Plans to support proper 2FA such as FIDO or Passkeys?

The in-built e-mail second factor is not as reliable and requires to store e-mail account data on the website which is not ideal from a security perspective.

Is there a plan to integrate proper 2FA such as generation of QR-Codes for TOTP or even FIDO/Passkey Support built-into Kirby? IHMO this is so super important nowadays that this should be done.


Not that I’m aware of, at the moment the focus is on the release of Kirby 4, so any new features would have to wait until after this release.

Feel free to create a feature request on

Done: Support modern authentication: FIDO/Passkeys, TOTP, OTP etc · Kirby Feedback (

However, I think that such a crucial security point should not be voted on, it should be built-in on a serious plattform such as Kirby.

</Strong suggestion rant end>

You could have a look at implementnig auth challenges as described in the docs:

Thank you I have seen this but I am not a professional programmer so I will not try to implement authentication on my own that is too risky. Neither should people who don’t know Kirby as well as the core team does that is why I am saying this should absolutely be a core feature.

1 Like

Agreed. 2FA should be the standard these days. I suppose in lieu of such a feature, it’s important to keep good backups, so if the worst does happen, you can always restore.

We are in the year 2023 and this should be self-evident :thinking: I’d recommend version control systems like Git.

Something can always go wrong, even if you are not hacked.

1 Like

Loosing the content might be painful but is nothing compared to other things than can happen. For example: you have third party integrations with APIs key such as your CRM or newsletter system and a hacker steals customer data. Or you saved access data to an e-mail account, opening up a whole different can of worms. Or what about payment systems? The list goes on and on.

Good news, seems to be coming in v4 :slight_smile: See Thread on Discord

At least TOTP - Passkeys we’d like but maybe later, not 4.0

1 Like

True but at least TOTP :slight_smile: :+1: