Authentication for Multiplayer Stuffs

So, as you all might know, I do not like having a central Account System, and obviously there needs to be ways for Servers to know if the person logging in is actually the person they claim to be.

There is a few ways to achieve this goal without having to put in some central Server that could go down after a few years or “force people to migrate to a new system for no damn reason”…

Don’t have any Auth and let anyone join, which will totally work just fine and you wont get any Griefers.

Just have the Server prompt for a Password whenever you try to log in. Downside here is, this password can easily be leaked, and then everybody needs to adjust to the changed password.

Use Private and Public Keys, so you can send the Server Host your Public Key and add that to the Whitelist, and then you can join just fine. The Keys would be generated by the Launcher ofcourse. If the Key would get leaked (through intentional or malicious hackery means), at least there would be only one member of the Server you would need to ban (or re-validate).

Use the built in Trusted Platform Module (TPM) Chip for extra validation after logging in once with the Key. Then even if some Hacker stole your Key, they could not log into the Server under your Name.
This can be enforced Serverside (if you are an asshole) or Clientside (if you are paranoid), since if you log in with TPM verification it could automatically invalidate the Key for you, so the Server will only accept you logging in from your specific Computer instead of the Key you used from your first login.
There should be some ways to migrate to different Computers or validate more than one Computer, if you really have more than one Gaming Computer.
And yes I am aware not every Computer has a TPM Chip built in, why do you think did i say the word “asshole” a few lines up? XD

Use a Yubikey or similar 2FA Device for Login. Should work similar to the TPM way. Here you can also just tell the Server that this is your way to 2FA without the Host having to configure any Settings or so. Makes migration to other Computers much easier.
Maybe I add some stupid “Verified” Icon to people using this sort of thing. XD

Anyone got other/more Ideas to make Authentication work?

Edit: Oh got other Ideas!

Ask the User a question they have to answer, because this sort of Spam protection at least keeps basic nonhuman Spammers away.

Same Idea would be a Captcha, but I would sure as heck not use the Google ones if I did.

I’m not sure TPM should be used, can’t change machines then.

I’m a fan of PGP keys, 2fa OTP’s like yubikey or so are good too.

Why not just make it a pluggable system? ^.^

I never said we cant offer all the options

I like user certificates on the client.

Unfortunately without centralization there’s no means to do things like cert == specific user, ban list, etc.

What happens when you have two user name strings that are the same, but the certs differ? The only answer is centralization.

Why not do both? You can use certificates on the client, with optional central auth, user registry, and banlist. Then MP servers can choose to enable it or not.

Usernames do not exist, lol. You just pick a name when you join a Server, and the Server can then deny any duplicate Screen-Names. Any Host can ofcourse use those Screen-Names in Commands when it comes to things like Moderation. There would be a lot of utility to make it easy for Humans to use.

The Problem with a Ban List is, if you do not pay for an Account, it is completely useless. Anyone can just spin up a new Account on the fly if you dont use a Whitelist.

What COULD be done is a basic Ban List for certain Computers, MAC Addresses, IPs etc., but a truly malicious Actor could just toggle some things in a fork of the Open Source Launcher and suddenly his reported Data is different.
Heck I know how to change my MAC Address on the fly, simply because WiFi Portals tend to detect that for the sake of Bandwidth Caps…

I would suggest user+pass by default, email 2FA or RFC6238 for extra security. Both the server operator and the client user should have the option of forcing the one-time pass, every attempt or every attempt from an unknown IP. These preferences would be stored serverside.

The client should never send or store a raw password, only an encrypted password hash and/or session token.

~Max

Using this as the sole form of authentication provides no extra defense for people who use a shared computer, such as at a library or friend’s house.

~Max

You seem to have misunderstood the point of this. It is to find additional ways for Authentication.

The Default way for a Whitelist based Server will ALWAYS be the Version where you send the Host your Public Key, even if you just freshly generated one for use with that specific Server. This will be made super easy and can be as simple as “Push Button in Launcher to copy Public Key to Clipboard”.

The main reason for me to ask around for alternatives is because some Servers may not want to be Whitelist based, and need simple ways to Authenticate people.

When you join a Server once, it will tell your System to select the way of Authentication for the Future, which by default is the Key (which by the way CAN be cryptographically password protected too), but may also be a Yubikey or the TPM Chip of your Computer, or any combination of those 3 things. That way the Server knows for sure that you are the same person who you were last time you joined.

So overall, having multiple Users on the same Computer does not mean it is unsafe to use the built in TPM, since you can also combine TPM with a Password, or TPM with a Key, or TPM with a Yubikey, or TPM with a Key that is password protected.

