You're building something. You need users to log in. That means authentication.
Three ways to handle it. Let me break down the actual costs and time, because most people get this wrong.
Option 1: Build It Yourself
You sit down and write auth from scratch. Password hashing, email verification, password resets, sessions, tokens, rate limiting, OAuth integration. All of it.
What You're Actually Doing
This takes 2+ months minimum. You need password hashing, email verification flows, password resets, secure session handling, token refresh logic, rate limiting against bots, account recovery. And that's before you add social login or 2FA.
Then you become the auth expert forever. Security patches come out. Bugs surface. You're maintaining this thing indefinitely.
The Time Sink
Building auth properly is a 2+ month commitment. Seriously. Not 2 weeks. Two full months if you know what you're doing.
And honestly? Most people building this aren't security experts. So you're probably introducing bugs. It's easy to introduce security holes if you're not familiar with auth development. Little things like preventing user enumeration attacks, setting proper lockout intervals, and HTTPS handling have massive security impact.
When to Do This
Almost never. Unless:
You have a dedicated security team
You work in healthcare/finance and have specific regulatory requirements
Your auth needs are so weird that nothing else fits
Everyone else? Don't.
Option 2: Hosted Auth Services
You use Clerk, Auth0, Firebase, or Supabase. Point your users to their login page. Done.
They handle everything. You focus on your product.
Here's the Thing
It's genuinely fast. Like, 30 minutes to have working auth. Copy some code, set a few env variables, you're done. Then you get back to building your actual app.
Zero infrastructure. Zero security worries. Zero maintenance.
Sounds perfect, right?
Then you grow.
The Pricing (Real Numbers)
Clerk (actual 2025 pricing):
Free: $0/month (up to 10,000 MAU, 100 organizations)
Pro: $25/month base, then $0.02 per MAU above 10k
Enhanced Auth add-on: $100/month (MFA, device tracking, SSO)
Enhanced Admin add-on: $100/month (user impersonation, audit logs)
Organizations: $1 per MAO above 100
Auth0:
Free: No credit card
Essentials: $175/month (up to 2,500 MAU)
Professional: $545/month (up to 2,500 MAU)
Enterprise: Custom (usually $1500+/month)
Firebase:
Free: Up to 49,999 MAU
Beyond: $0.0055 per MAU (50k-99k), $0.0046 per MAU (100k+)
Supabase:
Free: 50,000 MAU
Pro: $25/month (includes 100,000 MAU)
Beyond 100k: $0.00325 per MAU
Let's Do the Math
At 10,000 users:
Clerk: Free
Auth0: $175/month
Firebase: Free
Supabase: Free
At 50,000 users:
Clerk: $25 + (40k × $0.02) = $825/month
Auth0: $175/month
Firebase: $275/month
Supabase: Free (under 100k)
At 100,000 users:
Clerk: $25 + (90k × $0.02) = $1,825/month
Auth0: $545/month
Firebase: $460/month
Supabase: $25/month
Over 3 years at 100,000 users:
Clerk: $1,825 × 36 = $65,700
Auth0: $545 × 36 = $19,620
Firebase: $460 × 36 = $16,560
Supabase: $25 × 36 = $900
See it now? Clerk especially. You start free. By 50k users you're paying $825/month. By 100k you're paying almost $2k/month. That's expensive.
The Lock-In
Here's the annoying part: you're now locked in. Their API. Their UI decisions. Their pricing changes.
Want to leave? You have to migrate thousands of users. Export data. Reformat passwords (hard). Rebuild your login flow. Pray nothing breaks.
One founder regretted Auth0 because bots ate their auth quota and locked out real users. Auth0 told them "upgrade to enterprise for bot detection" ($20k/year). Can't fix it yourself. You're just stuck.
When This Actually Makes Sense
You need auth working today and have 4-6 hours
Actually more like 30 minutes if you use Supabase or Clerk
You have <10,000 users and will probably stay there
You're bootstrapped and validating an idea (cost doesn't matter yet)
Your team has zero infrastructure experience
You're funded and velocity matters more than cost right now
Option 3: Self-Hosted Auth SDK
You install a library. You run it on a cheap server. You own everything.
Examples: Better Auth, SuperTokens, Keycloak.
What You Actually Get
Email/password auth, social login, 2FA, passkeys, multi-tenancy, SSO, everything you'd expect.
Real companies use this. Dokploy (17.5k stars) uses it for multi-tenant auth with 2FA. Not some hobbyist library. Production code.
Time to Get It Working
Honest answer: 1-2 hours if you know your framework. 3-4 hours if you're learning.
You:
Install package (5 mins)
Add env variables (5 mins)
Run database migrations (10 mins, usually one command)
Copy auth config (20 mins, mostly paste from docs)
Mount the API route (10 mins, different for each framework)
Build login pages (30-60 mins)
Deploy (30 mins)
Documentation is actually good. Multiple framework guides. Migration tutorials from other platforms.
The Infrastructure Costs
OVH Cloud VPS (actual current pricing, 2025):
VPS-2: $6.75/month (2 vCore, 4GB RAM, 100GB SSD)
VPS-3: $12.75/month (4 vCore, 8GB RAM, 160GB SSD) ← This one for production
VPS-4: $22.08/month (6 vCore, 16GB RAM, 240GB SSD)
Includes:
Daily backups
Unlimited traffic
Uptime SLA
Everything you need
Your total:
Server: $12.75/month
Database: Included
Auth library: $0
Domain: ~$10/year
Monthly: $12.75. Yearly: $153.
