Don't ask for 2FA every sign in for know, trusted device
Problem to solve
I understand getting automatically logged out when my session expires and I value the security two factor authentication brings. However, it is quite annoying to have to dig my phone out to enter a 2FA code every time my session expires. My request is to add an option to disable 2FA for a know / trusted device.
Intended users
Users with 2FA.
Further details
This would enhance user experience and remove potential sign-in-related frustration.
Proposal
Add an option to disable 2FA for known devices. Maybe a checkbox like "Remember me" with "Don't ask again for this device" or somewhere in settings once logged in.
Permissions and Security
I don't think you would need any special permission to disable this. Maybe it could be configurable for an organisations policy.
Documentation
This should be added to the documentation here.
Testing
This could negatively affect sign-in or weaken security, which is admittedly not at all good.
What does success look like, and how can we measure that?
More / faster sign-ins. More recurring users.