Get advanced staff account security with our 2FA smartphone app and Minecraft plugin for Paper servers
In 2020 I had the great pleasure of working with a popular Minecraft YouTuber who was known for her phenomenal builds and outstanding community. As she worked diligently behind the scenes to launch her new beautiful server for supporters of the channel, disaster struck. A griefer had managed to log into the private server and cover the spawn in lava and chaos.
Even though we were able to lock the server down immediately after, and the build was back ready to launch quickly, the experience was still disheartening. Java Edition accounts have a notorious history of being easy to brute-force hack, spoof, and compromise by malicious actors looking to cause a bit of trouble. Something needed to be done to prevent this loss of time, money, and team morale.
Since then I've heard many similar stories happening on other servers. Some servers have had staff accounts stolen, others have been targeted with well-known Bungee-based accounts spoofs. Recently a malicious YouTuber even published a video logging into a staff account on a popular competitive server and causing headaches before the owners could react.
It is these experiences and stories that have driven me to look for a preventive solution to problems like this on Minecraft servers, and I'm proud to work with the GamerSafer team to make our new app and Minecraft plugin available for you to use today.
Announcing the New GamerSafer App and 2FA Plugin
The GamerSafer mission is to bring safety and fair play to millions of gamers worldwide, and our first step begins with helping servers become more secure with a better staff account verification tool. With our 2FA plugin and app, servers can prevent account hackers and spoofers from doing damage and causing pain for their Minecraft community.
This is just the beginning! But before we can share our future plans for improving player experiences, safety, privacy, and inclusivity, let's look at the new app and plugin that's available for you and your staff team to use today.
Secure Two-Factor Authentication for Minecraft
Our founders and team of engineers bring 20 years of experience in the gaming, social impact, security, and privacy industries to the scene. Minecraft servers can install a plugin that securely connects to our identity verification app to restrict permissions on the server until the player authenticates.
Three steps to secure your staff accounts:
Your server staff log into the server and specific permissions that you choose (like creative mode or WorldEdit) are blocked
2 App Notification
The team member receives a notification in the GamerSafer App and they take a selfie to verify they are logging on
3 Access Granted
The GamerSafer Plugin automatically grants your team member the permissions they need to do their job
Throughout this process we follow all regulatory guidelines and International laws to ensure privacy and security best practices are built into the foundation of the solution. Servers only receive a "SUCCESS" message from the app when a player authenticates, but do not see any private information, selfies, PII, or other account details.
Simple Login with a Phone Notification and a Selfie
With the wide-variety of Minecraft servers out there, it is important that YOU GET TO CHOOSE which members of your server are required to authenticate using our app, and what permissions are blocked until they do so.
Whether you only block specific permissions for members of your team, or you lock down all movement and commands, their authentication process is incredibly easy. As soon as they log into the server their phone will get a notification asking them to verify that they are logging in. Then they take a selfie to show that it's not someone else pretending to be them, and their full permissions are granted.
Using GamerSafer completely stops account thiefs and spoofers from getting access to your team member's accounts and causing chaos. If it's not really your team member logging in, all permissions remain blocked by the plugin.
We employ liveness detection and machine learning to prevent using fake photos and videos from logging in.
Hackers will also not be able to use photos or videos of your staff member to take over their account. Our liveness detection steps prevent this, and your staff members' GamerSafer profiles aren't even publicly accessible for hackers to try and get access to. Even the plugin will not see the player's account details such as the username – a unique user ID is generated for your server to reference when authentications are completed.
GamerSafer Minecraft Plugin Requirements
To use the GamerSafer plugin for staff 2FA on your Minecraft server, you'll need the following setup. We're rapidly adding support for more server environments and software, such as Velocity, Bungee, Spigot, and even Geyser support, which we'll announce in the future.
Do you use different server software? Let us know below so we can plan to add support for you!
After a short plugin installation process on your server which we'll guide you through, you will have 2FA and identity verification for your staff setup in no time at all. From there the rest of the customization of the settings and decisions on which players will be required to authenticate is entirely up to you!
Now that the GamerSafer for Minecraft plugin is available for Paper servers, we look forward to hearing about your successes! Keep safe and #GameOn!
Taking action is the best way to impact the Minecraft community
If you liked this blog post, spread the message!
GS4MC Product Manager