Obviously you would not use the TPM of a Computer you dont own, you can always just go to other Auth ways just fine. Key alone, Password alone, Yubikey alone, or Password protected Key are also possible options you can choose.

And yes obviously Passwords would be stored in a cryptographically secure way, and not in something blatantly stupid like plaintext.

Servers will pretty much always at least use Keys to verify that you are who logged in last time, and if you lose the Keys, you will have to message the Host in some way, to let you re-verify yourself. And if you have multiple ways to authenticate yourself, even if it is a one-time-single-use-code that you made when joining the first time or so, you will not even have to message the Host at all!

In most cases the Clients will decide how to authenticate when joining Servers, the Server owners only really need to paste Public Keys into their Whitelist and be done with it, or if they run on a non-Whitelist Server they would need to check the other ways to make sure a person is valid, like with a server password or so.

If a Server Owner has to deal with really stupid people (or is too lazy to paste keys into a Whitelist), there is also the way of letting the host create a one-time-single-use-code for letting a person Login and then by logging in, the public Key would automatically add itself to the Whitelist.

It is really quite simple, you log into a Server once, and after that you have an infinite (or limited if the client wants to) session token somewhere on your Computer, USB Stick, Yubikey, Raspberry-Pi-Pico or whatever, that you can use to join said Server without any authentication prompts.

Edit: Oh right you mentioned IPs too, uhh dont know if you knew that but ISPs love IPv4 and they love it so much they create IPv4 Pools for their Customers to swim in, so they get as many different IPs as possible per day!

Private/public keys are the most sane variant.

There are lots and lots of minecraft servers that run without checking if an account is registered with mojang, and these do not get any more problems with multi-accounting than others. You do not have to worry about that: servers could use capthas, or have “new players per day” limit et cetera.

Also, i am not sure how sane the idea is, but is not it a good to dedicate more computational resources to players who play longer? So if a server has 10 players, the oldest player gets a maximum of 19% of computational time, but a player that just joined only 1%? The actual method of allocating would differ, of course, but how good or bad is the idea itself?

Nah, dividing up computational resources is not really a possible thing if you do it that way. You cant just lag out the Areas that new Players happen to be inside of. That would cause so much damage in the long run that it could even be exploited for greifing.

Could you please explain the topic further? I can not quite see the way it could be used for griefing.

So then you only identify users by a cert pair (public/private) and a fingerprint?

Do you see no value in having a consistent durable username across hosts?

Couldn’t you give a user a centrally signed cert that includes their username? No online verification is needed, only the math to confirm the CA signature.

Yep, basically. And whichever other means of identification they wish to have.

Correct, the main reason for that being is, that people will just end up appending Numbers to their Name or adding a "The Real " in front of their name, even though nobody else with their Name is on that Server. Also encourages people to come up with a Name for each “Character” they play instead of being coerced into using their Internet-World-Name.

That would require centrally signing that cert though, which I am not willing to do.

Using differing Tick Rates can explode GT6 Machines, it is already something happening on certain Bukkit-ish Servers.

Doesn’t require always on infrastructure, its a one time signature. If you sold anything at all, that’s what I’d suggest.

One thing I could do is letting Modders include a Cert inside their Mod to at least validate their Identity (and maybe even “reserve” a Name or two using a regex). This would NOT grant them access to the Server, but it would be a way to communicate to the Host that whatever person is about to join did make that Mod (like to validate that they wanted to debug something).
Could also be used to limit the time of the Modder on that login to “an Hour and/or until they log out” or something.

And I really do not feel like selling Names to people, that is about as bad as N F T s, just without the whole destroying the world aspect.

No, random client computers and servers that host things not only shouldn’t be sending emails but often cannot. You’d need to set up an ICMP relay and configure that into the server, which is a paid, when standard OTP is much better anyway.

Why not just do something similar to Discord, where my name is like OvermindDL1, maybe you disambiguate via appending the public PGP key until it’s fully disambiguated, so like OvermindDL1#2B7 or so (most cases would barely be a couple of characters if even just one).

At that point you could just give the first person the name with an appended 1 and the second person the name with an appended 2, at which point why not let the User themselves decide what to append to their name.

Could not it be done in a different way? At least dividing processor time for new terrain generation, placing some kind of cap for newer players. In minecraft as far as i know it is one of the major lag creators on servers.

Minecraft is a piece of shit and does literally everything (apart from rendering) in the Main Thread. A lot of those Minecraft Problems with Lag could be solved with basic Multithreading.