diff --git a/connector/src/main/java/org/geysermc/connector/GeyserConnector.java b/connector/src/main/java/org/geysermc/connector/GeyserConnector.java
index 137a6238f..5f6f39a67 100644
--- a/connector/src/main/java/org/geysermc/connector/GeyserConnector.java
+++ b/connector/src/main/java/org/geysermc/connector/GeyserConnector.java
@@ -25,8 +25,6 @@
 
 package org.geysermc.connector;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import com.nukkitx.protocol.bedrock.BedrockPacketCodec;
 import com.nukkitx.protocol.bedrock.BedrockServer;
 import com.nukkitx.protocol.bedrock.v361.Bedrock_v361;
@@ -47,9 +45,11 @@ import org.geysermc.connector.network.translators.TranslatorsInit;
 import org.geysermc.connector.plugin.GeyserPluginLoader;
 import org.geysermc.connector.plugin.GeyserPluginManager;
 import org.geysermc.connector.thread.PingPassthroughThread;
+import org.geysermc.connector.utils.FileUtils;
 import org.geysermc.connector.utils.Toolbox;
 
-import java.io.*;
+import java.io.File;
+import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
@@ -112,21 +112,11 @@ public class GeyserConnector implements Connector {
         logger.info("******************************************");
 
         try {
-            File configFile = new File("config.yml");
-            if (!configFile.exists()) {
-                FileOutputStream fos = new FileOutputStream(configFile);
-                InputStream is = GeyserConnector.class.getResourceAsStream("/config.yml");
-                int data;
-                while ((data = is.read()) != -1)
-                    fos.write(data);
-                is.close();
-                fos.close();
-            }
+            File configFile = FileUtils.fileOrCopiedFromResource("config.yml");
 
-            ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
-            config = objectMapper.readValue(configFile, GeyserConfiguration.class);
+            config = FileUtils.loadConfig(configFile, GeyserConfiguration.class);
         } catch (IOException ex) {
-            logger.severe("Failed to create config.yml! Make sure it's up to date and writable!");
+            logger.severe("Failed to read/create config.yml! Make sure it's up to date and/or readable+writable!");
             shutdown();
         }
 
diff --git a/connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java b/connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java
index fad955051..6d6185f05 100644
--- a/connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java
+++ b/connector/src/main/java/org/geysermc/connector/configuration/GeyserConfiguration.java
@@ -28,12 +28,16 @@ package org.geysermc.connector.configuration;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import lombok.Getter;
 
+import java.util.Map;
+
 @Getter
 public class GeyserConfiguration {
 
     private BedrockConfiguration bedrock;
     private RemoteConfiguration remote;
 
+    private Map<String, UserAuthenticationInfo> userAuths;
+
     @JsonProperty("ping-passthrough")
     private boolean pingPassthrough;
 
diff --git a/connector/src/main/java/org/geysermc/connector/configuration/UserAuthenticationInfo.java b/connector/src/main/java/org/geysermc/connector/configuration/UserAuthenticationInfo.java
new file mode 100644
index 000000000..e8ce14243
--- /dev/null
+++ b/connector/src/main/java/org/geysermc/connector/configuration/UserAuthenticationInfo.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2019 GeyserMC. http://geysermc.org
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @author GeyserMC
+ * @link https://github.com/GeyserMC/Geyser
+ */
+
+package org.geysermc.connector.configuration;
+
+public class UserAuthenticationInfo {
+    public String email;
+    public String password;
+}
\ No newline at end of file
diff --git a/connector/src/main/java/org/geysermc/connector/network/UpstreamPacketHandler.java b/connector/src/main/java/org/geysermc/connector/network/UpstreamPacketHandler.java
index 6309aeeac..7a0f46162 100644
--- a/connector/src/main/java/org/geysermc/connector/network/UpstreamPacketHandler.java
+++ b/connector/src/main/java/org/geysermc/connector/network/UpstreamPacketHandler.java
@@ -25,36 +25,14 @@
 
 package org.geysermc.connector.network;
 
