Feature — Two-Factor Authentication (TOTP)
Better Auth ships a first-party twoFactor plugin that handles TOTP (Google Authenticator, Authy, 1Password), backup codes, and trusted devices out of the box. This is a high-value, low-effort addition for v0.2.
What you get for free
- TOTP QR code generation (
totpURI returned on enable)
- Encrypted secret stored in DB
- Backup codes (one-time use recovery)
- Trusted device support (skip 2FA for 30 days on known device)
twoFactorEnabled flag on the user object
Server setup
import { twoFactor } from 'better-auth/plugins'
export const auth = betterAuth({
plugins: [
twoFactor({
issuer: 'Vibe Auth',
totpOptions: { digits: 6, period: 30 },
}),
],
})Admin panel integration
The existing admin panel already shows user metadata — add a 2FA enabled badge to the users table as a read-only indicator. No new routes needed for MVP.
User settings integration
Add a new "Security" tab section in user settings:
- Show current 2FA status
- "Enable 2FA" button → shows QR code modal + backup codes
- "Disable 2FA" button (requires password confirmation)
References
Feature — Two-Factor Authentication (TOTP)
Better Auth ships a first-party
twoFactorplugin that handles TOTP (Google Authenticator, Authy, 1Password), backup codes, and trusted devices out of the box. This is a high-value, low-effort addition for v0.2.What you get for free
totpURIreturned on enable)twoFactorEnabledflag on the user objectServer setup
Admin panel integration
The existing admin panel already shows user metadata — add a
2FA enabledbadge to the users table as a read-only indicator. No new routes needed for MVP.User settings integration
Add a new "Security" tab section in user settings:
References