2FA required on every log in/log out sequence
I have to enter an OTP each time I log out and log back in, even on the same browser. Shouldn't I only be required to enter the OTP when the machine ID changes (using a different or upgraded browser). Shouldn't the second factor only be used when the device is unrecognized?
Updated by Raymond Hoh 5 months ago
- Tracker changed from Bug to Feature
- Category name set to Authentication
- Status changed from New to Hold
- Assignee set to Raymond Hoh
- Target version set to Future release
The WordPress 2FA plugin that we currently use does not support remembering a trusted device yet. See https://github.com/WordPress/two-factor/issues/230.
Once this feature is available in the plugin, we can circle back to this.