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.JsonNodeType;
-import com.nimbusds.jose.JWSObject;
 import com.nukkitx.protocol.bedrock.BedrockPacket;
 import com.nukkitx.protocol.bedrock.packet.*;
-import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
-import net.minidev.json.JSONObject;
-import org.geysermc.api.events.player.PlayerFormResponseEvent;
-import org.geysermc.api.window.CustomFormBuilder;
-import org.geysermc.api.window.CustomFormWindow;
-import org.geysermc.api.window.FormWindow;
-import org.geysermc.api.window.component.InputComponent;
-import org.geysermc.api.window.component.LabelComponent;
-import org.geysermc.api.window.response.CustomFormResponse;
 import org.geysermc.connector.GeyserConnector;
+import org.geysermc.connector.configuration.UserAuthenticationInfo;
 import org.geysermc.connector.network.session.GeyserSession;
-import org.geysermc.connector.network.session.auth.BedrockAuthData;
-import org.geysermc.connector.network.session.cache.WindowCache;
 import org.geysermc.connector.network.translators.Registry;
 import org.geysermc.connector.utils.LoginEncryptionUtils;
 
-import javax.crypto.SecretKey;
-import java.io.IOException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.PublicKey;
-import java.security.interfaces.ECPublicKey;
-import java.security.spec.ECGenParameterSpec;
-import java.util.UUID;
-
 public class UpstreamPacketHandler extends LoggingPacketHandler {
 
     public UpstreamPacketHandler(GeyserConnector connector, GeyserSession session) {
@@ -75,49 +53,7 @@ public class UpstreamPacketHandler extends LoggingPacketHandler {
             return true;
         }
 
-        JsonNode certData;
-        try {
-            certData = LoginEncryptionUtils.JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray());
-        } catch (IOException ex) {
-            throw new RuntimeException("Certificate JSON can not be read.");
-        }
-
-        JsonNode certChainData = certData.get("chain");
-        if (certChainData.getNodeType() != JsonNodeType.ARRAY) {
-            throw new RuntimeException("Certificate data is not valid");
-        }
-
-        boolean validChain;
-        try {
-            validChain = LoginEncryptionUtils.validateChainData(certChainData);
-
-            connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
-
-            JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
-            JsonNode payload = LoginEncryptionUtils.JSON_MAPPER.readTree(jwt.getPayload().toBytes());
-
-            if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
-                throw new RuntimeException("AuthData was not found!");
-            }
-
-            JSONObject extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData");
-            session.setAuthenticationData(new BedrockAuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID")));
-
-            if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
-                throw new RuntimeException("Identity Public Key was not found!");
-            }
-
-            ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
-            JWSObject clientJwt = JWSObject.parse(loginPacket.getSkinData().toString());
-            EncryptionUtils.verifyJwt(clientJwt, identityPublicKey);
-
-            if (EncryptionUtils.canUseEncryption()) {
-                startEncryptionHandshake(identityPublicKey);
-            }
-        } catch (Exception ex) {
-            session.disconnect("disconnectionScreen.internalError.cantConnect");
-            throw new RuntimeException("Unable to complete login", ex);
-        }
+        LoginEncryptionUtils.encryptPlayerConnection(connector, session, loginPacket);
 
         PlayStatusPacket playStatus = new PlayStatusPacket();
         playStatus.setStatus(PlayStatusPacket.Status.LOGIN_SUCCESS);
@@ -153,63 +89,41 @@ public class UpstreamPacketHandler extends LoggingPacketHandler {
     @Override
     public boolean handle(ModalFormResponsePacket packet) {
         connector.getLogger().debug("Handled packet: " + packet.getClass().getSimpleName());
-        WindowCache windowCache = session.getWindowCache();
-        if (!windowCache.getWindows().containsKey(packet.getFormId()))
-            return false;
+        return LoginEncryptionUtils.authenticateFromForm(session, connector, packet.getFormData());
+    }
 
-        FormWindow window = windowCache.getWindows().remove(packet.getFormId());
-        window.setResponse(packet.getFormData().trim());
+    private boolean couldLoginUserByName(String bedrockUsername) {
+        if (connector.getConfig().getUserAuths() != null) {
+            UserAuthenticationInfo info = connector.getConfig().getUserAuths().get(bedrockUsername);
 
