Skip to content

Add multi-factor authentication option #45

@VictrixHominum

Description

@VictrixHominum

Which feature are you enhancing?
Account security through additional authentication factors

Why is this required?
Even with strong passwords, single-factor authentication remains vulnerable to various attack vectors. Multi-factor authentication adds a critical second layer of security, significantly reducing the risk of unauthorized access even if passwords are compromised.

Any additional context?
Implementation Steps:

  1. Extend user model and database schema:

    • Add MFA-related fields to User model in Prisma schema
    • Create tables for storing TOTP secrets and recovery codes
    • Add MFA status and preferences to user profile
  2. Implement TOTP authentication:

    • Integrate a TOTP library (like otplib)
    • Create secure secret generation and storage
    • Implement QR code generation for app setup
    • Add verification endpoints for TOTP codes
  3. Add email-based verification as fallback:

    • Create email templates for verification codes
    • Implement secure code generation and expiration
    • Add rate limiting for email verification attempts
    • Create verification endpoints for email codes
  4. Generate and manage recovery codes:

    • Implement secure recovery code generation
    • Store hashed recovery codes in the database
    • Create UI for viewing and regenerating codes
    • Add recovery code verification flow
  5. Create user interfaces:

    • Build MFA setup wizard with clear instructions
    • Add MFA toggle in user settings
    • Create verification screens for login attempts
    • Implement device remembering functionality
  6. Update authentication flow:

    • Modify login process to check for MFA requirement
    • Create step-up authentication for sensitive actions
    • Add session handling for MFA-verified sessions
    • Implement remember-device functionality

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions