diff --git a/src/network/network_admin.cpp b/src/network/network_admin.cpp
index ba2d7b8632..530225111a 100644
--- a/src/network/network_admin.cpp
+++ b/src/network/network_admin.cpp
@@ -802,10 +802,10 @@ NetworkRecvStatus ServerNetworkAdminSocketHandler::Receive_ADMIN_JOIN_SECURE(Pac
 
 	this->admin_name = p.Recv_string(NETWORK_CLIENT_NAME_LENGTH);
 	this->admin_version = p.Recv_string(NETWORK_REVISION_LENGTH);
-	NetworkAuthenticationMethodMask method_mask = p.Recv_uint16();
+	NetworkAuthenticationMethodMask method_mask{p.Recv_uint16()};
 
 	/* Always exclude key exchange only, as that provides no credential checking. */
-	ClrBit(method_mask, NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY);
+	method_mask.Reset(NetworkAuthenticationMethod::X25519_KeyExchangeOnly);
 
 	if (this->admin_name.empty() || this->admin_version.empty()) {
 		/* No name or version supplied. */
diff --git a/src/network/network_crypto.cpp b/src/network/network_crypto.cpp
index 783a5e398c..8bd67ab3e3 100644
--- a/src/network/network_crypto.cpp
+++ b/src/network/network_crypto.cpp
@@ -386,7 +386,7 @@ NetworkAuthenticationServerHandler::ResponseResult X25519AuthenticationHandler::
 
 /* virtual */ NetworkAuthenticationMethod CombinedAuthenticationClientHandler::GetAuthenticationMethod() const
 {
-	return this->current_handler != nullptr ? this->current_handler->GetAuthenticationMethod() : NETWORK_AUTH_METHOD_END;
+	return this->current_handler != nullptr ? this->current_handler->GetAuthenticationMethod() : NetworkAuthenticationMethod::End;
 }
 
 
@@ -406,7 +406,7 @@ void CombinedAuthenticationServerHandler::Add(CombinedAuthenticationServerHandle
 {
 	Debug(net, 9, "Sending {} authentication request", this->GetName());
 
-	p.Send_uint8(this->handlers.back()->GetAuthenticationMethod());
+	p.Send_uint8(to_underlying(this->handlers.back()->GetAuthenticationMethod()));
 	this->handlers.back()->SendRequest(p);
 }
 
@@ -428,7 +428,7 @@ void CombinedAuthenticationServerHandler::Add(CombinedAuthenticationServerHandle
 
 /* virtual */ NetworkAuthenticationMethod CombinedAuthenticationServerHandler::GetAuthenticationMethod() const
 {
-	return this->CanBeUsed() ? this->handlers.back()->GetAuthenticationMethod() : NETWORK_AUTH_METHOD_END;
+	return this->CanBeUsed() ? this->handlers.back()->GetAuthenticationMethod() : NetworkAuthenticationMethod::End;
 }
 
 /* virtual */ bool CombinedAuthenticationServerHandler::CanBeUsed() const
@@ -479,15 +479,15 @@ std::unique_ptr<NetworkAuthenticationServerHandler> NetworkAuthenticationServerH
 {
 	auto secret = X25519SecretKey::CreateRandom();
 	auto handler = std::make_unique<CombinedAuthenticationServerHandler>();
-	if (password_provider != nullptr && HasBit(client_supported_method_mask, NETWORK_AUTH_METHOD_X25519_PAKE)) {
+	if (password_provider != nullptr && client_supported_method_mask.Test(NetworkAuthenticationMethod::X25519_PAKE)) {
 		handler->Add(std::make_unique<X25519PAKEServerHandler>(secret, password_provider));
 	}
 
-	if (authorized_key_handler != nullptr && HasBit(client_supported_method_mask, NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY)) {
+	if (authorized_key_handler != nullptr && client_supported_method_mask.Test(NetworkAuthenticationMethod::X25519_AuthorizedKey)) {
 		handler->Add(std::make_unique<X25519AuthorizedKeyServerHandler>(secret, authorized_key_handler));
 	}
 
-	if (!handler->CanBeUsed() && HasBit(client_supported_method_mask, NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY)) {
+	if (!handler->CanBeUsed() && client_supported_method_mask.Test(NetworkAuthenticationMethod::X25519_KeyExchangeOnly)) {
 		/* Fall back to the plain handler when neither password, nor authorized keys are configured. */
 		handler->Add(std::make_unique<X25519KeyExchangeOnlyServerHandler>(secret));
 	}
diff --git a/src/network/network_crypto.h b/src/network/network_crypto.h
index 8db3f96f07..acb9646c82 100644
--- a/src/network/network_crypto.h
+++ b/src/network/network_crypto.h
@@ -174,15 +174,15 @@ public:
 
 
 /** The authentication method that can be used. */
-enum NetworkAuthenticationMethod : uint8_t {
-	NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY, ///< No actual authentication is taking place, just perform a x25519 key exchange. This method is not supported for the admin connection.
-	NETWORK_AUTH_METHOD_X25519_PAKE, ///< Authentication using x25519 password-authenticated key agreement.
-	NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY, ///< Authentication using x22519 key exchange and authorized keys.
-	NETWORK_AUTH_METHOD_END, ///< Must ALWAYS be on the end of this list!! (period)
+enum class NetworkAuthenticationMethod : uint8_t {
+	X25519_KeyExchangeOnly, ///< No actual authentication is taking place, just perform a x25519 key exchange. This method is not supported for the admin connection.
+	X25519_PAKE, ///< Authentication using x25519 password-authenticated key agreement.
+	X25519_AuthorizedKey, ///< Authentication using x22519 key exchange and authorized keys.
+	End, ///< Must ALWAYS be on the end of this list!! (period)
 };
 