-        if (session.isLoggedIn()) {
-            PlayerFormResponseEvent event = new PlayerFormResponseEvent(session, packet.getFormId(), window);
-            connector.getPluginManager().runEvent(event);
-        } else {
-            if (window instanceof CustomFormWindow) {
-                CustomFormWindow customFormWindow = (CustomFormWindow) window;
-                if (!customFormWindow.getTitle().equals("Login"))
-                    return false;
+            if (info != null) {
+                connector.getLogger().info("using stored credentials for bedrock user " + session.getAuthenticationData().getName());
+                session.authenticate(info.email, info.password);
 
-                CustomFormResponse response = (CustomFormResponse) customFormWindow.getResponse();
-                session.authenticate(response.getInputResponses().get(2), response.getInputResponses().get(3));
-
-                // Clear windows so authentication data isn't accidentally cached
-                windowCache.getWindows().clear();
+                // TODO send a message to bedrock user telling them they are connected (if nothing like a motd
+                //      somes from the Java server w/in a few seconds)
+                return true;
             }
         }
-        return true;
+
+        return false;
     }
 
     @Override
     public boolean handle(MovePlayerPacket packet) {
         connector.getLogger().debug("Handled packet: " + packet.getClass().getSimpleName());
         if (!session.isLoggedIn()) {
-            CustomFormWindow window = new CustomFormBuilder("Login")
-                    .addComponent(new LabelComponent("Minecraft: Java Edition account authentication."))
-                    .addComponent(new LabelComponent("Enter the credentials for your Minecraft: Java Edition account below."))
-                    .addComponent(new InputComponent("Email/Username", "account@geysermc.org", ""))
-                    .addComponent(new InputComponent("Password", "123456", ""))
-                    .build();
+            // TODO it is safer to key authentication on something that won't change (UUID, not username)
+            if (!couldLoginUserByName(session.getAuthenticationData().getName())) {
+                LoginEncryptionUtils.showLoginWindow(session);
+            }
+            // else we were able to log the user in
 
-            session.sendForm(window, 1);
             return true;
         }
         return false;
     }
 
-    private void startEncryptionHandshake(PublicKey key) throws Exception {
-        KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
-        generator.initialize(new ECGenParameterSpec("secp384r1"));
-        KeyPair serverKeyPair = generator.generateKeyPair();
-
-        byte[] token = EncryptionUtils.generateRandomToken();
-        SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token);
-        session.getUpstream().enableEncryption(encryptionKey);
-
-        ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket();
-        packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize());
-        session.getUpstream().sendPacketImmediately(packet);
-    }
-
     @Override
     public boolean handle(AnimatePacket packet) {
         return translateAndDefault(packet);
diff --git a/connector/src/main/java/org/geysermc/connector/network/session/GeyserSession.java b/connector/src/main/java/org/geysermc/connector/network/session/GeyserSession.java
index 884134948..b7ca7a2f5 100644
--- a/connector/src/main/java/org/geysermc/connector/network/session/GeyserSession.java
+++ b/connector/src/main/java/org/geysermc/connector/network/session/GeyserSession.java
@@ -158,8 +158,12 @@ public class GeyserSession implements PlayerSession, Player {
     public void disconnect(String reason) {
         if (!closed) {
             loggedIn = false;
-            downstream.getSession().disconnect(reason);
-            upstream.disconnect(reason);
+            if (downstream != null && downstream.getSession() != null) {
+                downstream.getSession().disconnect(reason);
+            }
+            if (upstream != null) {
+                upstream.disconnect(reason);
+            }
         }
     }
 
