alezmad/claudemesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bf22afb0ed7bdde18ff122bf8a24fd4feab994ea
claudemesh/.context/turbostarter-framework-context/sections/web/auth/2fa.md
Alejandro Gutiérrez d3163a5bff feat(db): mesh data model — meshes, members, invites, audit log 
- pgSchema "mesh" with 4 tables isolating the peer mesh domain
- Enums: visibility, transport, tier, role
- audit_log is metadata-only (E2E encryption enforced at broker/client)
- Cascade on mesh delete, soft-delete via archivedAt/revokedAt

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 21:19:32 +01:00

3.2 KiB
Raw Blame History

title, description, url
title description url
Two-Factor Authentication (2FA) Add an extra layer of security with two-factor authentication. /docs/web/auth/2fa

Two-Factor Authentication (2FA)

TurboStarter uses Better Auth's 2FA plugin to provide multi-factor authentication (MFA) capabilities. Two-factor authentication adds an extra layer of security by requiring users to provide a second form of verification alongside their password.

Available methods

TurboStarter supports multiple 2FA verification methods through Better Auth:

  • TOTP (Time-based One-Time Password) - codes generated by authenticator apps
  • OTP (One-Time Password) - codes sent via email or SMS
  • Backup codes - single-use recovery codes for account recovery

You can use any TOTP-compatible authenticator app, such as:

Enabling 2FA

### Enable in settings 
Users enable two-factor authentication in their account security settings.

![Enable 2FA](/images/docs/web/auth/two-factor/enable.png)
### Setup authenticator 
A QR code is displayed for users to scan with their authenticator app.

![Setup authenticator](/images/docs/web/auth/two-factor/authenticator-app.png)
### Verify setup 
Users enter a verification code from their authenticator to confirm setup.
### Backup codes 
Users receive single-use backup codes for account recovery.

![Backup codes](/images/docs/web/auth/two-factor/backup-codes.png)
Recovery codes are essential for account recovery if users lose access to their authenticator device. Make sure to educate users about safely storing their backup codes.

Using 2FA

### Sign in normally 
Users enter their email and password or other methods as usual.
### 2FA prompt 
After successful password verification, users are prompted for their 2FA code.

![2FA prompt](/images/docs/web/auth/two-factor/sign-in-prompt.png)
### Enter verification code 
Users input the 6-digit code from their authenticator app.
### Access granted 
Upon successful verification, users gain access to their account.

Trusted devices

Users can mark devices as trusted during 2FA verification. Trusted devices won't require 2FA verification for 60 days, providing a balance between security and convenience.

Configuration

2FA is configured through Better Auth's plugin system. The plugin handles:

  • Secure secret generation and storage
  • QR code generation for authenticator setup
  • TOTP code validation
  • Backup code generation and management
  • Trusted device management

For detailed implementation instructions, refer to the Better Auth 2FA documentation.

Reference in New Issue View Git Blame Copy Permalink