Real Cost Scenarios
At 10,000 users:
Self-hosted: $12.75/month
Clerk: Free
Auth0: $175/month
Firebase: Free
Supabase: Free
At 50,000 users:
Self-hosted: $12.75/month
Clerk: $825/month
Auth0: $175/month
Firebase: $275/month
Supabase: Free
At 100,000 users:
Self-hosted: $12.75/month (or $22.08 if you upgrade)
Clerk: $1,825/month
Auth0: $545/month
Firebase: $460/month
Supabase: $25/month
3 years at 100,000 users:
Self-hosted: $12.75 × 36 = $459
Clerk: $1,825 × 36 = $65,700
Auth0: $545 × 36 = $19,620
Firebase: $460 × 36 = $16,560
Supabase: $25 × 36 = $900
You save $65,241 compared to Clerk. $19,161 compared to Auth0.
What's Your Job?
You manage:
The server (but OVH handles most of it automatically)
Database backups (OVH does this, or script it in 10 mins)
Deploying updates (git push)
Basic monitoring (ping once a week, setup alerts)
You're NOT managing:
Crypto stuff (the library does it)
Password hashing (the library does it)
OAuth integration (the library does it)
Security patches (you run
npm updateonce a month)
When This Makes Sense
You're building something real and expect to scale
You care about costs (and you should)
You want to own your data
You can spare 1-2 hours for setup
You don't want to be locked into someone's pricing
You're comfortable with basic server stuff (it's not hard)
Comparison Table
Build It | Hosted (Clerk, Auth0) | Self-Hosted SDK | |
|---|---|---|---|
Time to launch | 2-3 months | 30 mins | 1-2 hours |
Cost at 10k users/month | $0 | $0-175 | $12.75 |
Cost at 50k users/month | $500-2000 | $175-825 | $12.75 |
Cost at 100k users/month | $500-2000 | $545-1825 | $12.75-22 |
3-year cost at 100k | $50,000+ | $16,560-65,700 | $459 |
You manage security | 100% | 30% | 70% |
You manage infrastructure | 100% | 0% | 80% |
Locked into vendor | No | Yes | No |
Easy to leave later | N/A | Painful | Easy |
Real-World Scenarios
You're a Startup, Pre-Seed
Use Clerk or Firebase (free tier).
Why: You need to move fast. You have zero users. Cost is literally irrelevant. You need every hour for product. 30 minutes of setup, get back to work.
Cost: $0/month (free tier)
Timeline: Get to 10k users, then reassess
Move on.
You're an Indie Hacker
Use self-hosted SDK.
Why: You're bootstrapped. You'll eventually have 50k+ users. You care about money. Spending 2 hours now saves you $65k over 3 years.
Cost: $153/year
Math: Your 2 hours of work = $65,000+ saved. That's a $32,500/hour ROI.
Do the math on your hourly rate. It makes sense.
You're Series A, Funded
Use Clerk/Auth0 now, migrate later.
Why: You're funded. Velocity matters. You can afford $300-800/month for auth right now. Later when you're Series B and costs hurt, migrate to self-hosted and pocket the difference.
Cost: $5,000-10,000/year now, then optimize
Timeline: 30 mins to launch, optimize in year 2
You're a Big Company
Use self-hosted SDK + custom infrastructure.
Why: At scale, even $1000/month adds up. You need custom control anyway.
Cost: $50-100/month (VPS) + internal team
So Which One?
I'd recommend self-hosted SDK for 90% of projects.
Here's why:
Costs don't explode. $153/year regardless of whether you have 1,000 users or 1,000,000.
You own your data. User information lives in your database. Not someone's cloud.
No vendor lock-in. Code is open source. Data is yours. Leave whenever.
Setup is fast enough. 1-2 hours isn't that much slower than 30 mins.
You actually learn stuff. You understand how auth works now.
The savings are insane. $65k over 3 years. That's real money for a bootstrap.
The Real Decision Tree
Do you need auth working in the next 30 minutes?
Yes → Use Clerk/Firebase
No → Continue
Are you expecting to scale to 50k+ users?
Yes → Self-hosted SDK (save $65k vs Clerk)
No → Clerk/Firebase is fine
Are you bootstrapped or funded?
Bootstrapped → Self-hosted (money matters)
Funded → Use Clerk now, migrate later
Do you want to own your data?
Yes → Self-hosted
No → Hosted service is fine
How to Actually Get Started
Self-hosted SDK:
Better Auth: https://better-auth.com/docs/installation
SuperTokens: https://supertokens.com/docs/guides
Keycloak: https://www.keycloak.org/documentation
VPS providers:
OVH: https://www.ovhcloud.com/vps (~$12/month)
Hetzner: https://www.hetzner.com/cloud (~$5-10/month)
Linode: https://www.linode.com (~$5-10/month)
DigitalOcean: https://www.digitalocean.com/products/droplets (~$5-10/month)
Pick a framework (Better Auth if TypeScript, Keycloak if Java/enterprise), rent a VPS, follow the docs.
Total time: 1-2 hours. Total cost: $153/year.
The Bottom Line
Auth isn't your product. It's infrastructure. The question is: how much do you want to pay for it?
Hosted services: Pay $16k-65k over 3 years to not think about it. Ship in 30 mins.
Self-hosted SDK: Spend 2 hours now, save $16k-65k later. Own your data.
Build it yourself: 2 months of your life, then you're the auth expert forever. Don't do this.
Pick based on where you actually are, not where you think you'll be.
Validating an idea? Hosted service. Ship fast.
Building something real that will scale? Self-hosted. That $65k savings is real money.
That's it.