diff --git a/connector/src/main/java/org/geysermc/connector/utils/FileUtils.java b/connector/src/main/java/org/geysermc/connector/utils/FileUtils.java
new file mode 100644
index 000000000..435bd603a
--- /dev/null
+++ b/connector/src/main/java/org/geysermc/connector/utils/FileUtils.java
@@ -0,0 +1,35 @@
+package org.geysermc.connector.utils;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import org.geysermc.connector.GeyserConnector;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+public class FileUtils {
+    public static <T> T loadConfig(File src, Class<T> valueType) throws IOException {
+        ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
+        return objectMapper.readValue(src, valueType);
+    }
+
+    public static File fileOrCopiedFromResource(String name) throws IOException {
+        File file = new File(name);
+        if (!file.exists()) {
+            FileOutputStream fos = new FileOutputStream(file);
+            InputStream is = GeyserConnector.class.getResourceAsStream("/" + name); // resources need leading "/" prefix
+
+            int data;
+            while ((data = is.read()) != -1)
+                fos.write(data);
+            is.close();
+            fos.close();
+        }
+
+        return file;
+    }
+
+
+}
diff --git a/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java b/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java
index 47584fcc2..a68e8b5cc 100644
--- a/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java
+++ b/connector/src/main/java/org/geysermc/connector/utils/LoginEncryptionUtils.java
@@ -6,15 +6,35 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.node.JsonNodeType;
 import com.nimbusds.jose.JWSObject;
 import com.nukkitx.network.util.Preconditions;
+import com.nukkitx.protocol.bedrock.packet.LoginPacket;
+import com.nukkitx.protocol.bedrock.packet.ServerToClientHandshakePacket;
 import com.nukkitx.protocol.bedrock.util.EncryptionUtils;
+import net.minidev.json.JSONObject;
+import org.geysermc.api.events.player.PlayerFormResponseEvent;
+import org.geysermc.api.window.CustomFormBuilder;
+import org.geysermc.api.window.CustomFormWindow;
+import org.geysermc.api.window.FormWindow;
+import org.geysermc.api.window.component.InputComponent;
+import org.geysermc.api.window.component.LabelComponent;
+import org.geysermc.api.window.response.CustomFormResponse;
+import org.geysermc.connector.GeyserConnector;
+import org.geysermc.connector.network.session.GeyserSession;
+import org.geysermc.connector.network.session.auth.BedrockAuthData;
+import org.geysermc.connector.network.session.cache.WindowCache;
 
+import javax.crypto.SecretKey;
+import java.io.IOException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PublicKey;
 import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.util.UUID;
 
 public class LoginEncryptionUtils {
+    private static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
 
