A device is configured to identify a physical location within a virtual environment for an avatar that is associated with a user and to obtain a first token from a token map based on the physical location within the virtual environment for the avatar that is associated with the user. The device is further configured to receive physical attribute information for the user in the real world and to obtain a second token from the token map based on the physical attribute information for the user in the real world. The device is further configured to generate an authentication token by combining the first token and the second token and to verify an identify of the user based on the authentication token.