Authentication Procedure is Bad
Our current auth flow (create an UUID4 token, trim to 12 chars, and use that as a password; Requiring also an email to register) is horrible.
Bad on mobile, too.
Instead, we probably should use Google Play Services for accounts, and allow them to bind an email.
Then update Google Play Console token when they use the email bind. (email + recovery code, maybe)
We can also keep the current authentication method so players can login without Google Play (better for FLOSS games... like us!)