Docs

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA), also called Two-Factor Authentication (2FA) improves login security for users.

Nhost uses Time-based One-time Password algorithm (TOTP) for MFA.

If MFA is enabled, a user must both use email/password and a Time-based One-Time Password (TOPT) to be able to login.

By default, users has MFA disabled.

#How to enable for a user:

Generate MFA QR code
Scan MFA QR code with password manager
Get a code (one-time password) from password manager
Use code to enable MFA.

#How to disable MFA for a user

Get a code (one-time password) from password manager
Use code to disable MFA.

Login using email and password
Save ticket response from the login
Copy code one-time password from password manager
Send ticket and code to TOTP login
User is logged in.

#MFA clients

If you have a password manager there is usually built-in support for MFA.

You can also use a stand-alone MFA client such as Google Authenticator.

Edit this page on Github:

https://github.com/nhost/docs/tree/master/src/pages/auth/multi-factor-authentication.mdx

On this page

How to enable for a user:

How to disable MFA for a user

How to login when MFA is enabled