While an official account system has been discussed before it has never been discussed in detail. This should hopefully explain in detail how it would be possible to do so and to discuss possible flaws etc. (all of this is just my personal ideas, feel free to discuss in comments about anything I've missed, overlooked, you oppose, etc. If something has a ? after it, it is safe to assume that it is something I am uncertain about and it should be considered further.)
An official account system would be great since it allows people to better identify other people and know that who they are talking to is actually who they think they are talking to, it would also allow features such as admin commands, XP, etc.

Configuration

If an account system is added then a new setting would need to be added to the server software and it should have two (maybe more) options

Account required - To join the server an account must be registered by the user joining.
Account not required - Any user can join with any username.
Admin account required* - Any user can join with any username except for any username which matches an admin's username, in which case the user needs to have an account.

* - not required but would be nice to have.

How the server would authenticate the user.

Since the server is open source and anyone can grab a copy of the server for themselves, due to this the system must be secure so nobody can log into another person's account.
A possible way to do this is when a user logs in it gives them an internal token which is stored in a cookie or storage. When a client attempts to join a game server which requires them to be logged in it will first send a request to the account server asking for a temp token, which is temporarily stored on the account sever (gets destroyed after 1 minute?) and returned to to the client. The client then sends the temp token to the game server they are joining, the temp token is then sent from the game server to the account server which responds with the info for that user if it exists and immediately destroys the temp token. While this system would be mostly secure it would still be possible if someone tried hard enough to log into a game server as another user, due to this any admin commands should require additional authentication before being used e.g. using /auth serverAdminPasssword before using any commands (only have to run the auth command once, the password would be server specific for that admin.).

Account server.

Due to the massive changes required to make the account system it may be a good idea to make a server separate from smmdb. Maybe even using the new server also as the server list for v3.0 and above and continuing to use smmdb for any servers under v3.0, This would of course make accounts a 3.0+ feature but would be easier as you would not need to make the new server support both below and above 3.0.

Account data

The data of the user which is stored to the database (just ideas, it could be different)

{
    // Required
    "id": 1, //Id of the user, should be used for saving data instead of the username
    "username": "OnlyTwentyCharacters", //20 character limit? Case sensitive?
    "password": "hashed and salted password", //The password should be hashed, and salted with the username.
    "token": "abcdef", //100 character string? Used for remembering the login for a device
    "banned": true, //If set to true it will disallow the user from putting servers into the server list and interacting with other members etc.
    "banReason": "General spam", //A string that stores the reason for the users ban.
    
    // Not required but would be nice to have
    "registeredDate": 0, //Unix of when the user was registered
    "apiToken": "abcdef", //20 character string? Used for putting servers into a server list (if the account server also includes a server list)
    "isHoster": true //Set to true after the user hosts a dedicated server for the first time
}

Since net64+ is no longer in active maintenance new features are likely not getting added.