Twofactor Authentication

  • Enables a second authentication step after the default GUID auth. This is handy for games where GUID spoofing is possible (e.g. Call of Duty)


    twofactorauth.enabled set to true in config/basics.json.
    An authenticator which implements IETF RFC 6238. See Appendix 1 for possible suggestions.


    Set up your authenticator with your personal secret. You can find your secret in config/users.json.
    To show the secret of others you can use !secret NAME <name or pid> (for online players) or !secret GUID <guid> <guid> is the 8 character version of the GUID

    After joining the server you will have to authenticate yourself using the temporary password given by the authenticator.
    For Example: !login 162534


    Setting up your authenticator

    Example secret used: 2CB4SVARUIHVJ64J (You have to replace this with your own secret if you follow this guide)

    GAuth [1]:

    Appendix 1: List of authenticators

    [1] GAuth: Web based authenticator (also available as Phone APP and Webapp)
    [2] Google Authenticator: Phone App for Android, iOS and Blackberry (open with your phone)
    [3] FreeOTP: Open Source alternative to Google Authenticator. Available for Android and iOS
    [4] WinAuth: Open Source authenticator for Windows:

    for more see:…hm#Client_implementations