Enable 2FA by default for all users
Is there a way to enable 2FA by default for all users who sign up to my app? @Better Auth
2 Replies
Currently, Better Auth doesn't provide a built‐in configuration option to automatically enable 2FA for every new user on sign up. Instead, 2FA has to be explicitly enabled by the user (or triggered by your own custom logic) using the twoFactor.enable method, which then returns the TOTP URI and backup codes [1].
If you want to enforce 2FA as a mandatory step immediately after sign-up, you'll need to implement an onboarding flow that automatically prompts users to complete the 2FA setup—essentially calling the twoFactor.enable endpoint and guiding them through the verification process. This way, you can effectively require 2FA even though it isn't auto‑enabled at the configuration level.
Let me know if you need any more details on designing such a flow!
Sources:
[1] Two-Factor Authentication (2FA) | Better Auth
Two-Factor Authentication (2FA) | Better Auth
Enhance your app's security with two-factor authentication.
Nothing you can really do apart from limiting user abilities if not 2fa enabled