A full-stack Secure Multi-Factor Authentication (MFA) system implementing modern authentication best practices.
The project demonstrates defense-in-depth security, combining password hashing, OTP-based MFA, JWT session management, and secure logout.
secure-mfa-auth/
├── backend/
│ └── (Node.js, Express, MongoDB API)
├── frontend/
│ └── (React, Vite, Tailwind UI)
- Secure user registration with bcrypt password hashing
- Brute-force protection with rate limiting and account lockout
- OTP-based Multi-Factor Authentication
- JWT access and refresh token mechanism
- Automatic token refresh and secure logout
- Protected frontend routes
- Clean, modern UI with Tailwind CSS
- Node.js
- Express.js
- MongoDB
- JWT
- bcrypt
- React (Vite)
- Tailwind CSS
- Axios
- React Router
Signup
↓
Login (Password)
↓
OTP Verification
↓
Access Token (short-lived)
Refresh Token (long-lived)
↓
Protected Resources
cd backend
npm install
node server.js
Runs on:
http://localhost:5000
cd frontend
npm install
npm run dev
Runs on:
http://localhost:5173
Test cred Email: test@example.com Password: Test@123
- Password and OTP hashing
- Rate limiting and account lockout
- MFA enforcement before token issuance
- Token refresh rotation
- Secure logout with server-side invalidation
- OWASP-aligned authentication design
- End-to-end MFA implementation
- Secure token-based authentication
- Frontend–backend integration
- Real-world security engineering practices
This project is intended for educational and learning purposes.
Cahal Agarwalla
GitHub: https://github.com/CaHHaL