 /** The mask of authentication methods that can be used. */
-using NetworkAuthenticationMethodMask = uint16_t;
+using NetworkAuthenticationMethodMask = EnumBitSet<NetworkAuthenticationMethod, uint16_t>;
 
 /**
  * Base class for cryptographic authentication handlers.
@@ -296,7 +296,7 @@ public:
 	 */
 	virtual std::string GetPeerPublicKey() const = 0;
 
-	static std::unique_ptr<NetworkAuthenticationServerHandler> Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask = ~static_cast<NetworkAuthenticationMethodMask>(0));
+	static std::unique_ptr<NetworkAuthenticationServerHandler> Create(const NetworkAuthenticationPasswordProvider *password_provider, const NetworkAuthenticationAuthorizedKeyHandler *authorized_key_handler, NetworkAuthenticationMethodMask client_supported_method_mask = {NetworkAuthenticationMethod::X25519_KeyExchangeOnly, NetworkAuthenticationMethod::X25519_PAKE, NetworkAuthenticationMethod::X25519_AuthorizedKey});
 };
 
 #endif /* NETWORK_CRYPTO_H */
diff --git a/src/network/network_crypto_internal.h b/src/network/network_crypto_internal.h
index 8ddee7e656..753d0eb796 100644
--- a/src/network/network_crypto_internal.h
+++ b/src/network/network_crypto_internal.h
@@ -144,7 +144,7 @@ public:
 	virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
 
 	virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-client"; }
-	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY; }
+	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_KeyExchangeOnly; }
 
 	virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
 	virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
@@ -168,7 +168,7 @@ public:
 	virtual ResponseResult ReceiveResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveResponse(p, {}); }
 
 	virtual std::string_view GetName() const override { return "X25519-KeyExchangeOnly-server"; }
-	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_KEY_EXCHANGE_ONLY; }
+	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_KeyExchangeOnly; }
 	virtual bool CanBeUsed() const override { return true; }
 
 	virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
@@ -198,7 +198,7 @@ public:
 	virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, this->handler->password); }
 
 	virtual std::string_view GetName() const override { return "X25519-PAKE-client"; }
-	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_PAKE; }
+	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_PAKE; }
 
 	virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
 	virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
@@ -225,7 +225,7 @@ public:
 	virtual ResponseResult ReceiveResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveResponse(p, this->password_provider->GetPassword()); }
 
 	virtual std::string_view GetName() const override { return "X25519-PAKE-server"; }
-	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_PAKE; }
+	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_PAKE; }
 	virtual bool CanBeUsed() const override { return !this->password_provider->GetPassword().empty(); }
 
 	virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
@@ -253,7 +253,7 @@ public:
 	virtual bool SendResponse(struct Packet &p) override { return this->X25519AuthenticationHandler::SendResponse(p, {}); }
 
 	virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-client"; }
-	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY; }
+	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_AuthorizedKey; }
 
 	virtual bool ReceiveEnableEncryption(struct Packet &p) override { return this->X25519AuthenticationHandler::ReceiveEnableEncryption(p); }
 	virtual std::unique_ptr<NetworkEncryptionHandler> CreateClientToServerEncryptionHandler() const override { return this->X25519AuthenticationHandler::CreateClientToServerEncryptionHandler(); }
@@ -283,7 +283,7 @@ public:
 	virtual ResponseResult ReceiveResponse(struct Packet &p) override;
 
 	virtual std::string_view GetName() const override { return "X25519-AuthorizedKey-server"; }
-	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY; }
+	virtual NetworkAuthenticationMethod GetAuthenticationMethod() const override { return NetworkAuthenticationMethod::X25519_AuthorizedKey; }
 	virtual bool CanBeUsed() const override { return this->authorized_key_handler->CanBeUsed(); }
 
 	virtual std::string GetPeerPublicKey() const override { return this->X25519AuthenticationHandler::GetPeerPublicKey(); }
diff --git a/src/network/network_server.cpp b/src/network/network_server.cpp
index 1133ebd2ab..6ed1797677 100644
--- a/src/network/network_server.cpp
+++ b/src/network/network_server.cpp
@@ -932,9 +932,9 @@ NetworkRecvStatus ServerNetworkGameSocketHandler::Receive_CLIENT_IDENTIFY(Packet
 static NetworkErrorCode GetErrorForAuthenticationMethod(NetworkAuthenticationMethod method)
 {
 	switch (method) {
-		case NETWORK_AUTH_METHOD_X25519_PAKE:
+		case NetworkAuthenticationMethod::X25519_PAKE:
 			return NETWORK_ERROR_WRONG_PASSWORD;
-		case NETWORK_AUTH_METHOD_X25519_AUTHORIZED_KEY:
+		case NetworkAuthenticationMethod::X25519_AuthorizedKey:
 			return NETWORK_ERROR_NOT_ON_ALLOW_LIST;
 
 		default: