How to deal with Authentication
Tactics to overcome 2FA and other Authentication flows.
Authentication flows, along with anti-bot detection, add complexity to automation. Two-factor authentication and captchas are challenging to overcome, and regular authentication flows slow down automation.
Browserbase has some built-in features to tackle automation, like Stealth mode and reuse of session cookies. We also partner with Anon, which provides a comprehensive authentication solution for many websites.
Using Anon to handle Authentication
Anon is an authentication platform that partners with Browserbase to easily handle authentication flows across many websites.
To learn more about using Anon to handle authentication, or to see the list of currently-supported websites, check out Anon’s developer docs.
Accessing an authentication flow with Stealth Mode
Most authentication flows implement mechanisms to prevent automation and scraping:
- IP addresses restrictions
- User Agent filtering
- Captchas (ex: Clerk now features a Captcha on all authentication flows)
- Rate limiting
When running your own Browser, dealing with the above requires setting up IP rotations with Proxies along with Captcha solving and fingerprinting code or libraries.
By connecting your automation to Browserbase, you get opt-in Proxies, automatic fingerprinting, and Captcha solving without any code change:
Speed up your automation by re-using cookies
Some websites or web apps rely on cookies-based Sessions, which can be easily retrieved and re-used to speed up your automation.
The code snippet below showcases how to retrieve and set cookies to avoid your automation to go through the authentication flow at each run:
Dealing with two-factor authentication
Two-step verification (via authenticator apps or SMS) or magic links require human intervention in the loop. Here are some tactics to cope with 2FA:
Disable 2FA or create an app password
This approach only applies to authentication flows owned by your team or company.
For an internal tool, try to turn off the two-step verification.
For an authentication flow requiring some level of security, try to create an app password.
Enable Remote Control of your Session
If a two-step verification mechanism cannot be bypassed or disabled, you should consider handing back the control to the end user by leveraging the Session Live URLs.
Taking a Session's Remote Control with Session Live View
Let your end users complete the two-step verification process as part of your automation.
Was this page helpful?