hectoday
DocsCoursesChangelog GitHub
DocsCoursesChangelog GitHub

Access Required

Enter your access code to view courses.

Invalid code

← All courses

Two-Factor and Passwordless Auth with @hectoday/http

Add TOTP, magic links, passkeys, and recovery codes to your auth system. Build a multi-method login flow where users choose their security level.

Intermediate ~7 hours

Why Passwords Are Not Enough

  1. The Problem with Passwords
  2. Project Setup

TOTP (Time-Based One-Time Passwords)

  1. How TOTP Works
  2. Generating Secrets and QR Codes
  3. Enabling 2FA on an Account
  4. Verifying TOTP on Login
  5. Time Windows and Clock Drift

Recovery

  1. Recovery Codes
  2. Disabling 2FA
  3. Account Recovery When Everything Is Lost

Magic Links

  1. How Magic Links Work
  2. Building Magic Link Login
  3. Security Considerations

WebAuthn and Passkeys

  1. What Are Passkeys?
  2. Registration Flow
  3. Authentication Flow
  4. Passkeys as Second Factor or Primary

Putting It All Together

  1. Multi-Method Auth
  2. Auth Method Checklist and Capstone

© 2026 hectoday. All rights reserved.