Skills

two-factor-authentication-best-practices

Installation
SKILL.md

When to Apply This Skill

Use this pattern when you need to:

  • Configure Better Auth 2FA with twoFactor() and twoFactorClient().
  • Implement TOTP apps, OTP delivery (email/SMS), and backup code recovery.
  • Handle twoFactorRedirect in credential sign-in flows.
  • Add trusted-device behavior and 2FA verification UX.
  • Tune 2FA security settings like rate limits, cookie age, and encrypted OTP storage.

Setup

Reference Repositories

  • Better Auth — TypeScript authentication framework with plugins

Upstream Grounding

When Better Auth two-factor plugin API shape, redirect behavior, TOTP verification, backup-code handling, trusted-device cookies, or security defaults affect correctness, ask DeepWiki a narrow question against better-auth/better-auth before relying on memory. Use it to orient, then verify decisive details against local installed types, source, or official docs before changing code.

Installs
9
Repository
epicenterhq/epicenter
GitHub Stars
4.6K
First Seen
Mar 17, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
two-factor-authentication-best-practices — epicenterhq/epicenter