Adding MFA to your app has never been easier... If you've already implemented Clerk, all you have to do is flip a switch.
We've extended our MFA offering to include Time-based one-time-passwords, also known as "TOTP", or, "authenticator apps." TOTP works with almost all modern authenticator apps, such as google authenticator, authy, 1password, hardware devices, and more.
While we've always had MFA w/ SMS, TOTP is a more secure alternative, although harder for some customers to use, and the best security is often security that someone uses1
For this reason, in our own "Clerk Dashboard" We're allowing MFA with either TOTP or SMS. So, go make your clerk account more secure, then let your customers do the same for your app!
You can enable TOTP by going to the clerk dashboard and then:
Configure > Users & Authentication > Multi-factor > Authenticator Apps
How it looks in our new user profile component:
Thanks to the contributors: Mark Pitsilos, Haris Chaniotakis
On the Clerk dashboard you'll notice a few things moved. Webhooks now have their own home in the sidebar, as do instance-level settings.
We're going to be exposing smaller beta features through this settings page. As of now we have introduced the following settings
Disable "Have I Been Pwned" password protection
Enable test mode (this lets you use "fake" emails and phone numbers to sign in, very useful for E2E Testing, on by default for dev instances)
Thanks to the contributors: John Raptis, Sokratis Vidros