Security

Enterprise-grade security features to protect your application and users.

Overview

Learn about all security features available in AuthCore

Account Lockout

Protect against brute force attacks with automatic lockouts

Email Restrictions

Control who can sign up with allowlists and blocklists

Sign-up Modes

PUBLIC, RESTRICTED, and WAITLIST sign-up strategies

User Enumeration Protection

Prevent attackers from discovering valid user accounts

Security Features at a Glance

🔒 Account Lockout

Automatic lockout after failed login attempts

📧 Email Control

Allowlist/blocklist email patterns

🚫 Disposable Email Blocking

Block temporary email providers

🔐 Two-Factor Authentication

TOTP-based 2FA with backup codes

🛡️ User Enumeration Protection

Consistent error messages

📊 Audit Logging

Track all security-related events

🔑 Password Policies

Configurable password requirements

📱 Device Management

Track and revoke active sessions

Quick Links

SecuritySettings Component →

UI for configuring security

Security API →

Manage security programmatically