Add two-factor authentication
Lock down your login flow. Add a second layer of security without building it yourself.
Tools in this stack
Supabase Auth
MFA provider
Built-in TOTP multi-factor authentication with QR code enrollment flow
Twilio Verify
SMS verification
Send one-time passcodes via SMS or voice call with global delivery
Authy
2FA authenticator app
Twilio's end-user authenticator app with cloud backup for TOTP codes
Google Authenticator
TOTP app
Widely-used TOTP app that generates 6-digit codes every 30 seconds
- 1Supabase Auth
Enable MFA in your Supabase project under Authentication → Settings. In your app, call supabase.auth.mfa.enroll() to generate a TOTP QR code for the user to scan with their authenticator app. On subsequent logins, call supabase.auth.mfa.challengeAndVerify() with the 6-digit code before granting full session access.
Open Supabase Auth - 2Twilio Verify
Sign up for Twilio and create a Verify service in the console. Call the Verify API's /start-verification endpoint with the user's phone number to send an SMS code. On submission, call /check-verification to confirm the code matches. Store a verified flag on the user record once complete.
Open Twilio Verify - 3Authy
Direct users to download the Authy app from the App Store or Google Play. When they enroll TOTP in your app, they can scan the same QR code into Authy. Authy backs up codes to the cloud so users are not locked out if they lose their phone.
Open Authy - 4Google Authenticator
When displaying the TOTP QR code during enrollment, label it clearly with your app name so users can identify it in Google Authenticator. Use the otpauth:// URI format with your app name as the issuer. Test recovery codes by simulating a lost device scenario before going live.
Open Google Authenticator
Other stacks you might like
Know a better stack?
Share your favourite tool combination with the community.