This post will provide you with guidance on setting up this handy plugin for your team members and optionally for players, to help keep their accounts secure.
This tutorial will be using a 1.19.2 Spigot server hosted by GTX Gaming. We're using the Two Factor Authentication, and LuckPerms plugin for 1.19. This plugin will add another layer of protection for players of your server, helping them secure their progress and prevent loss of items or gear should their account be compromised.
We highly recommend using a TFA plugin (there are others that are available) and we would recommend enforcing your server admins to have this active on your server at all times. This helps to protect your server from malicious use of admin commands should they lose access to their account - which is an excellent extra layer that protects both you and the admins. The TFA plugin that we are using in this tutorial can be used with permissions which is exactly what we want to link this with.
During the setup of this plugin, you will find the TFA wiki very useful. This tutorial also assumes that you have already set up your LuckPerms groups and have some basic knowledge of the LuckPerms plugin. If you would like to find out more about LuckPerms please view our rank post here, and you can also watch our video here for a further tutorial.
Installation
Installation is very simple - we simply need to upload the .jar file to our server. Go to /File Manager and then to /Plugins and upload the .jar file. Once done, we need to reload the server, or optionally restart entirely.
Now we simply need to head ingame.
How To Demand A Rank Or Permission Group Uses TFA
Because we want our staff team to be forced to utilise the TFA system, we need to add this to the permission group itself. This means that when the player is given this permission group they will automatically be required to set up and use the TFA system - this is exactly what we're looking for!
To open your LuckPerms editor, go ingame and type '/lp editor' which will send you a link to log into LuckPerms webpage. We want to select the permission group that will be required to use the TFA system, and we simply need to add the permission node '2fa.demand' and apply our edit. Add this to a permission group you are in, and disconnect and reconnect to your server where you should be prompted to set up your TFA via QR code on your phone!
You can scan the code directly from within the game, or you can click the link and open the QR code on your browser. Either way, set up your TFA with your chosen authenticator and then enter your TFA code ingame. You should receive the message that your TFA has been set up successfully!
Now that you can force TFA to be enabled on certain permission groups, you can also customise the plugin a little further.
How To Allow Regular Players To Setup TFA If They Choose To
It is really great when players opt into protecting their account further because it helps protect both you and the server and prevents your staff members from having to spend time investigating reports of compromised accounts where x items were deleted and plots destroyed etc. This will help everyone in the long run and is a really good practice!
To allow regular players to set up the TFA on their account, we simply go to the default permission group in Luck Perms and add the permission node '2fa.use' and we apply the edit.
Now, your players have the permission to optionally enable, set up and use TFA!
It would be really great to reward players for setting up their TFA on their account, so perhaps you could think of some reward to issue players for helping to protect their account. Perhaps a special custom pet that is only obtainable by setting up TFA, or perhaps access to a minigame that is only given to people with TFA enabled? There are hundreds and hundreds of ways that you could reward players for setting up TFA, and you should take some time to think about how you can do this on your server and what works best given your server theme.
Customising The TFA Plugin
Head to the /Plugins folder, and /2FA where you will see two different files. If you want to fully customise the messages sent to your players you should open the 'messages.yml' where you will see the long list of messages the plugin can send. You might want to customise some messages and add the name of your server or inform them who to contact if they have had problems with their TFA.
You can also open the config.yml where you can customise what the plugin will restrict if the TFA code hasn't been entered. By default, if a player logs in and does not enter their TFA code they will not be able to do anything at all, they are unable to move, use items on their hot bar, or chat ingame. This prevents any malicious activities from occurring if the account has been compromised, and in the case of staff members, prevents any commands from being issued at all - perfect!
There are various options in this config.yml, but as we want to keep our permissions strict to protect our server, we're going to keep them at default so everyone is protected, therefore the player can't act unless the TFA code is entered correctly.
However, we want to customise the name of the server that is displayed on the player authenticator app. To do this, go to line 20 in the config and you will see:
Your server name. This will be the name of the service displayed in the authenticator app
Note that some authenticators don't support names with spaces.
If you use an authenticator other than Google Auth, consider removing spaces in the server name.
server-name: My Minecraft Server
We want to change the server name to the name of our server so that our server name is highly visible on the player's auth app, which will make it easy to find and is in line with our branding.
The Two Factor Authentication plugin is a very simple and easy-to-use plugin that will protect you, your players and your server from griefing due to compromised accounts. It is 100% worth your time to set this plugin and permissions up, it will merely take a few minutes but the protection the plugin will give you will last the lifetime of your server.
You may also find our other tutorials useful, such as how to create a custom fishing event, how to set up your server spawn, and how to set up player ranks.
If you're brand new to Tebex you may find our getting started guide useful, and if you have any questions our friendly support team will be happy to help, just send them an email at support@tebex.io.