Skills

two-factor-authentication-best-practices

Installation
Summary

Multi-factor authentication with TOTP, OTP, backup codes, and trusted device management for Better Auth.

  • Supports three verification methods: authenticator apps (TOTP with QR codes), email/SMS codes (OTP), and single-use backup codes
  • Handles complete 2FA sign-in flows with automatic session management, temporary 2FA cookies, and trusted device tracking with configurable expiration
  • Built-in security features including rate limiting (3 requests per 10 seconds), encryption at rest for secrets and backup codes, and constant-time code comparison
  • Configurable code parameters: TOTP digits (6 or 8), OTP validity period, backup code count and length, and custom encryption for OTP storage
SKILL.md

Setup

  1. Add twoFactor() plugin to server config with issuer
  2. Add twoFactorClient() plugin to client config
  3. Run npx @better-auth/cli migrate
  4. Verify: check that twoFactorSecret column exists on user table
import { betterAuth } from "better-auth";
import { twoFactor } from "better-auth/plugins";
Installs
19.9K
Repository
better-auth/skills
GitHub Stars
197
First Seen
Feb 10, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
two-factor-authentication-best-practices — better-auth/skills