I've made a couple of changes to the MFA login:
- The code is now valid for 30 minutes (not just 10). This might help reduce stress if you're looking for a code that might have gone to a spam folder or similar.
- If you tick Remember Me when logging in, and then complete the MFA challenge, then it will remember that you've done that in that browser for six months.
The remembering is done by storing a cookie in the browser. And so:
- If you log out and log in again without ticking Remember Me then it'll require the MFA next time you log in.
- If you clear cookies in the browser (or use a different browser) then it'll require MFA.
Hopefully this improves the balance between security and convenience! I may tweak it again in future if the balance doesn't feel quite right.
(You can also ask Voicebot for more information about multi-factor authentication)
Thanks
Joe
