Two-factor authentication should last longer than the login.

Two-factor authentication is much slower than the username/password login (which is usually auto-filled), and thus should not be required every time the user logs in. For example, Google allows me to remember the second factor for 30 days, whereas Gitlab forces me to enter it every login. Combined with the short authentication duration (a day, I believe?), this is a huge hassle, and makes me dread logging in to Gitlab.

The second factor should be remembered for a much longer duration (and extending the default session duration to more than a day isn't a bad idea either).