At the very least you could allow a 2FA authorization to apply for 30 days (or a week, or even just for one day). Requiring username, password, and 2FA multiple times per day on a secure device within the same browser session is ludicrous! You set cookies, please use them.
At the very least you could allow a 2FA authorization to apply for 30 days (or a week, or even just for one day). Requiring username, password, and 2FA multiple times per day on a secure device within the same browser session is ludicrous! You set cookies, please use them.