Simulacrum

Two-factor authentication (TOTP)

Enable TOTP 2FA with better-auth’s 2FA plugin in generated Simulacrum apps.

Enable 2FA

Turn on the better-auth two-factor plugin in your auth configuration. Users enroll by scanning a QR code in an authenticator app.

User flow

  1. User signs in with primary method (password or OAuth).
  2. If 2FA is enabled, prompt for a TOTP code.
  3. On success, issue a full session.

Recovery

Ship one-time backup codes or account recovery via support flows. Document your policy in product copy.

Store TOTP secrets encrypted at rest. Never log OTP attempts with the secret material.

Related guides