Skills

email-and-password-best-practices

Installation
Summary

Email verification, password reset flows, and customizable password policies for Better Auth.

  • Supports email verification with optional enforcement to block sign-in until verified, plus configurable token expiration and single-use reset tokens
  • Password reset flows with built-in security: background email sending, timing attack prevention, dummy operations on invalid requests, and optional session revocation on reset
  • Configurable password length limits (default 8–256 characters) and custom hashing algorithms via pluggable hash and verify functions
  • Requires absolute callback URLs and sendVerificationEmail / sendResetPassword functions to integrate with your email provider
SKILL.md

Quick Start

  1. Enable email/password: emailAndPassword: { enabled: true }
  2. Configure emailVerification.sendVerificationEmail
  3. Add sendResetPassword for password reset flows
  4. Run npx @better-auth/cli@latest migrate
  5. Verify: attempt sign-up and confirm verification email triggers

Email Verification Setup

Configure emailVerification.sendVerificationEmail to verify user email addresses.

import { betterAuth } from "better-auth";
import { sendEmail } from "./email"; // your email sending function
Installs
19.6K
Repository
better-auth/skills
GitHub Stars
195
First Seen
Feb 10, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
email-and-password-best-practices — better-auth/skills