installed and I enter my code generated from Google Authenticator, it says that the code is incorrect or that I am not authenticated.

    Posting this here as someone in the issues page posted this exact same issue back in August.
  7. mraureliusr
    mraureliusr
    1/5,
    Version: 2.0.4
    Does NOT work AT ALL with AuthMe. Have spent hours on this issue now. When you join the server, MCA prevents you from typing /login until you authenticate, and AuthMe prevents you from doing /2fa until you login (even with /2fa added to the list of allowed commands before login). This is a HUGE bug that affects multiple servers.
  8. PhanaticD
    PhanaticD
    2/5,
    Version: 2.0.4
    has not fixed reported bugs on github in months. Especially my report back from january is annoying and happens to users quite often
  9. IdrisMCNL
    IdrisMCNL
    1/5,
    Version: 2.0.4
    Please add Email restore for 5 stars that when i register i can give my email for restore when i lose!
    1. Ichbinjoe
      Author's Response
      You are welcome to open an issue on the Github issue tracker, however, I will not respond to requests which are made through rating the plugin.
  10. Sei4or
    Sei4or
    5/5,
    Version: 2.0.4
    I ABSOLUTELY LOVE THIS PLUGIN. The fact that the second you join you have to set it up or you can't play is amazing. The best part is when there is a different IP then you need to authenticate. THIS IS SO COOL. :D