Use MFA, blocking functions, and cross-service Security Rules

Learn about Firebase security features, including multi-factor authentication (MFA), blocking functions, cross-product Security Rules, and App Check.

Learn how Authentication combines something the user knows, like a password, and something the user has, like a physical phone that can receive text messages. Learn how blocking functions let you customize authentication logic.

Learn how to implement multi-factor authentication and create custom auth requirements with blocking functions.

Learn how Security Rules protects your app and users from malicious actors. Learn about attribute-based access control, custom claims, and cross-service Security rules that allow you to write rules that query your Firestore database within the rules for your Firebase storage.

Learn how to secure a simple blog platform built on Firestore. Use the Firestore emulator to run unit tests against the Security Rules, and ensure that the rules allow and disallow the access you expect.

Learn how App Check offers protection by attesting whether traffic comes from your app on a real device, and how you can enable and enforce App Check on the first production version of your app.

Learn how to monitor Firebase Security Rules and App Check with Cloud Monitoring.