Feature #18032
open
2FA required on every log in/log out sequence
Added by Raffi Khatchadourian about 2 years ago.
Updated 2 months ago.
Category name:
Authentication
Description
I have to enter an OTP each time I log out and log back in, even on the same browser. Shouldn't I only be required to enter the OTP when the machine ID changes (using a different or upgraded browser). Shouldn't the second factor only be used when the device is unrecognized?
- Tracker changed from Bug to Feature
- Category name set to Authentication
- Status changed from New to Hold
- Assignee set to Raymond Hoh
- Target version set to Future release
The current 2FA plugin we use is developed by the WordPress.org community, which is one of the reasons why we chose it. The community will probably implement this feature in the future, but I guess this feature is not in their immediate roadmap.
If we were to go with another 2FA solution, we would have to ensure that all current 2FA user configurations can be migrated properly to the new one and also we would have to ensure that our custom frontend implementation will work as well. I'll relay this request to the team, but I think this isn't something we can immediately do.
Also available in: Atom
PDF