auth-security-patternslisted

# Auth Security Patterns This skill enforces authentication security best practices for Better Auth implementations. ## Password Security ### Strong Password Policy ```typescript import { betterAuth } from 'better-auth' export const auth = betterAuth({ emailAndPassword: { enabled: true, password: { minLength: 12, maxLength: 128, requireLowercase: true, requireUppercase: true, requireNumber: true, requireSpecialChar: true, // Custom validation validate: (password) => { // Check against common passwords if (commonPasswords.includes(password.toLowerCase())) { return 'Password is too common' } // Check for repeated characters if (/(.)\1{2,}/.test(password)) { return 'Password cannot have 3+ repeated characters' } return true }, }, }, }) ``` ### Password Hashing ```typescript // Better Auth uses bcrypt by default with cost factor 10 // For higher security requirements: export const auth = betterAuth({ advanced: { password: { hash: async (password) => { const salt = await bcrypt.genSalt(12) // Higher cost return bcrypt.hash(password, salt) }, verify: async (password, hash) => { return bcrypt.compare(password, hash) }, }, }, }) ``` ## Rate Limiting ### Global Rate Limiting ```typescript import { rateLimit } from 'better-auth/plugins/rate-limit' export const auth = betterAu