How can i enforce 2FA when a user log in?

anibal · April 24, 2025, 4:42pm

For example on passwordless login:

const web3authProvider = await web3auth.connectTo(WALLET_ADAPTERS.AUTH, {
      loginProvider: "email_passwordless",
      extraLoginOptions: {
        login_hint: email.trim(),
      },
    });

how i can enforce go though the 2FA to authenticate ??

w3abot · April 24, 2025, 4:43pm

Thanks for your question, Anibal! I see you’re using the Plug n Play (PnP) SDK with passwordless email login and are interested in enforcing 2FA during user authentication.

Here’s what you need to know:

Currently, Web3Auth’s passwordless login flow (email) provides a secure authentication by default (e.g., via OTP sent to the email). Out-of-the-box, additional 2FA (such as requiring a secondary code or authenticator app) at the authentication step is not directly supported by the Web3Auth Plug n Play SDK.
You can learn more about the available login methods and 2FA options in the Web3Auth docs – Authentication Factors & Security.
For most Plug n Play flows, 2FA support is either built-in (like OTP to email) or not available for direct configuration by developers. If you require a stricter 2FA enforcement, you may need to implement a custom authentication flow on your backend, and then use Custom Authentication with relevant JWTs or SSO providers.

Next steps:

If you’re considering a custom solution, could you specify if you’re using any backend for authentication or are you open to integrating an identity provider that supports 2FA?
If you’re looking for 2FA features within Web3Auth Plug n Play specifically, please note it’s not currently configurable to explicitly require a second factor beyond email OTP.

Let me know if you want guidance on moving to the Custom Auth route or if you have a specific provider in mind! Your use case can also be considered as a feature request—happy to forward your feedback to the team.

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

Additionally, we would recommend you to join our biweekly Office Hours to get this resolved even faster. Web3Auth Developer Office Hours

anibal · April 24, 2025, 5:07pm

Not Found on your link: Web3Auth docs – Authentication Factors & Security.

I don’t want a custom Auth. i just want to use the 2FA that a settup up in the first time

maharshi · April 28, 2025, 1:52am

Hey @anibal,
You can set the mfaSetting to compulsory so that all users who sign in are required to go through MFA onboarding and set up their MFA factors. However, users will only be asked for MFA factors in cases like switching devices, clearing browser cookies, or similar scenarios where the device share isn’t available.

Enforcing MFA at every login session is not something we currently support, and there’s no timeline for this feature yet.
If having a fresh authentication check at every login is critical for your app, you could design an additional step around your login flow — either before or after the Web3Auth login — to handle that separately.