← Back to Skills Marketplace
stevenfengli

Two Factor Authentication Best Practices

by Steven Lee · GitHub ↗ · v0.1.0
cross-platform ✓ Security Clean
409
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install twofactor
Description
This skill provides guidance and enforcement rules for implementing secure two-factor authentication (2FA) using Better Auth's twoFactor plugin.
Usage Guidance
This skill is an instructional guide and appears internally consistent, but exercise normal caution before using any third-party auth guidance: 1) Verify the authenticity and security record of the better-auth package and its CLI (review its repository, npm package, and maintainers) before installing into production. 2) Ensure you implement secure sendEmail/sendOTP delivery and protect any mailer credentials separately. 3) Run database migrations in a safe way (backup data first) and review what fields/tables are added. 4) Store OTPs/backup codes using encrypted or hashed storage as recommended; display backup codes only once and advise users to save them. 5) Avoid skipVerificationOnEnable in production unless you understand the recovery/attack tradeoffs. 6) Confirm rate limits, allowedAttempts, and trust-device settings align with your threat model. The skill itself makes no surprising requests, but you should audit the actual dependencies and your implementation before deployment.
Capability Analysis
Type: OpenClaw Skill Name: twofactor Version: 0.1.0 The skill bundle provides documentation and code examples for implementing two-factor authentication using the 'better-auth' library. The `SKILL.md` file contains no prompt injection attempts against the AI agent, nor does it include any malicious code snippets, data exfiltration, persistence mechanisms, or other harmful behaviors. The content is purely instructional, focuses on security best practices, and appears to be a legitimate guide for developers.
Capability Assessment
Purpose & Capability
Name/description match the SKILL.md content: all examples and guidance relate to configuring Better Auth's twoFactor plugin. The skill does not request unrelated credentials, binaries, or config paths.
Instruction Scope
Runtime instructions are limited to library usage, configuration options, and example handlers (e.g., sendOTP via sendEmail). There are no instructions to read unrelated files, exfiltrate data, or call unexpected external endpoints.
Install Mechanism
No install spec and no code files — instruction-only content. Nothing will be downloaded or written to disk by the skill itself.
Credentials
The skill declares no environment variables or credentials. The examples reference implementing a sendEmail function and database migrations, which are expected for a 2FA integration and do not require hidden credentials from the skill itself.
Persistence & Privilege
The skill does not request persistent presence (always is false) and does not attempt to modify other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install twofactor
  3. After installation, invoke the skill by name or use /twofactor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of the two-factor-authentication-best-practices skill. - Provides guidance and usage examples for implementing secure two-factor authentication (2FA) with Better Auth's twoFactor plugin. - Covers setup for TOTP (authenticator app), OTP (email/SMS), backup codes, and trusted devices. - Includes best practices for client and server integration. - Explains secure code delivery, verification, backup code generation, and recovery flows. - Outlines recommended security considerations and session management during the 2FA process.
Metadata
Slug twofactor
Version 0.1.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Two Factor Authentication Best Practices?

This skill provides guidance and enforcement rules for implementing secure two-factor authentication (2FA) using Better Auth's twoFactor plugin. It is an AI Agent Skill for Claude Code / OpenClaw, with 409 downloads so far.

How do I install Two Factor Authentication Best Practices?

Run "/install twofactor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Two Factor Authentication Best Practices free?

Yes, Two Factor Authentication Best Practices is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Two Factor Authentication Best Practices support?

Two Factor Authentication Best Practices is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Two Factor Authentication Best Practices?

It is built and maintained by Steven Lee (@stevenfengli); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments