Multi-Factor Authentication Configuration

Configure TOTP-based multi-factor authentication for enhanced account security.

MFA adds an extra layer of security by requiring a second factor (time-based one-time password) in addition to the password.

MFA Overview

What is MFA?

  • Second authentication factor after password
  • Time-based One-Time Password (TOTP)
  • Compatible with authenticator apps (Google Authenticator, Authy, 1Password, etc.)
  • 6-digit codes that change every 30 seconds

This is a great way to add an extra layer of security to your application for your users.

MFA Setup Flow

User Enables MFA

  1. User navigates to Security Settings (in the /settings/security route)
  2. Clicks "Enable MFA"
  3. QR code generated and displayed
  4. User scans QR code with authenticator app
  5. User enters first TOTP code to verify
  6. Recovery codes generated and shown
  7. User saves recovery codes
  8. MFA enabled for account

MFA Login Flow

Challenge Flow

  1. User enters email and password
  2. Credentials verified
  3. Check if MFA enabled for user
  4. Show TOTP input form
  5. User enters 6-digit code
  6. Code verified
  7. Session created
  8. User signed in

Recovery Codes

Users can choose to use recovery codes instead of the TOTP code when they are not able to access their authenticator app.

Next: Captcha Plugin →