Security
1,174 installs
two-factor-authentication-best-practices
by better-auth/skills
Configure TOTP authenticator apps, send OTP codes via email/SMS, manage backup codes, handle trusted devices, and implement 2FA sign-in flows using Better…
Skill content
Multi-factor authentication with TOTP, OTP, backup codes, and trusted device management for Better Auth.
- Supports three verification methods: authenticator apps (TOTP with QR codes), email/SMS codes (OTP), and single-use backup codes
- Handles complete 2FA sign-in flows with automatic session management, temporary 2FA cookies, and trusted device tracking with configurable expiration
- Built-in security features including rate limiting (3 requests per 10 seconds), encryption at rest for secrets and backup codes, and constant-time code comparison
- Configurable code parameters: TOTP digits (6 or 8), OTP validity period, backup code count and length, and custom encryption for OTP storage
Setup
- Add twoFactor() plugin to server config with issuer
- Add twoFactorClient() plugin to client config
- Run npx @better-auth/cli migrate
- Verify: check that twoFactorSecret column exists on user table
import { betterAuth } from "better-auth";
import { twoFactor } from "better-auth/plugins";