Two-factor authentication has no option to remember the device

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Similar to most other 2FA implementations I've seen, it should be possible to remember the device and not prompt for 2FA again each and every time. This hits me particularly hard as I'm signing in frequently due to gitlab-ce#25350 - perhaps this won't really be an issue once that's solved. (Or perhaps the other way around.)

Proposal

Add the ability to toggle a trusted device on/off in profile/active_sessions. Sessions created with trusted devices would not trigger a 2FA. This could be disabled on the instance by an administrator, defaulting to on.