id: authentication-system-guide sidebar_label: Auth System Guide title: "Authentication System Guide" description: "Enterprise-grade authentication for ValkyrAI/ValorIDE: 2FA, password reset, OAuth, and security best practices." tags: [authentication, security, 2fa, oauth]

Authentication System Guide

Enterprise-grade authentication for ValkyrAI/ValorIDE: 2FA, password reset, OAuth, and security best practices.

Features

TOTP 2FA: Google Authenticator, Authy, Microsoft Authenticator
SMS OTP: Optional via Twilio/AWS SNS
Password Reset: Email token, 24h expiry
Backup Codes: 10 single-use recovery codes
Login Audit Trail: Full audit, anomaly detection
Account Lockout: Auto after 5 failed attempts
GitHub OAuth2: Seamless sign-in
Phone Verification: Optional
Password Strength: 12+ chars, upper/lower/number/special

How It Works

2FA (TOTP)

Generate secret & QR code for user
User scans QR with authenticator app
Validate 6-digit TOTP on login
Backup codes for recovery

Password Reset

User requests reset (email or username)
System emails secure token (24h expiry)
User sets new password via reset link

OAuth2 (GitHub)

User clicks "Sign in with GitHub"
OAuth2 flow exchanges code for JWT
JWT used for API access

Security Best Practices

Use strong, unique secrets for JWT and 2FA
Store secrets encrypted at rest
Enforce password policy
Monitor audit logs for anomalies
Rotate credentials regularly

See also: Authentication Quick Start

Features​

How It Works​

2FA (TOTP)​

Password Reset​

OAuth2 (GitHub)​