Yesterday I thought of a concept that could drastically improve authentication. Why not store the password in the server hostname? Obviously this exposes some potential issues, but I think I have an implementation idea which could hypothetically work and work well. Any suggestions or issues would be greatly appreciated. There will be three services involved in authentication: the MCPE client the PocketMine server (with a special plugin installed) the Login MCPE server and a central session server Concept breakdown The basic concept is that the player can sign up on a central website and then add MCPE clients via a web interface each which will get a unique hostname to add to their server list. When the player joins this server a few things happen. The server finds the account which the device belongs to. Then the server analyses the player username sent by MCPE. If it is different than the MCPE username in the records and the username isn't used by another player, then the records on the website will be updated. When the player joins a supported server, the server will contact the central authentication server with the username and IP. The central sever will look for open sessions with that name and IP and translate it into a UUID which will be returned to the PM server. The authentication plugin will expose methods for getting player UUIDs. Authentication modes I am leaning towards the implementation of two separate authentication "modes" which can be configured on the central website. The first will have you join your special server before you join a supported server. This might be preferable in some instances. The second is the fancy one, you join once to login and then you can join again to logout. Your login will be bound to your IP in the database, you will be logged on if your device logs in on another wifi network. I know @Dalton posted an authentication idea and it looks like I got this from there, but I thought about this on the way home before seeing his post.