Password-Based Authentication

Let users sign in with email and password - the classic authentication method everyone knows and trusts!

What is Password Auth?

Password authentication allows users to:

• Create accounts with email + password
• Sign in using their credentials
• Reset forgotten passwords via email
• No magic links or OAuth required

When to Use Password Auth

Perfect for:

• Enterprise/B2B apps - Many businesses prefer passwords
• Security-conscious users - Some users trust passwords more
• Mobile-first apps - Easier than checking email for magic links
• International users - Works without reliable email access

Consider alternatives for:

• Quick signups (magic links are faster)
• Less tech-savvy users (OAuth is simpler)
• Apps targeting developers (they love passwordless)

Enable Password Authentication

Super simple - just flip a switch!

Step 1: Update Config

Open src/lib/config.ts and enable password auth:

auth: {
  enablePasswordAuth: true, // Enable password login
},

Step 2: That's It!

Your app now supports password authentication! Users will see:

• Sign Up - Email + password fields
• Sign In - Email + password login
• Forgot Password - Password reset flow

What Happens Behind the Scenes

When you enable password auth:

Security Features

• bcrypt Hashing - Passwords are securely hashed, never stored plain
• Salt + Pepper - Extra security layers
• Secure Reset Flow - Time-limited password reset tokens

User Experience

• Clean, modern login UI
• Helpful validation messages
• Password confirmation on signup
• Auto-focus and keyboard shortcuts

Email Flows

• Welcome email on signup
• Password reset emails
• Email verification on signup

Password Reset Flow

Built-in password reset is fully functional:

How it works:

1. User clicks "Forgot Password"
2. Enters their email
3. Receives reset link via email
4. Clicks link, sets new password
5. Automatically logged in

Security:

• Reset links expire after 30 minutes
• One-time use tokens
• Email verification on signup