All logins and passwords are transmitted in an encrypted form, making it virtually impossible for other players to see your password.
[2FA] adds a critical layer of security that prevents malicious users from accessing your account, even if they somehow learn your password.
Enable 2FA today and play with the confidence that your account is secure!
With this information alone, I'm not convinced yet, but I also don't know much about SRB2's security.
For a secure channel, a trusted third party is required which enables the client to check that it connects to the actual server and not a MitM.
With TLS, for example, the trusted third party is usually the PKI's certificate authorities.
If there's no trusted third party, something like this could happen:
* Client connects to the server's address and port
* Client does a key exchange with a MitM proxy assuming that it is the server, resulting in 2 secure channels: client <--key1--> MitM <--key2--> server
* Client sends the password and 2FA code, the MitM reads and forwards them to the server
* MitM is happy and forges packets
Or something like this:
* Client connects to the server's address and port
* MitM pretends to be the server, sends a modified LithiumCore mod to the client and proxies the remaining communication to the server
* Client does a key exchange with the server and authenticates with password and 2FA code
* Client runs code in the modified LithiumCore mod which sends the password and 2FA code in plaintext to the MitM
* MitM disconnects client from server and logs in with the password and 2FA code
Furthermore, if the client connects to another server (which may or may not pretend to be the same one), that server shouldn't be able to send a mod which makes the client send the password automatically or tricks the player with a real-time phishing attack.
Finally, key generation and TOTP secret generation require a good RNG.