Skip to main content
Security is paramount when running a Metin2 server. The Admin Dashboard has direct access to your player database, items, and game server commands.
Because of this high level of access, the staff users are entirely separated from the standard player accounts in the game. Even if a regular player guesses your game completely, they cannot access the CMS dashboard.

Enabling Two-Factor Authentication (2FA)

All staff members should enable 2FA on their admin accounts to prevent unauthorized access.
1

Navigate to Profile

The staff member goes to their personal Profile inside the admin dashboard (Click Avatar -> Two-Factor Auth Tab -> Enable).
2

Scan the QR Code

They use an authenticator app like Google Authenticator, Authy, or simply their phone camera, to scan the provided QR Code perfectly.
3

Verify the Code

They enter the 6-digit code shown on their phone to verify the link and establish the connection.
From then on, whenever that staff member attempts to log in to the admin dashboard, they must supply their password and the live 6-digit authenticator code.

Recovery Codes

When a staff member enables 2FA, they will be given a list of recovery codes.
Tell your staff to completely save these codes. If they lose their phone or uninstall the authenticator app, these codes are the only way they can log themselves back in.