Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA), also called Two-Factor Authentication (2FA) improves login security for users.

Nhost uses Time-based One-time Password algorithm (TOTP) for MFA.

If MFA is enabled, a user must both use email/password and a Time-based One-Time Password (TOPT) to be able to login.

By default, users has MFA disabled.

#How to enable for a user:

#How to disable MFA for a user

  • Get a code (one-time password) from password manager
  • Use code to disable MFA.

#How to login when MFA is enabled

  • Login using email and password
  • Save ticket response from the login
  • Copy code one-time password from password manager
  • Send ticket and code to TOTP login
  • User is logged in.

#MFA clients

If you have a password manager there is usually built-in support for MFA.

You can also use a stand-alone MFA client such as Google Authenticator.