Whilst there are many authentication plugins out there already the community is lacking an official plugin that is updated frequently and implements some of the bare bones features people expect. This thought came to mind as I was thinking about SimpleAuth, it was bare bones, had a good API that plugins could extend and it was backed by the PocketMine team. However, SimpleAuth has become extremely outdated and hasn't kept up with the new standard of using AsyncTask's for data fetching/saving to keep the main thread from freezing. An official auth plugin by the PMMP team with some of the newest features, like entering passwords directly into chat, and keeping up with the latest standards/utilizing new features would be a nice addition to the already growing PMMP community. This was just a thought and your opinions/input could help this to become a new resource for the community
We don't need another auth plugin trying to be the best, we need one backed/made by the pmmp team that people can rely on. PMMP doesn't have XBox live authentication (yet?) and it is impractical for some server owners due to MCPE being played mostly by kids and microsoft's account limitations.
This is not in favor of the users tho. History has shown that very few Minecraft networks should be trusted with credentials of millions of users. That simple. There is zero accountability. After LBSG happened, i threatened to enforce "credential free" servers in the license of MiNET. And as a reply I got "don't worry, we won't use MD5, we plan on using SHA1 instead". And THAT came from a developer of a not-so-insignificant MCPE network. And if you host your server in the EU you will soon face serious consequences in the case you even store email on the servers, so it's clearly not the path to move forward on. We already know that the players use whatever they need to use in order to get the stuff they want. We can probably thank the YT's for this. But for the server owners, it takes a lot bigger effort in order to cash-in on the network. It is a bit more complex to tie a monetary transaction to an xbox live account. But for the sake of discussion I think it is important to separate authentication from authorization. Leave the first up to XBOX Live, and the second needs a real good simple-to-use-simple-to-get-right (poka yoka) plugin for PM.
The problem is that most players don't use XBOX because their nametag is already taken. And if they had bought something or had progress on a server. The person would lose it. And yes we can force the players to use XBOX if all servers had it. But still some people will lose their progress etc.
Whilst I somewhat agree with this it is very impractical, like @Matthew said the xbox live name space is extremely overcrowded and if servers switched now many players would loose progress/statistics. Xbox auth is more secure than anything we'll ever be able to make that's open source but most of the data breaches that've happened in the minecraft community have been caused by human mistakes. These mistakes can be easily avoided by limiting who has access to the database/API's as well as setting up correct permissions. The databreach itself is not so bad for your users, its when the 'hackers' realise you used an ancient hashing algorithm that they can break easily that it harms your users. Needless to say you would most definitely loose a fair few players if you suffered a data breach.
I hope you understand that THAT is simply not true. Real security comes not from obscurity but from design. Most security solutions around the world is based on OSS for that very reason. More eyes on int and more brains on the designing that way. As an example of what security by design means, it starts with not storing anything you don't need to store. And as an example of how you can apply that, take email. Unless you intend to actually sell email-addresses or do unsolicited mails, you can store the email for the intent of say password recovery. But since this is always initiated from a user, you actually don't need to store he password itself, but rather do a design where you store a hashed version of the password. Now, you can actually do the same for pretty much all information related to identity or credentials and thus, you don't even need to rely on protecting the source anymore. You can basically hash it as strong as needed, and then put the DB out on Internet and let them have a crack at it. Nothing is perfectly safe like that, but at least you will give the hackers a run for their money. I understand the argument about people having saved stats and purchases connected to a non XBOX live login, but that is so easy to solve, I don't even think it's worth discussing. This kid of "connection" has been used by the MCPC community for years connecting Mojang accounts to forum accounts, similar to this forum.
I think HereAuth does a good job encrypting passwords. SimpleAuth used 2 different hash algorithms (hash the hash of the hash yay). You do have a point though, I try to encourage users to not use passwords they use anywhere else, as passwords are still sent unencrypted (at least for PM). I do however hate microsoft's tracking shit in XBOX, and i will never force my players to use XBOX auth.
Yup, I am sure, becuase I own a Windows Phone (I am actually typing this post on one) and I also heard people complaining about the missing xbox on Amazon Fire (maybe it got added in the meantime on Fire, but not on Windows Phone)
One major concern I have with all the other security plugins (other than SimpleAuth): They actually ask users to enter their passwords without any command prefix. This is just plan BAD user training. A user that learns this has a much higher likelyhood of accidentally typing their password into the chat screen than a user that uses a command (which they KNOW is always hidden from other players). So this is GOOD: /login xxyyzz00$$ This is BAD: Please type your password right into chat now! xxyyzz00$$ So I still use SimpleAuth for this reason. I would LOVE to have a standard "official" auth plugin. For now I feel like this is still SimpleAuth; but I'd love to see a more secure and improved SimpleAuth.
You can easily prevent this issue by performing simple checks for the password in player messages. The reason I created this thread is because I feel like SimpleAuth needs an update or successor due to it hindering performance by executing database queries on the main thread and the fact it's just very outdated.
Nope, it just combines two hashes. Not really, it is just the same as that in SimpleAuth. But they will disallow passwords being typed directly into the screen. Actually, if you risk storing the password length too (this will greatly reduce the time for brute force), an auth plugin can also scan a substring in a chat message identical to the password. So our best user training is... Indeed, other auth plugins should make the option to change this format. This is what HereAuth has done!
Check out my authentication example using PHP here. It uses PHP's recommended hashing method. On a side note if you use this switch over to POST lmao. You can totally store user emails, but hash them. "But how will we send password reset emails?" Think of it this way. When they submit their email address on the password reset form check the hash of that and compare it to the database, if they match send an email to the one they submitted (probably in a GET parameter). You can use this same method to prevent duplicate email registrations.. just compare the hashes. In the event of a data leak everything besides usernames will be useless. EDIT: People need to stop using the word "encryption" when talking about storing private info. You need to HASH that info. Encryption is reversible so it's not ideal or responsible. Lastly just use Xbox Live. The transition will be hard at first if you already have a player base, but in the long run totally worth it. Maybe make an online site where people sign into their old account and then enter their Xbox Live gamertag.
HereAuth is good but it's too bulky, a newer version of a simple authentication plugin that just implements the basics like SimpleAuth does is what I'm thinking. You don't even have a plugin made for that 'API' so what's the point in showing it off here? lol There is lots of objections to using Xbox live for authentication but there is also lots of good reasoning too. It's really up to you what you use but we all have to keep in mind that our users are trusting us with their data so we need to be responsible.
Bulky? If you don't enable the options in the config, it isn't bulky at all. It is just that the API is a bit complex, but it allows other plugins to extend it. I hope you aren't running your server on a floppy disk