Two-factor authentication has no option to remember the device
Similar to most other 2FA implementations I've seen, it should be possible to remember the device and not prompt for 2FA again each and every time. This hits me particularly hard as I'm signing in frequently due to gitlab-ce#25350 - perhaps this won't really be an issue once that's solved. (Or perhaps the other way around.)
Proposal
Add the ability to toggle a trusted device on/off in profile/active_sessions
. Sessions created with trusted devices would not trigger a 2FA. This could be disabled on the instance by an administrator, defaulting to on.
Edited by Daniel Mora