Skip to content

Add Two-Factor Authentication (2FA) Support #39

Open
Open
Add Two-Factor Authentication (2FA) Support#39

Description

@laminko
laminko
opened on Jun 22, 2025

Feature: Two-Factor Authentication (2FA) Support

Overview

Add Two-Factor Authentication as an additional security layer for authenticated users in the Settings page.

Parent Issue

Part of #37 - Add Settings Page with Authentication and User Management

Requirements

2FA Setup Flow

  • Add "Enable 2FA" option in Settings page (authenticated users only)
  • QR code generation for TOTP apps (Google Authenticator, Authy, etc.)
  • Manual secret key entry option as backup
  • Verification step during setup (user enters code to confirm)
  • Success confirmation with backup codes

2FA Management

  • Display 2FA status (enabled/disabled) in Settings
  • "Disable 2FA" option with password confirmation
  • Regenerate backup codes functionality
  • Clear visual indicators of 2FA protection status

Authentication Flow

  • Prompt for 2FA code during sign-in (if enabled)
  • Backup code entry option
  • "Trust this device" option (optional)
  • Proper error handling for invalid codes

Technical Implementation

  • Integrate with Supabase Auth 2FA capabilities
  • Update useAuth.ts composable for 2FA flows
  • Add 2FA status to user profile state
  • Implement TOTP token validation
  • Generate and store backup codes securely

UI Components

  • 2FA setup modal with QR code display
  • 2FA management section in Settings
  • Code input component for verification
  • Backup codes display modal
  • Status indicators and help text

Acceptance Criteria

  • Users can enable 2FA from Settings page
  • QR code works with major authenticator apps
  • 2FA is required for sign-in when enabled
  • Users can disable 2FA with proper verification
  • Backup codes provide alternative access method
  • Clean, intuitive UI following Ionic design patterns
  • Proper error handling and user feedback
  • Mobile-responsive implementation

Technical Notes

  • Use Supabase's built-in MFA (Multi-Factor Authentication) features
  • Follow TOTP standard (RFC 6238) for compatibility
  • Implement secure backup code generation and storage
  • Consider rate limiting for code verification attempts
  • Ensure proper cleanup when 2FA is disabled

Priority

Medium - Security enhancement, not core functionality

Related Issues

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions