Do you agree that a (public) auth plugin stores the first character of the passwords and their lengths, and then in a chat message, scans for substrings of that length starting with that character, and check if the substring matches the stored hash? (This check will include all chat messages and commands and placing signs) Arguments For: This helps avoiding players telling people their passwords in the game, and this protects less mature players. Against: This would make the password more vulnerable from being brute-force cracked. Edit: this thread should be posted in the General Discussion forum. Please move this thread if you find this necessary.