Skip to content
Stacked

Add two-factor authentication

Lock down your login flow. Add a second layer of security without building it yourself.

2fatwo-factormfasecurityauthenticationtotpsmsauthenticatorlogin securityaccount protection

Tools that power the Add two-factor authentication stack

Supabase Auth logo

Supabase Auth

MFA provider

Built-in TOTP multi-factor authentication with QR code enrollment flow

See all stacks with Supabase Auth
Twilio Verify logo

Twilio Verify

SMS verification

Send one-time passcodes via SMS or voice call with global delivery

See all stacks with Twilio Verify
Authy logo

Authy

2FA authenticator app

Twilio's end-user authenticator app with cloud backup for TOTP codes

See all stacks with Authy
Google Authenticator logo

Google Authenticator

TOTP app

Widely-used TOTP app that generates 6-digit codes every 30 seconds

See all stacks with Google Authenticator
  1. 1
    Supabase Auth

    Enable MFA in your Supabase project under Authentication → Settings. In your app, call supabase.auth.mfa.enroll() to generate a TOTP QR code for the user to scan with their authenticator app. On subsequent logins, call supabase.auth.mfa.challengeAndVerify() with the 6-digit code before granting full session access.

    Open Supabase Auth
  2. 2
    Twilio Verify

    Sign up for Twilio and create a Verify service in the console. Call the Verify API's /start-verification endpoint with the user's phone number to send an SMS code. On submission, call /check-verification to confirm the code matches. Store a verified flag on the user record once complete.

    Open Twilio Verify
  3. 3
    Authy

    Direct users to download the Authy app from the App Store or Google Play. When they enroll TOTP in your app, they can scan the same QR code into Authy. Authy backs up codes to the cloud so users are not locked out if they lose their phone.

    Open Authy
  4. 4
    Google Authenticator

    When displaying the TOTP QR code during enrollment, label it clearly with your app name so users can identify it in Google Authenticator. Use the otpauth:// URI format with your app name as the issuer. Test recovery codes by simulating a lost device scenario before going live.

    Open Google Authenticator

Frequently asked questions

Costs depend on your scale. Most tools in this stack offer a free tier to start. Open the cost calculator on this page to estimate monthly cost based on your users and revenue.

This stack uses 4 tools: Supabase Auth, Twilio Verify, Authy, Google Authenticator. Each tool is picked to work well with the others and to cover a specific part of the workflow.

Yes. The stack is a recommended starting point. You can replace any tool with an alternative you already use. Check the setup guide first to confirm the integration points you'll need to rebuild.

Most makers finish the 4-step setup in under an hour. Creating accounts and connecting the first integration takes the most time.

Related stacks

Add login and signup

Let people sign up and log in securely. The boring auth stuff, handled.

Shares: Supabase Auth (relevance score 4)

See the full Add login and signup workflow

Protect your API from abuse

Protect your API before someone hammers it. Fair usage enforced automatically.

Protect your API from abuse setup guide

Ship landing page today

Go live today, not next week. From blank page to launched in hours.

Explore the Ship landing page today stack

Accept payments online

Start getting paid. Everything wired together so nothing falls through the cracks.

How to build Accept payments online

Browse more stacks by category

More 2fa stacksMore two-factor stacksMore mfa stacksMore security stacksMore authentication stacksMore totp stacksMore sms stacksMore authenticator stacksMore login security stacksMore account protection stacks

Have a better stack?

Share your favorite tool combination and help other builders.

Suggest a stack