Two-Factor Authentication (2FA)

TurboStarter uses Better Auth's 2FA plugin to provide multi-factor authentication (MFA) capabilities. Two-factor authentication adds an extra layer of security by requiring users to provide a second form of verification alongside their password.

Available methods

TurboStarter supports multiple 2FA verification methods through Better Auth:

TOTP (Time-based One-Time Password) - codes generated by authenticator apps
OTP (One-Time Password) - codes sent via email or SMS
Backup codes - single-use recovery codes for account recovery

You can use any TOTP-compatible authenticator app, such as:

How it works

Enabling 2FA

Enable 2FA: Users enable two-factor authentication in their account security settings
Setup authenticator: A QR code is displayed for users to scan with their authenticator app
Verify setup: Users enter a verification code from their authenticator to confirm setup
Backup codes: Users receive single-use backup codes for account recovery

Recovery codes are essential for account recovery if users lose access to their authenticator device. Make sure to educate users about safely storing their backup codes.

Using 2FA

Sign in normally: Users enter their email and password as usual
2FA prompt: After successful password verification, users are prompted for their 2FA code
Enter verification code: Users input the 6-digit code from their authenticator app
Access granted: Upon successful verification, users gain access to their account

Trusted devices

Users can mark devices as trusted during 2FA verification. Trusted devices won't require 2FA verification for 60 days, providing a balance between security and convenience.

Configuration

2FA is configured through Better Auth's plugin system. The plugin handles:

Secure secret generation and storage
QR code generation for authenticator setup
TOTP code validation
Backup code generation and management
Trusted device management

For detailed implementation instructions, refer to the Better Auth 2FA documentation.