MCAuthenticator 2.0.4

Free and comprehensive 2FA (TOTP) authentication for Bukkit servers/networks

  1. Ichbinjoe
    MCAuthenticator is a Bukkit/BungeeCord API based plugin designed to allow for 2 Factor Authentication (otherwise known as TOTP, or the Time-Based One-Time Password Algorithm (RFC6238)) for all players on a server to optionally use, with configurable enforcement for certain players through permission nodes. This is designed to allow for more secure Minecraft server environments, especially when account cracking and hacking are so prevalent. This plugin reduces the risk of a compromised staff account greatly, making it much harder to compromise a staff account and compromise a server in general.

    Why free?

    I believe that security components should be audit-able by a wide variety of people in order to get the most secure solution we can all collectively use. You may freely inspect and update the code as much as you want, as per the MIT License of this project. I encourage pull requests and feature requests! This project is located on Github.


    To install MCAuthenticator, you simply put the `MCAuthenticator.jar` within the `plugins/` folder of your Bukkit/Spigot server. Once you start the server, the plugin will generate a configuration as described below.


    MCAuthenticator uses 1 root command, /auth (with aliases /2fa,
    /authenticator, and /mcauthenticator) with a set of sub commands:
    • /auth enable [player] - Enables 2FA on an account, or your own account if a player isn't specified.
    • /auth disable [player] - Disables 2FA on an account, or your own account if a player isn't specified.
    • /auth reset [player] - Keeps 2FA enabled, but resets the 2FA on your account or another player's if player is specified.
    • /auth reload - Reloads the configuration, then re-authenticates all players based on configured authentication rules.
    • `mcauthenticator.use` (default: op) - Allows for the root use of the /auth command. In order to do anything with the /auth command, the player __must__ have this permission.
    • `mcauthenticator.enable` (default: op) - Allows for the user to do /auth enable on themselves. This does not control whether the player is allowed to have 2FA enabled on their account; if console or a player with `mcauthenticator.enable.other` enables 2FA on their account, the plugin will let them.
    • `mcauthenticator.disable` (default: op) - Allows for the user to do /auth disable on themselves.
    • `mcauthenticator.enable.other` (default: console only) - Allows for the user to perform /auth enable <player>, enabling authentication for another player. The other player does not need to have `mcauthenticator.enable` in order to have 2FA enabled on their account.
    • `mcauthenticator.disable.other` (default: console only) - Allows for the user to perform /auth disable <player>, disabling another player's authentication.
    • `mcauthenticator.reset` (default: op) - Allows for a player to reset their own account's authentication.
    • `mcauthenticator.reset.other` (default: console only) - Allows for the user to reset other user's authentications.
    • `mcauthenticator.reload` (default: console only) - Allows for the user to reload the configuration
    • `mcauthenticator.lock` (default: op) - Does one of 2 things: 1. Forces the user to always 2FA enabled, not allowing them to disable or reset their own authentication 2. Does not allow anyone but console to reset or disable their authentication. Even if the user has any of the `.other` permission nodes, the plugin will
      __not__ allow them to perform any changes to authentication. This should be given to any staff members, as it will prevent any other compromised account from then chainly compromising other staff (or important persons) accounts.

    Configuration is outlined on the plugin Github page in the Configuration section. It will probably change between updates, and the information in the plugin page could become outdated.

    Configuration Guide

    All other information about the plugin is listed on the configuration guide. Please post questions and other inquiries in the discussion section of this plugin. All bugs should go on the issue board of the plugin's Github project.

    I want to give an extra special thanks to @aaomidi, who wrote the first version of this plugin, and allowed me to actively maintain it.

Recent Updates

  1. More Various Fixes
  2. Proper URL Encoding
  3. Various fixes

Recent Reviews

  1. CTeadRUS
    Version: 2.0.4
    Давай занимайся данным плагином, очень уж он годный особенно для топовых серверов minectaft где онлайн под 200+
  2. LoneDev
    Version: 2.0.4
    Amazing, exactly what I was searching for.
    Would be nice to add a command to input auth code instead of using public chat because some logging plugins intercept that
  3. SMCDiego
    Version: 2.0.4
    When I stop the server and start it again, my google auth code resets and I have to enable the 2fa again. Am I doing something wrong?
  4. Phoenix616
    Version: 2.0.4
    Awesome plugin. Have been using this for ages now in a BungeeCord setup without any issues!
  5. Shon
  6. InsanityFactions
    Version: 2.0.4
    All around good, only downside little things in the config can break it. Just need to hit the nail on the head with the config first try and it will run smoothly.
  7. 9gigsofram
    Version: 2.0.4
    Works as expected and does everything i need. For those having issues with "incorrect codes" keep in mind that your system time needs to be within 30 seconds of the actual time. So you'll need to install a ntp client, or keep your system time accurate another way in order to reliably use this plugin, just like ALL other TOTP auth plugins.
  8. PyraFox
    Version: 2.0.4
    Having an issue with logging in, if I have the plugin installed and I enter my code generated from Google Authenticator, it says that the code is incorrect or that I am not authenticated.

    Posting this here as someone in the issues page posted this exact same issue back in August.
  9. mraureliusr
    Version: 2.0.4
    Does NOT work AT ALL with AuthMe. Have spent hours on this issue now. When you join the server, MCA prevents you from typing /login until you authenticate, and AuthMe prevents you from doing /2fa until you login (even with /2fa added to the list of allowed commands before login). This is a HUGE bug that affects multiple servers.
  10. PhanaticD
    Version: 2.0.4
    has not fixed reported bugs on github in months. Especially my report back from january is annoying and happens to users quite often