What are the impacts if only something like Google Authenticator is used as the single method of authentication? Apart from your phone being stolen, is there any concern?
Well, i am using the HereAuth now. It may have some security holes, but together with the whitelist it is sufficient to me. And it is very easy for the kids to handle. And this is no public server
It doesn't have (known) security holes. There is only security concern when someone already hacked into your database, which is already bad enough.
Hmm, in that case someone would be behind any security barrier which would be bad enough Anyway. It works simple and fine
Honestly I never really played Minecraft so I may need a citation here but correct me if I am wrong, if you connect to a server then change app to the google authenticator, in the time it takes to copy or memorize the code, won't you have timed out from the server on Minecraft?
From what I understand, Google authenticator codes can stay valid for quite a period for time correction, so it is possible to open it before joining a world. I wonder why they don't make a notification/hover for opening a pop-up that shows the code.
This would solve so many issues and I'd totally add it to my authentication server project, 2FA has been on the roadmap for a long time but I just don't know how to best support it without users having a bad experience.