-    public static final ObjectMapper JSON_MAPPER = new ObjectMapper().disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES);
-
-    public static boolean validateChainData(JsonNode data) throws Exception {
+    private static boolean validateChainData(JsonNode data) throws Exception {
         ECPublicKey lastKey = null;
         boolean validChain = false;
         for (JsonNode node : data) {
@@ -35,4 +55,115 @@ public class LoginEncryptionUtils {
         }
         return validChain;
     }
+
+    public static void encryptPlayerConnection(GeyserConnector connector, GeyserSession session, LoginPacket loginPacket) {
+        JsonNode certData;
+        try {
+            certData = JSON_MAPPER.readTree(loginPacket.getChainData().toByteArray());
+        } catch (IOException ex) {
+            throw new RuntimeException("Certificate JSON can not be read.");
+        }
+
+        JsonNode certChainData = certData.get("chain");
+        if (certChainData.getNodeType() != JsonNodeType.ARRAY) {
+            throw new RuntimeException("Certificate data is not valid");
+        }
+
+        encryptConnectionWithCert(connector, session, loginPacket.getSkinData().toString(), certChainData);
+    }
+
+    private static void encryptConnectionWithCert(GeyserConnector connector, GeyserSession session, String playerSkin, JsonNode certChainData) {
+        try {
+            boolean validChain = validateChainData(certChainData);
+
+            connector.getLogger().debug(String.format("Is player data valid? %s", validChain));
+
+            JWSObject jwt = JWSObject.parse(certChainData.get(certChainData.size() - 1).asText());
+            JsonNode payload = JSON_MAPPER.readTree(jwt.getPayload().toBytes());
+
+            if (payload.get("extraData").getNodeType() != JsonNodeType.OBJECT) {
+                throw new RuntimeException("AuthData was not found!");
+            }
+
+            JSONObject extraData = (JSONObject) jwt.getPayload().toJSONObject().get("extraData");
+            session.setAuthenticationData(new BedrockAuthData(extraData.getAsString("displayName"), UUID.fromString(extraData.getAsString("identity")), extraData.getAsString("XUID")));
+
+            if (payload.get("identityPublicKey").getNodeType() != JsonNodeType.STRING) {
+                throw new RuntimeException("Identity Public Key was not found!");
+            }
+
+            ECPublicKey identityPublicKey = EncryptionUtils.generateKey(payload.get("identityPublicKey").textValue());
+            JWSObject clientJwt = JWSObject.parse(playerSkin);
+            EncryptionUtils.verifyJwt(clientJwt, identityPublicKey);
+
+            if (EncryptionUtils.canUseEncryption()) {
+                LoginEncryptionUtils.startEncryptionHandshake(session, identityPublicKey);
+            }
+        } catch (Exception ex) {
+            session.disconnect("disconnectionScreen.internalError.cantConnect");
+            throw new RuntimeException("Unable to complete login", ex);
+        }
+    }
+
+    private static void startEncryptionHandshake(GeyserSession session, PublicKey key) throws Exception {
+        KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
+        generator.initialize(new ECGenParameterSpec("secp384r1"));
+        KeyPair serverKeyPair = generator.generateKeyPair();
+
+        byte[] token = EncryptionUtils.generateRandomToken();
+        SecretKey encryptionKey = EncryptionUtils.getSecretKey(serverKeyPair.getPrivate(), key, token);
+        session.getUpstream().enableEncryption(encryptionKey);
+
+        ServerToClientHandshakePacket packet = new ServerToClientHandshakePacket();
+        packet.setJwt(EncryptionUtils.createHandshakeJwt(serverKeyPair, token).serialize());
+        session.getUpstream().sendPacketImmediately(packet);
+    }
+
+    private static int AUTH_FORM_ID = 1337;
+
+    public static void showLoginWindow(GeyserSession session) {
+        CustomFormWindow window = new CustomFormBuilder("Login")
+                .addComponent(new LabelComponent("Minecraft: Java Edition account authentication."))
+                .addComponent(new LabelComponent("Enter the credentials for your Minecraft: Java Edition account below."))
+                .addComponent(new InputComponent("Email/Username", "account@geysermc.org", ""))
+                .addComponent(new InputComponent("Password", "123456", ""))
+                .build();
+
+        session.sendForm(window, AUTH_FORM_ID);
+    }
+
+    public static boolean authenticateFromForm(GeyserSession session, GeyserConnector connector, String formData) {
+        WindowCache windowCache = session.getWindowCache();
+        if (!windowCache.getWindows().containsKey(AUTH_FORM_ID))
+            return false;
+
+        FormWindow window = windowCache.getWindows().remove(AUTH_FORM_ID);
+        window.setResponse(formData.trim());
+
+        if (session.isLoggedIn()) {
+            PlayerFormResponseEvent event = new PlayerFormResponseEvent(session, AUTH_FORM_ID, window);
+            connector.getPluginManager().runEvent(event);
+        } else {
+            if (window instanceof CustomFormWindow) {
+                CustomFormWindow customFormWindow = (CustomFormWindow) window;
+                if (!customFormWindow.getTitle().equals("Login"))
+                    return false;
+
+                CustomFormResponse response = (CustomFormResponse) customFormWindow.getResponse();
+
+                if (response != null) {
+                    String email = response.getInputResponses().get(2);
+                    String password = response.getInputResponses().get(3);
+
+                    session.authenticate(email, password);
+                }
+
+                // TODO should we clear the window cache in all cases or just if not already logged in?
+                // Clear windows so authentication data isn't accidentally cached
+                windowCache.getWindows().clear();
+            }
+        }
+        return true;
+    }
+
 }
diff --git a/connector/src/main/resources/config.yml b/connector/src/main/resources/config.yml
index 885e5cf7c..72ddf1864 100644
--- a/connector/src/main/resources/config.yml
+++ b/connector/src/main/resources/config.yml
@@ -21,6 +21,19 @@ remote:
   port: 25565
   online-mode: false
 
+## the Xbox/MCPE username is the key for the Java server auth-info
+## this allows automatic configuration/login to the remote Java server
+## if you are brave/stupid enough to put your Mojang account info into
+## a config file
+#userAuths:
+#  bluerkelp2: # MCPE/Xbox username
+#    email: not_really_my_email_address_mr_minecrafter53267@gmail.com # Mojang account email address
+#    password: "this isn't really my password"
+#
+#  herpderp40300499303040503030300500293858393589:
+#    email: herpderp@derpherp.com
+#    password: dooooo
+
 # Relay the MOTD, player count and max players from the remote server
 ping-passthrough: false