Changelog August 5, 2022
MFA w/ Authenticator apps, and introducing a new settings page, with some new options.
MFA w/ Authenticator apps
Adding MFA to your app has never been easier... If you've already implemented Clerk, all you have to do is flip a switch.
We've extended our MFA offering to include Time-based one-time-passwords, also known as "TOTP", or, "authenticator apps." TOTP works with almost all modern authenticator apps, such as google authenticator, authy, 1password, hardware devices, and more.
While we've always had MFA w/ SMS, TOTP is a more secure alternative, although harder for some customers to use, and the best security is often security that someone uses1
For this reason, in our own "Clerk Dashboard" We're allowing MFA with either TOTP or SMS. So, go make your clerk account more secure, then let your customers do the same for your app!
You can enable TOTP by going to the clerk dashboard and then:
Configure > Users & Authentication > Multi-factor > Authenticator Apps
How it looks in our new user profile component:
On the Clerk dashboard you'll notice a few things moved. Webhooks now have their own home in the sidebar, as do instance-level settings.
We're going to be exposing smaller beta features through this settings page. As of now we have introduced the following settings
- Disable "Have I Been Pwned" password protection
- Enable test mode (this lets you use "fake" emails and phone numbers to sign in, very useful for E2E Testing, on by default for dev instances)