Minecraft Name: Expipiplusone Suggestion: Advertize 2fa upon login. What I mean is that, when you login, you can receive 3 possible messages: "You don't have Two Factor Authentication: if you want to activate it, type /2fa"; "Remembered your IP address, logging you in automatically"; "You need to enter your 2fa code with /2fa <code>". Currently you only get messages (2) or (3), depending on whether you were using the same IP last time, only if you have 2fa active: if you don't have it, you see nothing (i.e. currently there's no (1) message). Reason: Many users don't even know of this possibility, and I can't see why they shouldn't even be made aware of it. You might argue that if you don't know it then you don't need/want it, but I would disagree here: I myself had no idea there was such a possibility, I discovered it completely by chance; but when I realized what it was about (and how easy it was to activate it or get rid of it) I didn't think twice before activating it. (Technical) when you login, you might want to automatically execute with MacroMod some commands: it might be /v, or /fly on, or /cheattoggle on, or /sg messages... anything; but the macro you binded to onJoinGame must wait for 2fa authentication before executing those commands, otherwise they won't work. If you have 2fa enabled, fine: just make your macro wait until it gets the IP remembered or the code accepted message; but what if you want to make that macro public, available to everyone? If someone with 2fa disabled wants to use it, they will have to either manually remove the part of code listening to 2fa activity (otherwise it will be locked in a loop waiting for a 2fa greeting message it will never receive), or activate 2fa (even if they don't want it). If, instead, users with 2fa disabled receive a specific message upon login, then the macro binded to onJoinGame can just detect that and understand that it may go on. There might be some workaround to supply for the absence of it, such as using the mail greeting message, or wait a few seconds... I've thought of a dozen in these days; but they would all be somewhat bugged and extremely inelegant and complicated. Any Other Information: Clarification: I'm not talking about the controversial macro automatically generating the 2fa code; to do that with macromod would be a nightmare and I'm not even sure I want it anymore. But it would be cool and extremely useful if the login script could be able to detect whether: 2fa is inactive (go on); IP was remembered (go on); a code is needed (and then the macro automatically prompts the user to type it, before going on). Link To This Plugin/Is this a custom addition?: The plugin is already there, I think it would take 5 min to implement this small change (but correct me if I'm wrong), so it's all on whether we want such a small change, or not. I can't see a scenario where it would be worse to have such a greeting message (while I can see why it would beneficial), hence my suggestion.
I don't see any benefits to this. See, I can still make that argument. You don't need it, and you didn't particularly want it either. If you wanted more account security off the bat you would've looked into the options or noticed that 2fa was advertised with a store purchase. I'm willing to put money on the line that your train of thought was not a spontaneous "My account of ECC needs to be more secure", but rather a "huh, they have this thing that allows me to make my account more secure, may as well" or "x staff members account was compromised, I don't want to be that guy, I should do something". "Now wait, Nicit, don't you need account security?" Please please please tell me who is dead set on getting into your specific account on a specific niche minecraft server that boasts a hundred players at best. Even if that's the case for your specific account, it is most certainly not the case for the community at large. "I see accounts get compromised a fair portion of the time! This would help those people!" Very nearly all of the genuinely compromised accounts I looked into as SA were compromised by a close personal friend or relative. For both cases the compromise is likely to be done on the IP the player uses normally, meaning 2fa would not be of help. "I mean, we may as well point it out, what's to lose?" 1) A message every time people log in about additional account security that 99% of players neither want or need is incredibly annoying. 2) We shouldn't be providing extraneous information just in case people want it. "But macromod!" No.
