Technical & DevelopmentAdvanced
two-factor-authentication-best-practices
Configure TOTP authenticator apps, send OTP codes via email/SMS, manage backup codes, handle trusted devices, and implement 2FA sign-in flows using Better Auth's twoFactor plugin.
Developer Setup
Setup & Installation
bash
npx skills add https://github.com/better-auth/skills --skill two-factor-authentication-best-practicesnpx skills add https://github.com/better-auth/skills --skill two-factor-authentication-best-practicesOr paste this URL into your assistant to install:
Overview
What This Skill Does
Integrates multi-factor authentication (MFA) using TOTP (authenticator apps like Google Authenticator or 1Password) or OTP (sent via email/SMS), along with backup codes and trusted device tracking.
Application
When to use this Skill
- Enforcing Multi-Factor Authentication (MFA) to satisfy compliance, audit, or corporate security requirements.
- Integrating authenticator apps (Google Authenticator, Microsoft Authenticator) via Time-based One-Time Passwords (TOTP) and QR codes.
- Sending one-time passwords (OTP) to user phones or email addresses dynamically.
- Generating secure, single-use backup recovery codes for users who lose access to their primary MFA device.
- Tracking trusted devices to let returning users bypass the MFA check for a specified duration.
Documentation
Show Skills.md file
Better Auth Two-Factor Authentication
Setup
- Add
twoFactor()plugin to server config withissuer - Add
twoFactorClient()plugin to client config - Run
npx @better-auth/cli migrate - Verify: check that
twoFactorSecretcolumn exists on user table
import { betterAuth } from "better-auth";
import { twoFactor } from "better-auth/plugins";
export const auth = betterAuth({
appName: "My App",
plugins: [
twoFactor({
issuer: "My App",
}),
],
});
Client-Side Setup
Lines 1 - 25 of 100
Recommendations