Multi-Factor Authentication (MFA)
Add an extra layer of security to your application with MFA.
Supabase's Multi-Factor Authentication (MFA) adds an extra layer of security to your application by verifying user identity through additional steps beyond the initial login.
Key features
- Multiple authentication methods: Support for App Authenticator (TOTP) and phone messaging.
- Flexible enrollment: API for building custom MFA setup interfaces.
- Challenge and Verify APIs: Securely validate user access to additional factors.
- Authenticator Assurance Levels: JWT claims (aal1, aal2) to indicate the level of identity verification.
- Customizable enforcement: Options to enforce MFA for all users, new users only, or opt-in basis.
- Database integration: Row Level Security policies to enforce MFA rules at the database level.
Benefits:
- Enhanced security: Significantly reduce the risk of unauthorized account access.
- User trust: Demonstrate a commitment to protecting user data and privacy.
- Compliance support: Meet security requirements for regulated industries.
- Flexible implementation: Customize MFA flows to suit your application's needs.
MFA is particularly valuable for:
- Financial services and banking applications
- Healthcare platforms managing protected health information
- Enterprise applications with access to confidential business data
- E-commerce sites protecting user payment information
- Any application storing sensitive user data
Supabase's MFA feature provides a robust tool for enhancing application security, allowing developers to implement strong authentication measures tailored to their specific requirements.